Abstract: The present embodiments provide an environment where a user first creates or imports a document comprising of fields to be completed by one or more users. All users who have view-only access or can act on a document are considered to be “in the workflow.” All users in the workflow (except view-only users) can take actions in the document by editing, adding or entering values or signatures in those fields. When the document is complete, a computing device adds an encrypted token visualization element to the document that uniquely identifies and secures the document. Thereafter, a copy of the original document, all attachments, authentication, security and validation information, and all other relevant information about the document and users will be available to view in the chain of custody and audit trail by the authorized users by scanning the token visualization element within the platform (web application or mobile application).

Abstract: A method of detecting and mitigating a denial of service attack is described. The method comprises monitoring incoming first traffic packets, building a first Benford distribution of the first traffic packets, the first Benford distribution corresponding to network behaviour associated with normal traffic, and detecting a denial of service attack associated with incoming second traffic packets. After detecting the denial of service attack, the method involves sorting the incoming second traffic packets according to a characteristic of the incoming second traffic packets to create a Zipf distribution, building a second Benford distribution of the second traffic packets using the Zipf distribution and the first Benford distribution, discarding incoming second traffic packets that are not consistent with the second Benford distribution, and allowing incoming second traffic packets that are consistent with the second Benford distribution.

Abstract: Systems and methods are provided for authorizing an electronic transaction. In one implementation at least one processor is programmed to receive electronic transaction data and historical transaction data, the electronic transaction data including an entity identifier component and an amount component of an electronic transaction; determine, based on the entity identifier component and the amount component, a location of the electronic transaction in a space of a distributed representation space, the distributed representation space comprising a mapping of electronic transaction components in a high-order space; determine locations of the historical transaction data in the distributed representation space; determine a decision boundary in the distributed representation space based on the locations of the historical transaction data; and authorize the electronic transaction based on the location of the electronic transaction being within the decision boundary.

Abstract: A method and system are provided for updating an elliptic curve (EC) base point G, with the EC basepoint used in encryption and coding of video data. A candidate base point G is generated that includes additional data used for validation purposes and checked as a valid base point before transmission and use.

Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to identify sensitive user data stored in the memory by a first application, determine a risk exposure score for the sensitive user data, apply, based on a determination that the risk exposure score is above a threshold, a security policy to restrict access to the sensitive user data, receive a request from a second application to access the sensitive user data, determine whether the first application and the second application are similar applications, and allow access based on a determination that the first application and the second application are similar applications.

Abstract: According to examples, an apparatus may include a processor that may identify activities of an entity on resources over a predetermined period of time, in which the entity is to use permissions assigned to the entity over the resources to perform the identified activities. The processor may also identify which of a plurality of groups of permissions includes the permissions the entity used to perform the identified activities and may determine permutations of the identified plurality of groups of permissions. The processor may further calculate respective scores for each of the determined permutations to identify permutations of the groups of permissions having the lowest scores and may output information pertaining to the determined permutations having the lowest scores.

Abstract: A communication method and a method for operating the communication network are disclosed. The method includes: obtaining a network identifier (NI) for a first member of the communication network, where the first member is un-validated and associated with a first user; obtaining a vote value regarding the first user from a second user of a second member in the communication network, where the second member is validated; generating a trust score for the NI based on the vote value; and validating the first member, in response to the trust score satisfying a trust score threshold, by inserting a first validated member identity hash block (MIHB) based on the NI into a master blockchain ledger for the communication network.

Abstract: Described embodiments provide systems and methods for anomaly detection and root cause analysis. A root cause analyzer receives a plurality of data samples input to an anomaly detection engine, and a corresponding plurality of anomaly labels output from the anomaly detection engine. The root cause analyzer trains a classification model using the plurality of data samples and the corresponding plurality of anomaly labels. The root cause analyzer determines, using the trained classification model and the plurality of data samples, relative contributions of anomalous features in a data sample of the plurality of data samples, to a prediction that the data sample is anomalous. The root cause analyzer provides the relative contributions of anomalous features to a device, to determine an action in response to the prediction that the data sample is anomalous.

Abstract: A method for training a machine learning model using information pertaining to characteristics of upload activity performed at one or more client devices includes generating first training input including (i) information identifying first amounts of data uploaded during a specified time interval for one or more of multiple application categories, and (ii) information identifying first locations external to a client device to which the first amounts of data are uploaded. The method includes generating a first target output that indicates whether the first amounts of data uploaded to the first locations correspond to malicious or non-malicious upload activity. The method includes providing the training data to train the machine learning model on (i) a set of training inputs including the first training input, and (ii) a set of target outputs including the first target output.

Abstract: Disclosed herein are methods, systems, and processes for validating vulnerabilities using lightweight offensive payloads. An attack payload limited by an execution scope that includes pre-defined exploit features for validating code execution associated with a vulnerability is generated. The attack payload is transmitted to a target computing system and a confirmation of the code execution based on at least one pre-defined exploit feature is received, permitting a determination that the vulnerability has been validated.

