Abstract: A computer implemented method includes receiving data on which to perform elliptic curve digital signature algorithm (ECDSA) and mapping ECDSA computations from affine coordinates to projective coordinates. A complete addition formula is executed on the data with operations changing based on bits of a secret key by minimizing execution time and power consumption differences via a finite adder. Modular multiplications are executed via a finite multiplier module. At least one countermeasure selected from the group consisting of randomizing a base point, generating a secret key using a two random number seed random number generator, using a randomized secret key to generate a signature, and randomizing signature generation is executed.

Abstract: The present invention is a security system and method for hardening a digital system. The security system includes a plurality of scanners loaded in various hosts provided by digital devices of the digital system. Each scanner is configured to perform scanner operations and use communication paths to communicate with other scanners in the security system. The decentralized nature of the scanners and the ability to communicate amongst the various scanners provides the ability to quickly assess and monitor the entire digital system thereby providing the ability to quickly prevent, detect and respond to malicious attacks.

Abstract: A process, system and medium for building a training set and performing supervised training of a Machine Learning (ML) model that determines a risk score used to decide whether to impose stepped up authentication during an authentication journey are described. The process includes selecting examples of completed authentication journeys, including failed and successful authentication outcomes after step-up requirements during the example journeys. The process includes pairing ground truth outcomes from the example journeys with authentication request features initially available prior to imposition of the step-up requirements to produce request feature-outcome pairs. The process includes using at least the request feature-outcome pairs to perform the supervised training of the ML model to determine a risk score that can be used to decide whether to impose the stepped up authentication during an authentication journey. The system and medium are configured to execute the process.

Abstract: Disclosed are a system and method of establishing secure communications between nodes in a cloud environment. The method includes receiving a registration of a first user at a quantum processor service provider, receiving at the quantum processor service provider a request for authentication of the first registered user, the request comprising at least the password and the registration number, when the password and registration number match stored data at the quantum processor service provider for the first registered user, generating an EPR entangled pair and transmitting the EPR entangled pair to a first computing device of the first registered user, wherein the first registered user utilizes the EPR entangled pair in order to communicate with a second computing device associated with a second registered user. The quantum processor service provider can include a quantum EPR (Einstein Podoslky and Rosen) processor (QEP) and a logically co-located computer server.

Abstract: A method if provided for securely processing digital information performed by a secure element having a secure processor. The method includes loading the digital information from an external memory into the secure element; segmenting the digital information into words of digital information (Wij,k), generating error-detection codes or error-correction codes from said words of digital information and associating said error-detection codes with the corresponding words; transferring the words of digital information and the associated error-detection codes or error-correction codes to the secure processor; and in the secure processor, verifying the words of digital information based on the associated error-detection codes or error-correction codes before processing the digital information contained in said words.

Abstract: Instructions to generate a seed via quantum random number generation for cryptographic synchronization within a federated quantum computing environment comprising a quantum computing system and one or more second quantum computing systems are received by the quantum computing system. Information descriptive of one or more characteristics of (a) the quantum computing system, or (b) some other computing entity of the federated quantum computing environment is obtained. A seed chunk size is determined based at least in part on the one or more characteristics. The seed is generated for cryptographic synchronization, wherein a size of the seed is equivalent to the seed chunk size. The seed is provided to the one or more second quantum computing systems.

Abstract: Systems and methods are provided for a content-based security for computing devices. An example method includes identifying content rendered by a mobile application, the content being rendered during a session, generating feature vectors from the content and determining that the feature vectors do not match a classification model. The method also includes providing, in response to the determination that the feature vectors do not match the classification model, a challenge configured to authenticate a user of the mobile device. Another example method includes determining a computing device is located at a trusted location, capturing information from a session, the information coming from content rendered by a mobile application during the session, generating feature vectors for the session, and repeating this until a training criteria is met. The method also includes training a classification model using the feature vectors and authenticating a user of the device using the trained classification model.

Abstract: Embodiments of the present application relate to a method for policy enforcement, a system for policy enforcement, and a computer program product for policy enforcement. A method for policy enforcement is provided. The method includes receiving a host information profile report from a client device, and enforcing a security policy for network access based on the host information profile report. The host information profile report includes device profile information associated with the client device.

