Abstract: The technology presented herein improves incident handling in an IT environment. In a particular example, a method provides identifying a first incident in the IT environment. From incident handling information that indicates how a plurality of previous incidents were handled by one or more users, the method provides identifying first information of the incident handling information corresponding to one or more first previous incidents of the plurality of previous incidents that are similar to the first incident. The method further provides determining a suggested course of action from the first information and presenting the suggested course of action to a user of the information technology environment.

Abstract: Systems and methods for reversibly remediating security risks, which monitor a network or system for security risks, and upon detection of one or more of risks, apply a remedial action applicable to at least partially remedy or mitigate the one or more detected risk. The network or system is monitored for a change to the detected risk(s), and upon detection of a change to the detected risk(s), the applied remediation action is automatically reversed.

Abstract: Embodiments of the invention provide systems and methods for using programmatic means to verify the identity of a person. By scanning the person's documents and/or biometric data and comparing them to available government and private databases, the validity of those documents and identity of the person can be confirmed with a high confidence level. The process can assign a score to each item verified which is then computed into an overall confidence score which is available to other processes to rely on for approval of transactions. The identity is digitally combined with the credentials of the mobile phone to create a reusable identity token. Together with the confidence score, the identity token represents the verified biometric information of the person and is tied to the mobile phone.

Abstract: Systems, methods, and software described herein provide for identifying recommended feature sets for new security applications. In one example, a method of providing recommended feature sets for a new security application includes identifying a request for the new security application, and determining a classification for the new security application. The method further provides identifying related applications to the new security application based on the classification, and identifying a feature set for the new security application based on features provided in the related applications.

Abstract: A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.

Abstract: An example operation may include one or more of submitting a part replacement request to replace a first part of a device, qualifying a second part and repair resources, issue a part replacement transaction to the blockchain network, endorse the part replacement transaction by the plurality of blockchain peers, and replace the first part with the second part. The first part includes a blockchain peer of a plurality of blockchain peers and the device includes a blockchain network including a plurality of parts each corresponding to one of the plurality of blockchain peers.

Abstract: Described herein are systems and methods for controlling access to a protected resource based on various criteria. In one exemplary aspect, a method comprises designating a plurality of program data installed on a computing system as protected program data; intercepting, by a kernel mode driver, a request from an untrusted application executing on the computing system to alter at least one of the protected program data; classifying, by a self-defense service, the untrusted application as a malicious application based on the intercepted request and information related to the untrusted application; and responsive to classifying the untrusted application as a malicious application, denying, by the kernel mode driver, access to the at least one of the protected program data.

Abstract: A misuse detection method used in an electronic control unit in a vehicle network system including multiple electronic control units that communicate with one another through networks. The misuse detection method includes receiving a target data frame at one time point, and receiving a reference data frame at another time point different than the one time point. The misuse detection method further includes performing, as misuse detection for the target data frame based on a certain rule specifying a reception interval between the one time point at which the target data frame is received and the other time point at which the reference data frame is received, and determining the target data frame received is for misuse based on a length of the reception interval.

Abstract: A method for facial authentication of a wearer of a watch includes: initiating an authentication process including detecting at least one triggering movement/gesture carried out by the wearer; capturing at least one sequence of images relative to the face of the wearer pivoting from one direction to another in front of the optical sensor; acquiring surface geometric data of the face associated with each image of at least one sequence; generating a three-dimensional model of the face of the wearer from at least one captured sequence of images and from the acquired geometric data; determining an identification index generated based on identification data relative to a plurality of features characteristic of the face of the wearer of the watch detected on the basis of the three-dimensional model, and identifying the wearer if the identification index is greater than a reference identification index.

Abstract: The presently disclosed subject matter includes a system for monitoring a set of command lines or calls to executable scripts configured to be executed by an operating system. Each command line from the set of command lines is associated with an executable script configured to be executed by an operating system. The apparatus classifies, via a machine learning model, a command line from the set of command lines into an obfuscation category and prevents the operating system from executing the command line and generates a notification signal when the obfuscation category indicates that the command line is part of a cybersecurity attack. The apparatus allows the operating system to execute the command line or call to the executable script when the obfuscation category indicates that the command line is not part of a cybersecurity attack.

Abstract: Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized.

