Abstract: Electronic device including SoC which includes secure processor performing user authentication based on authentication data received from user, and nonvolatile memory device storing first event count is disclosed. The secure processor includes volatile memory that stores failure count increasing as the user authentication fails and being reset as the user authentication succeeds, security module that restricts the user authentication of the user during first time period when the failure count reaches first threshold value, and OTP memory that stores second event count increasing as throttle level corresponding to the failure count changes. When the user authentication succeeds and when power-off request for the system on chip is generated, the first event count is updated based on the second event count. When the secure processor is powered on after the SoC is powered on, the security module compares the first and second event count to determine whether sudden power-off occurs.

Abstract: A computer-implemented method, computer program product and computing system for: receiving platform information from a plurality of security-relevant subsystems; processing the platform information to generate processed platform information; identifying less threat-pertinent content included within the processed content; and routing the less threat-pertinent content to a long term storage system.

Abstract: A user terminal includes a computer unit for executing algorithms and for controlling the user terminal and a first communication interface for establishing a data connection with a server in a communication network. A method for authorizing the user terminal in connection with using a service operated on the server in the communication network includes: generating an audio signal characteristic of the user terminal in relation to an impending use of the service; acquiring, by the user terminal, the characteristic audio signal; transmitting the characteristic audio signal to the server via the data connection; authenticating, by the server, via one or more signature keys stored in a database, the transmitted characteristic audio signal; and based on successful authentication, authorizing, by the server, the user terminal for the service.

Abstract: A computer-implemented method for providing anonymized patient datasets, comprises: analyzing statistical population data to ascertain obfuscation parameters; and anonymizing patient datasets including quasi-identifiers as attributes by obfuscating the quasi-identifiers of the patient datasets based on the obfuscation parameters to generate the anonymized patient datasets. A system includes at least one processor and a memory, and is configured to provide the anonymized patient datasets.

Abstract: In an example of a method described herein, historical events occurring over a network are detected, and at least one of the historical events is associated with an observed value of a categorical variable. A numerical aggregate value representing the observed value is updated by applying an exponential smoothing function to (i) a prior numerical aggregate value representing prior historical events associated with the observed value and (ii) a count of the historical events associated with the observed value. An event occurring over the network is detected and is associated with the observed value. Features are extracted from the event, where the features include an encoded feature based on the numerical aggregate value to represent the observed value. A predictive model is applied to the features to determine a score representing likelihood of an outcome. Based on the score, access to a resource of the network is controlled.

Abstract: Devices can be configured to broadcast blocks incorporating artifact origination tokens. Devices can include network interfaces, memory; and processors. Processors can be configured to obtain artifact-to-time association elements. Artifact-to-time association elements can include artifact references and timestamps. Timestamps can include references to artifact references. Processors can be further configured to obtain artifact origination tokens. Artifact origination tokens can include artifact-to-time association element, certifier descriptors indicating certifier public keys, and/or certifier digital signatures. Certifier digital signatures can be generated based on certifier public keys and/or artifact-to-time association elements. Processors can be further configured to obtain ledger entries including artifact origination tokens with public keys, compute challenges based on ledger entries, and broadcast blocks incorporating the ledger entries.

Abstract: A system and methods of cybersecurity are provided, implementing: receiving multiple TCP/IP packets destined for a target host; determining from among the multiple TCP/IP packets, a subset of suspicious TCP/IP packets characterized by one or more suspicious traits; for each of the TCP/IP packets characterized by the one or more suspicious traits, extracting a TCP/IP timestamp header value and calculating a normalized timestamp value by subtracting a local system time from the TCP/IP timestamp header value; identifying a subgroup of the TCP/IP packets having a common normalized timestamp value indicative of generation by a common source host; receiving a subsequent TCP/IP packet destined for the target host; determining that the subsequent TCP/IP packet's normalized timestamp value is the common normalized timestamp value; and responsively blocking the subsequent TCP/IP packet from reaching the target host.

Abstract: Identifying a malicious web page that impersonates a legitimate web page, including extracting HMTL source and a certificate for a specified web page, parsing the extracted HTML to identify objects, forms, links, templates, images and logos embedded in the HTML, and determining whether or not the HTML source harvests user credentials. If the determining is negative, then marking the specified web page as clean. If the determining is affirmative, then verifying the origin and ownership of the extracted certificate by examining its digital signature to determine a possibility of an impersonation attempt, applying image recognition to the identified images and logos, and comparing the identified images and logos to known images and brand logos of the certificate owner. If the comparing is affirmative, then mark the web page as clean. If the comparing is negative, then mark the web page as suspicious and block the web page from being accessed.

Abstract: Disclosed herein are devices, systems and methods for securely accessing data transferred via multiple isolated networks network, comprising adjusting one or more mapping records comprising network mapping and routing settings for a plurality of isolated networks connecting a plurality of clients to a server to expose one of the plurality of isolated networks to one or more processing engines executed by the server while concealing all other isolated networks from the respective processing engine, activating a lock configured to enable each processing engines to execute a single thread, executing the processing engine(s) to fetch data from the exposed isolated network(s), and releasing the lock. Wherein each processing engine is able to access the isolated network exposed to the respective processing engine while unable to access any of the isolated networks concealed from respective processing engine.

