Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

Abstract: Technology is described for preventing cryptovirus attacks in a computing service environment. Data patterns of both read and write operations are monitored for files during a predetermined time period. The data patterns related to the files are recorded during the monitoring. A machine learning model is constructed according to the recorded data to establish a data change probability for the plurality of files. An unexpected change is detected using the machine learning model according to the data change probability of the files having changed data. A warning notification is sent indicating the unexpected change is detected for the files.

Abstract: A cyber monitored control system includes a controller with a first processing resource operable to execute a control application for a controlled system. The cyber monitored control system also includes a cyber monitor with a second processing resource isolated from the first processing resource. The cyber monitor is operable to evaluate a plurality of inputs to the cyber monitored control system with respect to a cyber threat model, apply trending using the cyber threat model to distinguish between a fault and a cyber attack, and isolate one or more subsystems of the cyber monitored control system based on identifying the cyber attack.

Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: A secure key system is described that distributes a private key of a key server to an edge server for encryption on behalf of an owner of the private key when establishing a session with a client. To distribute the private key, the key server receives from the edge server a quote generated by a secure enclave of the edge server. The quote attests to code of the secure enclave. The key server verifies the quote to ensure that the code of the secure enclave is trusted code. The key server encrypts the private key using a key of the edge server and sends the encrypted private key to the code of the secure enclave. The code of the secure enclave decrypts the private key using its key. Untrusted code of the edge server then requests the code of the secure enclave to perform cryptographic actions using the private key.

Abstract: Embodiments for managing for managing access to computing system resources are described. A list of privileged users having access to a computing system privilege is received. The computing system privilege is associated with a set of privilege credentials. The receiving of a first set of credentials and a second set of credentials from a user attempting to access the computing system privilege is detected. The user is caused to be granted access to the computing system privilege only if the first set of credentials matches the set of privilege credentials and the second set of credentials is associated with one of the privileged users.

Abstract: Systems, methods, and computer-readable media for generating a keystream using media data and using the keystream to encrypt and decrypt messages are described herein. The keystream may be generated independently and at least partially in parallel by both a sender and a receiver of a message. The sender may use its independently generated keystream to encrypt a message and a receiver may use its independently generated keystream to decrypt the message. Both the sender and receiver may utilize the same algorithm for generating their respective keystreams, thereby ensuring that the same keystream is generated by both sender and receiver. The sender may share a session key with a receiver using an asymmetric encryption technique. The session key may contain a collection of subkeys. Both the sender and the receiver may independently determine media database indices that match the subkeys and aggregate the corresponding media data streams to obtain the keystream.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for utilizing an access log of a proxy server device of a content delivery network (CDN) to detect and mitigate a denial of service (DOS) on a web or content server hosted by the CDN. Through an analysis of the content requests received at the proxy server listed in the access logs, one or more IP addresses may be identified as involved in a potential DOS attack or other suspicious behavior. Once identified, the suspicious activities of the one or more IP addresses may be tracked and aggregated over a particular period of time, with each detected suspicious request to the content server being counted. The count of suspicious requests to the content server may then be compared to one or more threshold values and a remediation action may occur when the thresholds are met or exceeded.

Abstract: Evaluating samples is disclosed. A sample is received. A system component dependency graph is built for the sample. In particular: (1) a dependency relation between at least one system event and at least one system component is analyzed; (2) dependency relations between a plurality of system components are analyzed; and (3) a dependency relation between at least one system component and at least one indirect call component is analyzed. A verdict for the sample is determined based at least in part on the system component dependency graph.

Abstract: Principal components analysis is applied to data sets to fingerprint the dataset or to compare the dataset to a “wild file” that may have been constructed from data found in the dataset. Principal components analysis allows for the reduction of data used for comparison down to a parsimonious compressed signature of a dataset. Datasets with different patterns among the variables will have different patterns of principal components. The principal components of variables (or a relevant subset thereof) in a wild file may be computed and statistically compared to the principal components of identical variables in a data provider's reference file to provide a score. This constitutes a unique and compressed signature of a file that can be used for identification and comparison with similarly defined patterns from other files.

Abstract: Aspects of the disclosure relate to multicomputer systems and methods for data authentication and event execution using a blockchain approach. Any full node computing device in a network, including a data authentication and event execution computing platform, may receive data from one or more sources. The computing platform may verify the authenticity of at least one aspect of the received data. Once the authenticity of the data has been verified, the computing platform may generate a new block of a user's blockchain by cryptographically encrypting the received data, may add the new block to the user's blockchain, and may store the updated blockchain. The platform may then transmit an indication that the received data has been authenticated to the data source. In addition, the computing platform may generate a command configured to execute an action associated with the new block and may transmit the command to the data source.

