Abstract: A method of a memory device is provided. The method includes generating, by a controller of the memory device, a hashed index by hashing a source index comprising a namespace identification (NSID) and a keytag with a hash function; accessing, by the controller, a first storage address corresponding to the hashed index; comparing, by the controller, a tag portion corresponding to the first storage address with the source index to identify whether a conflict exists; and in response to identifying whether the conflict exists, obtaining, by the controller, information from the first storage address.

Abstract: Described and claimed is a system for securely storing and processing raw data from a plurality of different data sources. The system comprises a server with a processing unit and volatile memory, an external non-volatile memory connected to the server and a plurality of data sources. The server is adapted for encrypting raw data received from each data source of the plurality of data sources and storing the encrypted raw data on the external non-volatile memory, retrieving and decrypting encrypted raw data stored on the at least one external non-volatile memory and processing raw data retrieved from the at least one external non-volatile memory. Further, a corresponding server and a method for securely storing and processing raw data from a plurality of different data sources are described and claimed.

Abstract: A memory controller coupled to a memory device and configured to control access operations of the memory device includes a data protection engine and a microprocessor. The data protection engine is configured to generate protection information according to data received from a host device. The microprocessor is configured to detect a status of the memory device in response to one or more write operations for writing the data to the memory device, determine whether a portion of the data has to be excluded when generating the protection information corresponding to the data according to the status and accordingly generate a determination result, and store the protection information and the determination result together in the memory device. The determination result indicates which portion of the data is utilized to generate the protection information.

Abstract: A method for generating a digital ID comprising capturing one or more user images of user's face, transmitting the one or more user images or data derived therefrom to a verification server and determining if the one or more images represent a live person. Capturing an ID image of a photo identification for the user and transmitting the ID image to the verification server. Comparing at least one of the one or more user images or data derived therefrom to the image of the user on the photo identification to determine if user in the one or more user images is the same person as the image on the photo identification. Responsive to a match from the comparing and a determination that a live person was captured in the one or more user images, generating a user digital ID and transmitting the user digital ID to the user.

Abstract: Systems, methods, and media for identifying and responding to malicious files having similar features are provided. More particularly, in some embodiments, systems for identifying and responding to malicious files having similar features are provided, the systems comprising: a memory; and a hardware processor coupled to the memory and configured to: receive feature information extracted from a file, wherein the feature information includes at least two of static feature information, environmental feature information, and behavioral feature information; create clusters based on the feature information; determine if a file corresponding to one of the clusters is malicious; and report to a plurality of endpoints that other files corresponding to the one of the clusters is malicious.

Abstract: The disclosure discloses a method for detecting an intrusion in parallel based on an unbalanced data Deep Belief Network, which reads an unbalanced data set DS; under-samples the unbalanced data set using the improved NCR algorithm to reduce the ratio of the majority type samples and make the data distribution of the data set balanced; the improved differential evolution algorithm is used on the distributed memory computing platform Spark to optimize the parameters of the deep belief network model to obtain the optimal model parameters; extract the feature of data of the data set, and then classify the intrusion detection by the weighted nuclear extreme learning machine, and finally train multiple weighted nuclear extreme learning machines of different structures in parallel by multithreading as the base classifier, and establish a multi-classifier intrusion detection model based on adaptive weighted voting for detecting the intrusion in parallel.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, the SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.

Abstract: Techniques are provided for controlling access entitlement for networking device data. In one example, a geographic location of a networking device is determined. A request to access data associated with the networking device is obtained from a user device. A user parameter of a user associated with the user device is determined. An access policy that controls access to the data based on the geographic location of the networking device and the user parameter is identified. The request to access the data is permitted or denied based on the geographic location of the networking device, the user parameter, and the access policy.

Abstract: A middleware, for providing an interconnection between heterogeneous applications, receives a first HTTP POST request that includes a header and a body. Then, the middleware creates a HTTP GET request using the header. The middleware establishes a secure connection with an authorization server, and submits the HTTP GET request to the authorization server asynchronously. The middleware receives a response to the HTTP GET request regarding a validation of identifiers in a query string of the HTTP GET request, and decrypts a username and a password using the identifiers in response to the identifiers located in the authorization server. The middleware serializes an output of the decrypted username and the decrypted password in a Java Script Object Notation (JSON) format, and places the output in a body of a second HTTP POST request. The middleware responds the second HTTP POST request to a data server.

Abstract: Systems and techniques are provided for a resource transfer setup and verification. A request for transfer conditions for a transfer of resources may be received from a first computing device. A set of transfer conditions may be generated in response to the request for transfer conditions and sent to the first computing device. The set of transfer conditions and an indication of an acceptance of the set of transfer conditions by a second computing device may be received from the first computing device. A transfer identifier for the set of transfer conditions may be generated from data from the set of transfer conditions which may specify a first sub-transfer. Transfer instructions may be sent to a third computing device, including instructions for a sub-transfer specified in the set of transfer conditions. The set of transfer conditions may be stored with the transfer identifier as a transfer record in non-volatile storage.