Abstract: A method for prevention of malware infection of a user device. A first request for a first web page is received from the user device. Transmitting, to a website associated with the requested first web page and in response to the first request a second request for the first web page. In response to the second request, receiving a first set of data associated with the first web page. Generating, based on a first set of data in the first domain format, a first set of graphical images representing respective portions of the first set of data in a second domain format. Transmitting, to the user device, the first set of graphical images with correlation data configured to enable a user to interact with the graphical images on the user device in a manner that is substantially the same as though the user device had received the first web page in the first domain format and the first web page had been rendered from the first domain format by a program operating on the user device.

Abstract: Disclosed is a method for accessing software applications. The method includes obtaining an application access request, the application access request carrying a user identifier and an application identifier; acquiring an encryption key, and encrypting the user identifier by the encryption key, to obtain an encrypted user identifier, the encryption key carrying first key information and second key information; generating an authorization credential corresponding to the application access request according to the encrypted user identifier and the first key information; transmitting the authorization credential to the application that is to be accessed, the application that is to be accessed generating an authorization request based on the authorization credential; receiving the authorization request returned by the application that is to be accessed; and accessing, when the authorization request satisfies a preset condition, the application that is to be accessed based on the second key information.

Abstract: Systems are provided for managing access to a log of dataset that is generated when the dataset is accessed. A system stores, with respect to each of a log producer and a log accessor, an encrypted symmetric key for dataset that is encrypted using a corresponding public key. The system returns the encrypted symmetric key for the log producer, such that the log producer can decrypt the dataset that is encrypted using the symmetric key. A log of the dataset is generated when the log producer accesses the dataset.

Abstract: The methods and systems disclosed herein relate generally to temporally prioritizing queries of queue-task partitions based on distributions of flags assigned to bits corresponding to access rights.

Abstract: A cross-domain data access service enables data access across two or more computing domains, such as, for example, transient access by a public device to data held in a private cloud. In particular, the cross-domain data access service can identify a data subset from within a secure datastore of a first computing domain. The cross-domain data access service can replicate the data subset within a transient datastore that is segregated from the secured datastore. The cross-domain data access service can implement a data access policy so as to enable a client device from a second domain to access the transient datastore.

Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

Abstract: Systems and methods for cyber risk analysis and remediation using network monitored sensors are provided herein. An example system includes one or more data collecting devices deployed within a network that collect entity information and monitor network traffic of the network that is related to security information. The network includes computing systems that are subject to a cyber risk policy having breach parameters defining one or more events that are indicative of a cyber security breach. A cyber security risk assessment and management system is used to automatically detect occurrence of one or more of the events that are indicative of a cyber security breach, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of cyber security parameters for the network.

Abstract: A synthetic data generation apparatus codes a value of each of category attributes contained in original data into a value of a numerical attribute in accordance with a coding rule; generates first synthetic data from the original data after coding using a synthetic data generation method for numerical attributes; if the value of the numerical attribute which is contained in the first synthetic data and corresponds to the value of one of the category attributes exceeds a range of values that can be assumed by the value of that numerical attribute, converts the value of that numerical attribute to a value included in the range of values that can be assumed by the value of that numerical attribute; and decodes the value of the numerical attribute which is contained in the first synthetic data after conversion and corresponds to the value of one of the category attributes to the value of that category attribute in accordance with the coding rule to obtain synthetic data.

Abstract: The present disclosure describes systems and methods for aggregation and management of cloud storage among a plurality of providers via file fragmenting to provide increased reliability and security. In one implementation, fragments or blocks may be distributed among a plurality of cloud storage providers, such that no provider retains a complete copy of a file. Accordingly, even if an individual service is compromised, a malicious actor cannot access the data. In another implementation, file fragmenting may be performed in a non-standard method such that file headers and metadata are divided across separate fragments, obfuscating the original file metadata.

Abstract: A method of blocking access to files encrypted with a compromised key by mapping keys and ranges of containers encrypted by the keys. Upon notification that a key is compromised, fencing a container range corresponding to data segments encrypted by the compromised key to prevent deduplication operations on the segments. The method makes a point-in-time copy of the filesystem managing the segments, wherein each file of the file system is represented as tree structure having a root level and other levels. The method iteratively inspects in a level-wise manner, each container in each level of the file trees of the files to identify containers having segments encrypted by the compromised key, and marks files corresponding to the identified containers as not readable to block the access to the files encrypted with the compromised key.

Abstract: A control system for a technical installation, in particular a manufacturing facility or process plant, includes at least one first operator station server and one second operator station server and is configured to initiate the issuance and revocation of certificates for components of the technical installation as part of certificate management, and is configured to publish revocation of a previously issued certificate within the control system as a certificate revocation list, where the control system is configured to store the certificate revocation list on the first operator station server and/or on the second operator station server, where the control system is configured to synchronize the first operator station server and the second operator station server with one another such that a certificate revocation list with identical content is stored on both operator station servers.