Abstract: The technology described herein visibly depicts hidden message traits to help users determine whether an email is genuine or deceptive. The hidden message traits are revealed by identifying and changing attributes that keep the hidden traits from being displayed in a rendered message. Spam messages, phishing messages, and messages that include or link to malicious programs (e.g., malware, ransomware) are examples of unwanted messages that can harm a recipient. These messages often rely on deception to get past email filtering systems and to trick a user into acting on content in a message. The deception often involves including hidden traits in a message that fool an automated filtering system. The technology described herein shows the visible traits to a user by including them in the rendered version of the message.

Abstract: Systems and methods are disclosed to implement a network data interpretation pipeline to recognize machine operations (MOs) and machine activities (MAs) from network traffic data observed in a monitored network. In embodiments, a MO recognition engine is implemented in the network to recognize MOs from network sensor events (NSEs) based on defined recognition patterns. The MOs and any unrecognized NSEs are uploaded to a network monitoring system, where they are further analyzed by a MA recognition engine to recognize higher-level machine activities performed by machines. The NSEs, MOs, and MAs are used by the network monitoring system to implement a variety of security threat detection processes. Advantageously, the pipeline may be used to add rich contextual information about the raw network data to facilitate security threat detection processes.

Abstract: A service providing apparatus includes a first management unit that manages items of device identification information for identifying devices used by users and items of character identification information for identifying characters of the devices, in such a manner that the items of device identification information are associated with the items of character identification information; a second management unit that manages, for each of the users, one or more items of service identification information for identifying services corresponding to an item of character identification information; and a service providing unit that provides, using an item of service identification information, a service in accordance with a character of a device to a user who uses the device.

Abstract: An encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

Abstract: The technology disclosed herein provides network bound encryption that enables a trusted execution environment to persistently store and access recovery data without persistently storing the decryption key. An example method may include: transmitting combined key data that is based on a cryptographic key data of a second computing device to a third computing device; deriving a cryptographic key from combined key data received from the third computing device, the received combined key data being based on the cryptographic key data of the second computing device and cryptographic key data of the third computing device; and causing the trusted execution environment to use the cryptographic key to access sensitive data on a persistent storage device.

Abstract: A electronic device including an integrated circuit, the integrated circuit comprising a secure element electronic circuit and an electronic radio communication circuit, the secure element having stored therein firmware program code configured to implement operating system functions, the operating system functions including a data receiving function and a data transmitting function, wherein the firmware program code is further configured to control the secure element to determine in the received data custom program code for a custom application, and to store the custom program code in the memory of the secure element, and to implement an application programming interface configured to receive from the custom application requests for called operating system functions, and to execute the called operating system functions for the custom application.

Abstract: Techniques unmasking ransomware attacks are disclosed. In some embodiments, a computer system performs operations comprising: generating a first prediction that a file system comprising a plurality of files has been attacked by ransomware based on snapshot metadata of the file system using a snapshot-level machine learning prediction model, the snapshot metadata comprising a plurality of file change data indicating a plurality of file change events that have been performed on the file system; in response to the first prediction, generating a classification for each one of the files based on the file change data using a file-level machine learning prediction model, the classification indicating whether the files have been targeted by the ransomware for encryption; determining that one or more files have been targeted by the ransomware based on the classification; and displaying the classification for the one or more files on a computing device of a user.

Abstract: A system and method for a threat monitoring device for determining, within an industrial control system over a data communication network, cross-correlated behaviors of an information technology domain, an operational technology domain, and a physical access domain and associated threats. The method includes receiving sensor data from the information technology domain, sensor data from the operational technology domain, and sensor data from the physical access domain, fusing the sensor data of each of the domains to obtain fused sensor data, determining feature sets from the fused sensor data using behavior profiles, constructing behaviors as sets of the features over time periods, classifying the behaviors to determine a degree of anomaly, classifying anomalous behaviors to determine a threat probability, generating an alert based on the degree of anomaly and the threat probability, displaying particular sensor data and particular time periods associated with the alert.

Abstract: A cloud communication architecture addresses shortcomings of traditional security protocols (e.g., SSL/TLS) in cloud computing, providing security for data-in-transit and authenticity of cloud users (CUs) and cloud service providers (CSPs). The architecture also protects the communication channel against attacks such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, replay, compromised-key, repudiation and session hijacking attacks. The architecture includes a high-performance cloud-focussed security protocol. The protocol efficiently utilizes the strength and speed of features such as symmetric block encryption with Galois/Counter mode (GCM), cryptographic hash, public key cryptography, and ephemeral key-exchange, and provides faster reconnection facility for supporting frequent connectivity and dealing with connection trade-offs. Embodiments have enhanced security against the above-noted attacks, and are superior to TLSv1.

Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.

Abstract: Various aspects of the subject technology relate to systems, methods, and machine-readable media for providing an encryption key exchange. Various aspects may include identifying a database of cryptographic keys configured for encryption. Aspects may also include sending a request for a private key for decryption of content. Aspects may also include receiving the private key from a client. Aspects may also include determining a visibility parameter for content posts of the content based on the private key and database. Aspect may include providing the content posts to the client at a visibility according to the visibility parameter.

Abstract: An electronic control unit, which receives a message and a freshness value given to the message via a connectionless communication, includes a storage unit storing a freshness value list, which indicates a predetermined number of freshness values in a descending order from a reference value, which is a largest freshness value among the freshness values received in a past. The electronic control unit compares a received value, which is the received freshness value, with the freshness value list to provide a verification result, and updates the freshness value list so as to hold the received value in response to the verification result indicating that (i) the received value is not larger than the reference value and not smaller than a permissible value which is a smallest freshness value in the freshness value list, and (ii) the received value is not in the freshness value list.

Abstract: Methods, apparatuses, and computer-readable medium for directional security are provided. An example method may include receiving, from a wireless device, a configuration for a set of shared keys. The example method may further include receiving, from a second UE, at least one message or signal including a location of the second UE, the received at least one message or signal being associated with an angle of arrival. The example method may further include configuring a key from the set of shared keys based on at least one of the received configuration, the location of the second UE, the AoA of the received at least one message or signal, or a location of the first UE. The example method may further include generating one or more ranging signals based on the configured key, the one or more ranging signals being directionally secure based on the location of the second UE.

Abstract: Disclosed herein are system, method, and computer program product embodiments for encryption key management. An embodiment operates by executing an initial non-backup instance of an application and generates a primary key using a cryptographic algorithm. The embodiment requests a customer to create a passphrase configured to encrypt and decrypt the primary key. The embodiment generates a derived key using a cryptographic algorithm and the customer passphrase as input. The embodiment then encrypts the primary key using the generated derived key and stores the encrypted primary key in a catalog.

Abstract: Systems and methods for authenticating surgical tools for use in a surgical operation by a robotic surgical system are described herein. The authentication systems and methods include status lists for surgical tools associated with surgical systems. The status lists indicate an allowed or disallowed status of each surgical tool. The status list is stored on a cloud-computing system and shared with various surgical systems at different geographic locations. Prior to performing a surgical operation or at other times, the surgical systems decrypt tool data received from a surgical tool to access identifying information and access a tool status from the status list based on the tool data. The surgical systems then proceed based on the status of the surgical tool in the status list.

Abstract: Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key KFB or trusted asymmetric fallback public key PKFB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCIFB for communication of messages with the unauthenticated network entity.

Abstract: In an approach, a processor obtains an encrypted data key and a first encrypted protection key from a storage device. A processor sends the first encrypted protection key to a first device. A processor obtains a protection key from the first device, wherein the protection key is generated by the first device through decrypting the first encrypted protection key. A processor decrypts the encrypted data key using the protection key to obtain a data key.

Abstract: An example operation may include one or more of encrypting content via an encryption key to generate encrypted content, storing the encrypted content via a distributed ledger, splitting the encrypted encryption key into a set of key shares via a threshold secret sharing scheme, and distributing the set of key shares among a plurality of nodes of a distributed vault, where each key share is distributed with an expiry value that identifies when the respective key share is to be deleted by a node.

Abstract: Disclosed are various examples for dynamically generating restriction profiles for updated software platforms. A management system can determine that updated restrictions and/or settings are included in an updated or new version of a definition file. The updated settings identified and categorized according to risk for a given enterprise group without administrator input. An updated restriction profile can be generated according to the updated settings and distributed to managed devices.

Abstract: Provided is an analysis device with which it is possible to find information relating to the intention and purpose of an attacker. The analysis device is provided with a purpose estimating means that estimates the purpose of behavior, based on predetermined behavior in the computer and knowledge information that includes the relation between the behavior and the purpose of executing the behavior.