Abstract: A method is disclosed of secure data transmission comprising sending a data request from a client device to a server device, the data request comprising a first share of a first encryption key, and a first location in the database at which is located desired double-encrypted data; receiving the sent data request at the server device; extracting, at the server device, the first share and the first location from the received data request; obtaining, at the server device, the desired double-encrypted data from the database using the extracted first location; generating, at the server device, the first encryption key using the extracted first share and one or more additional shares of the first encryption key held by the server device; and decrypting, at the server device, the obtained desired double-encrypted data using the generated first encryption key to form single-encrypted data.

Abstract: Aspects of the technology described herein provide for controlled access to a secure computing resource. A first device may receive a child token from a second device having a parent token. The child token may grant the first device access to a subset of data accessible to the second device. Based on a degree of physical proximity between the first device and a third device associated with a user satisfying a threshold proximity, an indication of a user identifier for the user may be received from the third device. A request for access to a secure computing resource associated with the user may be sent to the second device. The request may include the indication of the user identifier and an indication of the secure computing resource. Access to the secure computing resource may be granted based on the child token and the indication of the identifier.

Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises: selecting a file from a database of files used to perform training of a model for detecting a malicious file, forming one or more behavior patterns from intercepted one or more commands and parameters during execution of the file, forming a detection model, wherein the detection model selects a method of machine learning and is initialized with one or more hyper-parameters, training the detection model by calculating the one or more hyper-parameters based on the one or more behavior patterns to form a group of rules for calculating a degree of maliciousness of a resource and calculating a degree of maliciousness of another file based on the trained detection model.

Abstract: Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network. The secure circuit is configured to store information that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the first key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

Abstract: An information processing apparatus in which a plurality of applications operate is provided. The apparatus comprises a verification unit that verifies whether or not an application can be trusted; and a controller that controls the application, wherein during the execution of a first application executed in response to a user instruction, the controller causes the verification unit to verify a second application that the first application dynamically imports, before the second application is loaded.

Abstract: Embodiments of a method, an IC device, and a circuit board are disclosed. In an embodiment, the method involves at an IC device of the system, monitoring activity on a bus interface of the IC device, wherein the bus interface is connected to a bus on the system that communicatively couples the IC device to at least one other IC device on the system, applying machine learning to data corresponding to the monitored activity to generate an activity profile, monitoring subsequent activity on the bus interface of the IC device, comparing data corresponding to the to subsequently monitored activity to the machine learning generated activity profile to determine if a system-level Trojan is detected, and generating a notification when it is determined from the comparison that a system-level Trojan has been detected.

Abstract: Methods for protecting software licensing information via a trusted platform module (TPM) are performed by systems and devices. When a licensing server is unreachable, a license is generated for a software application by a licensing manager. The license is generated via a secure register of the TPM using an asymmetric key, specific to the software application and policy-tied to the secure register, to generate a signature of a hashed license file for the software application. The asymmetric key is stored, mapped to the license file, and used for subsequent license validation. A licensing manager validation command is provided to validate the license using the key, as applied to the hash, to verify the signature and checking validity of the time stamp. Time stamp expiration or alteration of the license are determined to provoke invalidation indications for the validating application.

Abstract: Embodiments of the disclosure relate to configuring a watermark unit with watermark algorithms for artificial intelligence (AI) models for a data processing (DP) accelerator. In one embodiment, in response to a request received by a DP accelerator, the request, sent by an application, to apply a watermark algorithm to an AI model by the DP accelerator, a system determines that the watermark algorithm is not available at a watermark unit of the DP accelerator. The system sends a request for the watermark algorithm. The system receives the watermark algorithm by the DP accelerator. The system configures the watermark unit at runtime with the watermark algorithm for the watermark algorithm to be used by the DP accelerator.

Abstract: Embodiments of the disclosure relates to signing of an artificial intelligence (AI) model with a watermark for a data processing (DP) accelerator. In one embodiment, in response to a request received by the data processing accelerator, the request sent by an application to embed digital rights protection to an AI model, a system generates a watermark for the AI model based on a watermark algorithm. The system embeds the watermark onto the AI model. The system signs the AI model having the embedded watermark to generate a signature. The system returns the signature and the AI model having the embedded watermark back to the application, where the signature is used to authenticate the watermark and/or the AI model.