Abstract: A device receives first transaction information associated with a first transaction, and a first transaction account utilized for the first transaction and associated with a first financial institution. The device determines, based on a fraud model, that the first transaction is to be denied due to potential fraud associated with the first transaction account and receives second transaction information associated with a second transaction, and a second transaction account utilized for the second transaction and associated with a second financial institution. The device processes the first transaction information and the second transaction information, with a matching model, to determine whether the first transaction information matches the second transaction information and determines that the first transaction was incorrectly denied when the first transaction information matches the second transaction information within a predetermined threshold.

Abstract: An electronic device for controlling access to a device resource, and an operation method thereof, are disclosed. The electronic device may include a memory; and a processor configured to execute at least one operating system executed in a first region allowing an operation based on a first authority; execute at least one application executed in a second region allowing an operation based on a second authority; and in response to detection of access to at least one device resource by the at least one application, determine authority of access to the at least one device resource by using an authority determination module executed in a third region allowing an operation based on a third authority.

Abstract: A system and method that provides the ability for users to select, create, and upload a collection of graphical images whereby a web site login process presents the user with an array of graphical images including the graphical images designated for an authentication pattern, the graphical image authentication system then determines that the graphical images chosen by the user are correct or incorrect without notifying the user until the process is complete.

Abstract: Improved optical network security (e.g., using a computerized tool) is enabled. Various embodiments herein can send (e.g., via a network) to a group of network devices comprising a first network device and a second network device, a first encrypted data stream, a second encrypted data stream, a first hash code, and a second hash code, wherein the first network device deletes the second encrypted data stream after the first network device hashes the second encrypted data stream, and in response to the second network device being determined not to have received the second hash code within a defined threshold time, determine that the first network device is unauthorized to use the network.

Abstract: Methods and systems, including computer programs encoded on a computer storage medium, implement compliance testing to evaluate controls used to protect assets of a target system. A respective first score is generated for each control based on compliance tests performed to detect each of the controls at the target system. A compliance model is generated that integrates machine-learning algorithms to classify inputs corresponding to a compliance test and to enable predictive analytics of the compliance model using the classified inputs. The compliance model derives a negative compliance test (nCT) for each of the compliance tests by applying the predictive analytics to a data set that includes the first score for each control. An nCT is performed for each control detected at the target system and a second score is generated for each nCT. An assurance score characterizing effectiveness of the control is generated based on the first and second scores.

Abstract: A system to create a stacked classifier model combination or classifier ensemble has been designed for identification of undisclosed flaws in software components on a large-scale. This classifier ensemble is capable of at least a 54.55% improvement in precision. The system uses a K-folding cross validation algorithm to partition a sample dataset and then train and test a set of N classifiers with the dataset folds. At each test iteration, trained models of the set of classifiers generate probabilities that a sample has a flaw, resulting in a set of N probabilities or predictions for each sample in the test data. With a sample size of S, the system passes the S sets of N predictions to a logistic regressor along with “ground truth” for the sample dataset to train a logistic regression model. The trained classifiers and the logistic regression model are stored as the classifier ensemble.

Abstract: A method and a control circuit for managing information of an electronic device are provided, where the electronic device includes the control chip. The method includes: utilizing a static entropy source of the control circuit to provide static entropy data; utilizing a cryptographic circuit of the control circuit to generate a public key and a private key according to the static entropy data, where the public key is to be registered into a blockchain by an identifier (ID) management device; and utilizing a signature generating circuit to generate a digital signature at least according to the private key, where the information of the electronic device is to be uploaded to the blockchain in conjunction with the digital signature.

Abstract: Systems and methods for adaptive attack resistant distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess multiple secret shares corresponding to distinct secret values, which may be used in the process of encrypting or decrypting data. The client computer may generate multiple commitments and transmit those commitments to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitments and their respective secret shares. The partial computations may be transmitted to the client computer. The client computer may use the partial computations to generate a cryptographic key. The client computer may use the cryptographic key to encrypt a message or decrypt ciphertext.

Abstract: A method for preventing transmission of malicious data may include receiving transaction data including at least one packet associated with a payment transaction; extracting at least one of network layer data or transport layer data from a header of the at least one packet; determining a first probability indicating that the at least one packet is in a first class based on the at least one of the network layer data or the transport layer data using a classifier. The method may also include determining a second probability indicating that the at least one packet is in a second class based on the at least one of the network layer data or the transport layer data using the classifier; and blocking the at least one packet. A system and a computer program product are also disclosed.

Abstract: A processing device is configured to process an initial set of command types. A command extension module and a digital signature are received. The digital signature is generated based on the command extension module using a private key of a key pair. The command extension module, once installed by the processing device, enables the processing device to process a new command type that is not included in the initial set of command types. The digital signature is verified using a public key of the key pair. Based on a successful verification of the digital signature, the command extension module is temporarily installed by loading the command extension module in a volatile memory device.