Abstract: A secure digital network environment is provided by integrating OTP keys as part of quantum-safe data systems solutions (QPN Solutions), including the use of one-time-pad (OTP) keys to encrypt data, support multi-factor authentication and secure all communications between devices in the secure digital network environment. The OTP keys are “pre-loaded” to endpoint (EP) devices to render them quantum-safe (QS) when connected into the secure digital network environment, or are otherwise provided through removable media to be loaded into user supplied appliances, devices and accessories to render them QS when connected into the secure digital network environment. The application of QPN Solutions refers to the application of QPN enabled technologies to provide a secure digital network environment includes risk assessment and management solutions for establishing and managing cyber security insurable risks and policies.

Abstract: According to an example embodiment, a management server includes a monitoring means for monitoring whether a file has been saved in a storage area managed by a file server, a determination means for determining, when the monitoring means detects that a file has been saved in the storage area, whether identification information on a user who has saved the file matches identification information on a specific user, and a privilege change means for changing, when the determination means determines that the identification information on the user who has saved the file matches the identification information on the specific user, an access privilege of the file.

Abstract: Some implementations of the disclosed systems, apparatus, methods and computer program products may provide for chatbots configured to perform tasks requiring end user identification on behalf of users. Such a chatbot may be authenticated through tokens with custom claims. The custom claims may include identifying or authenticating tokens received by the chatbot or server system and the chatbot may create and/or provide such tokens for authentication. The custom claim may be configured to provide user identifying data, allowing for the chatbot to be provided with end user credentials. Accordingly, chatbots may be utilized to perform sensitive tasks that require user credentials while continuing to provide security for users.

Abstract: This disclosure relates to, among other things, scalable data processing, storage, and/or management systems and methods. Certain embodiments disclosed herein provide for a data management architecture that allows for more secure storage of enterprise data, making it more secure, usable, and/or interoperable, facilitating data usage across information silos. Further embodiments provide for comprehensive data access authentication and/or authorization functionality between various services included in embodiments of the disclosed architecture.

Abstract: Methods and systems are described herein for generating and assigning resources based on timestamps. A plurality of permission messages associated with a plurality of authorization events may be received with each permission message including an authorization timestamp indicating a generation time of a corresponding permission message. In addition, a plurality of data records may be received with each data record including a corresponding plurality of parameters. Based on the permission messages and the data records, a resource multiplier is generated, and resources assigned to each data record are multiplied based on the resource multiplier.

Abstract: This application provides an online streamer image picture transmission method and computing device in live interaction. The method applied to a server, the method includes: receiving an online streamer image picture sent by a first online streamer end, and obtaining a target obfuscation key; performing encryption processing on the online streamer image picture based on the target obfuscation key and picture information of the online streamer image picture, to obtain an encrypted online streamer image picture; and in response to determining that a live interaction request for the first online streamer end and a second online streamer end is received, sending the encrypted online streamer image picture and the target obfuscation key to the second online streamer end.

Abstract: An apparatus includes one or more processors that are configured to determine a pixel-by-pixel bounds for a perturbed image, generate an adversarial example using an adversarial example generation technique, and modify the adversarial example to generate the perturbed image based on the pixel-by-pixel bounds. When an initial perturbed image does not reside within the pixel-by-pixel bounds, the one or more processors adjust the initial perturbed image to generate the perturbed image by a Weber-Fechner based adversarial perturbation to reside within the pixel-by-pixel bounds. The one or more processors provide the perturbed image to a computing device in an image-based Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA).

Abstract: Aspects of a storage device are provided that perform partial decryption of host encrypted data and encryption of host provided data using received or generated keys for data targeted for compute services. The storage device may include a non-volatile memory and a controller. The controller may receive encrypted data, receive a key associated with a portion of the encrypted data, and decrypt the portion of the encrypted data based on the key without decrypting a remainder of the encrypted data. The controller may also receive data, receive or generate a key associated with a portion of the data, encrypt the portion of the data based on the key without encrypting a remainder of the data based on the key, and store the encrypted portion of the data in the non-volatile memory for subsequent decryption. As a result, a balance between encrypted data storage and decrypted data security may be achieved.

Abstract: A method for secure pairing between a sensor and a concentrator using a mobile terminal includes generating and emitting a confirmation code by the concentrator; converting by the sensor of the confirmation code into a sequence of light signals executed by at least one light-emitting diode; converting by the mobile terminal of the sequence of light signals into a sequence code; sending the sequence code to the concentrator; comparing, by the concentrator, the sequence code and the generated confirmation code: if the sequence code does not match the generated confirmation code, generating a warning; if the sequence code matches the generated confirmation code, pairing and exchanging information between the sensor and the concentrator.

Abstract: A method for communicating over a wireless network includes broadcasting, by a Multi-Link Device (MLD) device, service data indicative of one or more services for wireless communication with a client device; wherein the service data indicates that a service type is differentiated based on a type of the client device; establishing a security association with the client device; and in response to establishing a security association with the client device, granting access by the client device to a subset of the one or more services based on the type of the client device.