Abstract: A computer-implemented method that receives at an apparatus a request from a first computing device for access to information related to a first user data set; determines, or receives an indication of a determination, whether the first computing device can access the information based on criteria for sharing information, the criteria based on one or more characteristics of the first user data set and a second user data set accessible by the first computing device; and provide a response based on the determination, the response preserving privacy of a user corresponding to the first user data set.

Abstract: A system, apparatus and product comprising: a multi-tenant layer that comprises shared resources, wherein the shared resources are accessible to multiple tenants of the storage system, wherein the shared resources comprise shared logic resources and shared data resources; and multiple single-tenant layers, wherein each single-tenant layer is associated with a respective tenant of the multiple tenants, wherein each single-tenant layer comprises a database and business logic of the respective tenant, wherein a multi-tenant encryption scheme is configured to enable secure communications with the multiple tenants without divulging sensitive information to the multi-tenant layer.

Abstract: A method and system for characterizing application layer flood denial-of-service (DDoS) attacks are provided. The method includes receiving an indication on an on-going DDoS attack directed to a protected entity; generating a dynamic applicative signature by analyzing requests received during the on-going DDoS attack, wherein the dynamic applicative signature characterizes requests generated by an attack tool executing the on-going DDoS attack; and characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether a request is generated by the attack tool.

Abstract: A method comprises: generating a first partial hash of the user identity information, transmitting a first query to a server computer, in response to transmitting the first query, receiving query metrics that indicate a set of counts of expected results, determining whether a count of expected results of the first partial hash satisfies a threshold count of expected results, in response to determining that the count of expected results of the first partial hash satisfies the threshold: generating and transmitting a second query, and in response, receiving and storing a set of user identity records that match at least the first partial hash, querying the set of user identity records using the user identity information and in response, receiving a result set of user identity records, the result set of user identity records comprising one or more user identity records that match the user identity information.

Abstract: Disclosed herein are systems and methods for granting access to data of a user. In one aspect, an exemplary method comprises, blocking the processing of data of a user, transferring the data of the user to a storage device, receiving a request for data processing from a collected data processor of a device, redirecting the received request to the storage device, determining, by the storage device, data access rights for the collected data processor of the device from which the request for data processing is received in accordance with data access rights established by a data access rights manager, and providing access to the data in accordance with the determined data access rights.

Abstract: Systems and methodologies for generating a bridge file linking a subject identifier (Subject ID) (or a tokenized subject identifier), used to anonymize a subject in a trial, to tokenized personal identification information (PII), used to de-identify other data for the subject, without revealing the link between the subject identifier (subject ID) and the personal identifying information (PII) for the subject. The bridge file can then be used to link trial data for the subject anonymized with a subject ID to other data for the subject de-identified with tokenized PII.

Abstract: Systems, methods, and devices for performing a layer-2 scan of one or more communication networks to collect detailed information regarding the components/devices attached to the networks at a particular location (e.g., metropolitan area, city, university campus, building, floor within a building, etc.), and using the collected detailed information to generate a device profile for each of the devices attached to the one or more communication networks at the particular location. A server computing device may use the generated device profiles to perform inventory control operations, wireless vendor integration operations and/or security operations. For example, the server may use the device profiles to determine whether a component/device attached to any of the networks is non-benign (e.g., improperly configured, running malware, operated by hacker, spoofing a server, dropping packets, etc.), and initiate a reactive or mitigating action (e.g., quarantine the device, etc.).

Abstract: The disclosed computer-implemented method for deep packet inspection of vulnerable network devices may include (i) detecting at least one vulnerability associated with a network device service, (ii) identifying one or more network devices associated with the vulnerability, (iii) initiating a deep packet inspection of data traffic communicated by a target network device, (iv) determining, based on the deep packet inspection, one or more signatures associated with a potential malware attack for the target network device, and (v) performing a security action that mitigates the potential malware attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, system, and computer-usable medium for analyzing security data formatted in STIX™ format. Data related to actions performed by one or more users is captured. Individual tasks, such as analytics or extract, transform, load (ETL) tasks related to the captured data is created. Individual tasks are registered to a workflow for executing particular security threat or incident analysis. The workflow is executed and visualized to perform the security threat or incident analysis.

Abstract: A method, system and product for detecting firmware vulnerabilities, including, during a testing phase of a firmware of a device, continuously polling states and activities of the device, wherein said polling is at a testing agent that is functionality separate from the firmware; correlating between at least one event that is associated with the states or the activities of the device and test results of the testing phase; based on said correlating, determining for the firmware one or more normal events and one or more abnormal events; and after the testing phase, providing indications of the one or more normal events and one or more abnormal events from the testing agent to a runtime agent, whereby said providing enables the runtime agent to protect the firmware from vulnerabilities associated with the one or more abnormal events.