Abstract: A computer includes a memory and a processor programmed to execute instructions stored in the memory. The instructions include identifying a function in a binary file, assigning one of a plurality of classifications to the function, and determining that the function requires stack cookie protection based at least in part on the classification assigned to the function.

Abstract: Systems and methods are provided for use in implementing access controls to content blocks of a user profile associated with a user. One exemplary system includes an access engine configured to receive an access command from a user, via a communication device, to access the user profile. The access command includes a designation of at least one the content blocks for access by a provider, an identity of the provider, and a duration of the access. The access engine is configured to also modify a permission associated with the designated content block(s) in relation to the provider to permit the access by the provider, and to expose the content block(s) to the provider, thereby granting the access for the provider to the content block(s). The access engine is configured to further terminate the access of the provider to the content block(s) when the duration of the access expires.

Abstract: A method for biometric authentication has the steps of sending a confidential communication to an intended recipient through the system, the intended recipient providing one or more biometric identifiers to view the communication, wherein the one or more biometric identifiers are unique to the intended recipient, the system verifying the one or more biometric identifiers against one or more stored biometric identifiers, the system accepting the one or more biometric identifiers further has the steps of the system displaying the confidential communication on the mobile device, and the user continues to provide the one or more biometric identifiers, the system continuously verifying the one or more biometric identifiers while the communication is displayed wherein when the verification is uninterrupted of fails the communication is hidden.

Abstract: Users of organizations use many different third-party applications. The organizations use the services of a server to manage and interact with the third-party applications. In particular, the server provides a user lifecycle API that defines a set of user lifecycle events corresponding to changes of the users with respect to their organizations and/or the third-party applications that they use within the organizations. The server further has access to lifecycle code modules corresponding to the different third-party applications and defining how those third-party applications will respond to the user lifecycle events. When a user lifecycle event occurs for a particular user of a particular organization, the server determines the third-party applications to which the organization has given the user access uses the appropriate functionality of the lifecycle code modules of the corresponding third-party applications to implement the appropriate user changes for those applications.

Abstract: A global locality sensitive hash (LSH) database stores global locality sensitive hashes of files of different private computer networks. Each of the private computer networks has a corresponding local LSH database that stores local locality sensitive hashes of files of the private computer network. A target locality sensitive hash is generated for a target file of a private computer network. The global and local LSH databases are searched for a locality sensitive hash that is similar to the target locality sensitive hash. The target file is marked for further evaluation for malware or other cybersecurity threats when the target locality sensitive hash is not similar to any of the global and local locality sensitive hashes.

Abstract: The invention relates to a method for authorizing a communication with a portable electronic device, such as access to at least one memory area. The portable electronic device has a display for presenting an item of information visible to the outside and an interface for communication with the outside of the portable electronic device. The item of information is at least in part taken into account by the portable electronic device to authorize the communication. The method includes optically reading of the item of information outside the portable electronic device. The method also includes a step of varying the item of information, the step of varying causing the item of information, termed the variable item of information, to vary at least in part. The invention also relates to the portable electronic device, and the system comprising the portable electronic device and an electronic communication or reading device.

Abstract: According to various aspects, systems and methods are provided for improving a computer system's resistance to tampering. A PUF may be one component of a system. Other components of the system may not have the same level of protection against tampering as the PUF. According to one aspect, tamper protection provided by the PUF may be extended to one or more other components of the system, thus creating a network of tamper-resistant components. The system may include a tamper detection circuit that receives signals from the component(s). The tamper detection circuit generates an output signal based on the received signals that indicates whether any of the components has been tampered with. The PUF may be configured to use the output signal to generate secret information. If the output signal indicates that one of the components has been tampered with, the PUF may prevent generation of the correct secret information.

Abstract: An augmented reality device engages in a mutual exchange of negotiated services with another device. The negotiation comprises a first exchange of respective zero-knowledge proofs, and second exchange of credentials followed by verification of the credentials by a trusted third party, and further exchanges of information comprising services provided by the augmented reality device to the other device, and vice versa. The services are used, in embodiments, to customize an augmented reality experience.

Abstract: Systems and methods for preventing fraud are disclosed. The system includes, for example, a front end device that is operatively coupled to a back end device. The front end device is configured to generate a first dynamic device identification based on dynamic device characteristics of the front end device. The back end device is configured to generate a second dynamic device identification based on the dynamic device characteristics of the front end device to authenticate the front end device. The front end device can also authenticate itself through an Internet of Things (IoT) device that has a trusted connection to the back end device.