Abstract: A novel structured random sample consensus protocol to greatly improve blockchain and distributed ledger technology throughput and scalability, while maintaining decentralization and high levels of security. The invention leverages small committees of fixed sizes, called “Clans,” threshold cryptography, and logical virtual districts, called “Tribes,” in order to deterministically random sample disparate nodes for sentiment analysis on a transactions validity, thereby only requiring a relatively small subset of nodes to validate any particular transaction or batch of transactions thus enabling much greater concurrency and parallel processing compared to other more linearized consensus algorithms, while maintaining high security.

Abstract: A packet processing method. A protection device receives a first access request packet. The first access request packet includes a packet sent based on a TCP/IP protocol. The protection device extracts a first fingerprint feature from a transport-layer packet header and/or a network-layer packet header of the first access request packet. The first fingerprint feature corresponds to an operating system type of a terminal device that transmits the first access request packet. The protection device recognizes the first fingerprint feature based on a fingerprint feature database to determine whether to allow the first access request packet to access a server. The protection device allows the first access request packet to pass through when the first access request packet is allowed to access the server. The protection device blocks the first access request packet when the first access request packet is not allowed to access the server.

Abstract: A system for matrix-based homomorphic encryption including a processor of a computing node configured to host a homomorphic encryption module and connected to at least one cloud server and a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor to: acquire plaintext M required to be encrypted; select a size of a matrix and modulus n; select invertible × matrix S1 over n, wherein n is a residue ring modulo n; compute an invertible × matrix S2 over n; set a secret key (S1, S2); and encode the plaintext M by an integer m over n, wherein m is encoded by an envelope matrix comprising a form V ? ( m ) = ( ? 0 ? m ) , wherein ? and ? are numbers chosen at random ?, ??n.

Abstract: A computer-implemented method according to one embodiment includes receiving a request to perform a security policy implementation analysis for a first deployment associated with a first client in an IT environment. IT information associated with the first deployment is collected. The method further includes applying trained machine learning models to analyze the IT information of the first client to compute a security policy for the first deployment. The security policy is computed based on a calculated uncertainty of effects that applying the security policy to the first deployment is capable of causing, and a predicted amount of resources of the first deployment that applying the security policy to the first deployment would consume. An indication of the security policy is output for display in a dashboard on a display of a user device of the first client.

Abstract: A method for protecting a disaster recovery site, the method may include receiving by source compute nodes of a storage system, during source storage periods, write requests for storing content in the storage system; writing by source compute nodes, during the source storage periods, the content into the storage nodes of the storage system; maintaining replication compute nodes of the storage system deactivated during the source storage periods; reading the content by the replication compute nodes from the storage nodes during replication periods; participating, by the replication compute nodes, in outputting the content to one or more data recovery sites during the replication periods; and maintaining the source compute nodes deactivated during the source storage periods.

Abstract: Systems, methods, and processing devices for aiding with cyber intrusion investigations that includes capabilities for extracting data from a specified range of a volatile memory of a target processing device, reconstructing data structures and artifacts from the extracted data; and generating and presenting a visualization of the reconstructed data structures and the reconstructed artifacts.

Abstract: Aspects of the subject disclosure may include, for example, receiving, from a computing device, a validation request for validating an individual associated with a mobile device equipped with an authentication app communicatively coupled with an authentication system, obtaining request data from a user validation system, enabling, using the request data, the computing device to communicate with the user validation system to facilitate the validation, wherein the validation involves the user validation system triggering the authentication system to provide access information to the computing device, the authentication system authenticating the individual/mobile device, the authentication system providing, to the user validation system, identification information of the individual based on the authenticating, and the user validation system determining a validation result based on data relating to the identification information.

Abstract: Implementations describe providing secure encryption key management in trust domains. In one implementation, a processing device includes a key ownership table (KOT) that is protected against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to create a trust domain (TD) and a randomly-generated encryption key corresponding to the TD, the randomly-generated encryption key identified by a guest key identifier (GKID) and protected against software access from at least one of the TDRM or other TDs, the TDRM is to reference the KOT to obtain at least one unassigned host key identifier (HKID) utilized to encrypt a TD memory, the TDRM is to assign the HKID to the TD by marking the HKID in the KOT as assigned, and configure the randomly-generated encryption key on the processing device by associating the randomly-generated encryption key with the HKID.

Abstract: A connection management apparatus of a relay system specifies, when terminal identification information for identifying a target terminal is acquired from a client terminal, a first relay apparatus that relays communication, and specifies connecting information for the client terminal to connect to the first relay apparatus. The connection management apparatus stores the specified connecting information and the terminal identification information in a storage in association with each other, and notifies the client terminal of the specified connecting information. When the specified first relay apparatus receives access based on the connecting information from the client terminal, the specified first relay apparatus relays the communication between the client terminal and the target terminal on the basis of the terminal identification information associated with the connecting information.

Abstract: A method includes generating, by a computing device, SSID aliases; propagating, by the computing device, the SSID aliases to access points; receiving, by the computing device, data from an access point, the data including a selected SSID alias and a media access control (MAC) address of a user device; creating, by the computing device, a record containing the selected SSID alias and the MAC address of the user device; propagating, by the computing device, the selected SSID alias to remaining access points; and sending, by the computing device, a message to the access points to delete the selected SSID alias after a time period.