Abstract: The technology disclosed relates to method and system of monitoring and controlling exfiltration of enterprise data stored on the cloud computing service (CCS). The method and system includes using a cross-application monitor to detect a could service application programming interface (API) in use and a function or activity being performed via the CCS API. The method and system determines the function or activity by parsing a data stream based on the CCS API and identifies a content of the enterprise data subject to content control by the application of a content inspection rule data subject to content control. The method and system selects a security action being applied to the enterprise data to prevent exfiltration based on the classification of the inspected data and policies applicable to the content subject to content control.

Abstract: Systems and methods for pairing-less device connectivity are disclosed. For example, a group of primary devices are authorized to establish a non-bonded connection with a given secondary device. When the secondary device is in proximity of at least one of the group of primary devices, that primary device may receive a wireless beacon from the secondary device. The system may identify the primary device as an authorized device, perform user presence confirmation processes, and send a command to the primary device to establish the non-bonded connection. Encryption using a network layer or a presentation layer and an application layer of a computer network, instead of a link layer, is utilized for secure data transmission over the non-bonded connection.

Abstract: A system encrypts and decrypts e-mail, messages, and other digital data. By using quantum random number generators, the system has improved data security. Using a quantum random number, an agent (at a sender side) generates an encryption key which is used to automatically encrypt a message. The encryption key is stored at a key server. The encrypted message will be sent by an application using its standard transmission means such as SMTP, SMS, and others. The encrypted message can be automatically unencrypted by using an agent (at a recipient side) and retrieving the key from the key server. The system also provides an optional double encryption, where the message is encrypted with a user-generated password before being encrypted using the encryption key.

Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat identified in an alert, a threat disposition score (TDS) is retrieved. The TDS is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The TDS is based in part on an effectiveness of a prior calculated TDS to predict a particular historical disposition associated with the alert. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.

Abstract: A network security system includes a network interface configured to connect to a public wide area network and a first malicious activity detection subsystem configured to extract from textual sources on the network different threat levels in a first threat category for addresses on the wide area network. One or more further malicious activity detection subsystems are configured to extract from textual sources on the network different threat levels in one or more further threat categories. A weighting subsystem is configured to provide weighted threat levels for addresses on the wide area network for the first and further malicious activity detection subsystems. A scoring subsystem is responsive to the weighting subsystem to derive an aggregated, weighted threat score for each of the network addresses. An address proximity engine can determine a measure of logical proximity of network addresses independently of any measure of physical proximity between them.

Abstract: A mobile device performs authentication with blinded tokens and swaps its international mobile subscriber identity (IMSI) value. For authentication with blinded tokens, the mobile device generates a blinded token and provides it to a server to encrypt. To redeem the token, the mobile device unblinds the encrypted blinded token and provides it to the server along with a public key. To complete authentication, the mobile device receives, from the server, a nonce encrypted with the public key and decrypts the nonce with a private key. For swapping its IMSI value, the mobile device retrieves two eSIM profiles with corresponding IMSI values and configures the first of the two profiles as active. In response to a trigger, the mobile device changes the active profile from the first to the second, swaps the first IMSI value with a new IMSI value, and changes the active profile back to the first profile.

Abstract: Classifying electronic communications is disclosed. An electronic communication is received. A first likelihood that a potential recipient of the electronic communication would conclude that the communication was transmitted on behalf of an authoritative entity is determined. An assessment of a second likelihood that the received communication was transmitted with authorization from the purported authoritative entity is performed. The electronic communication is classified based at least in part on the first and second likelihoods.

Abstract: A method for detecting outliers in processes running in a group of machines. A clustering stage, carried out at a first frequency, including fetching a list of software contained in all machines, calculating tf-idf value for each installed software and for each machine, performing clustering of the machines by applying a clustering algorithm and using a Jaccardian weighted distance method between machines based on the tf-idf values. A preliminary outliers detection stage, carried out at a second frequency greater than the first frequency, including fetching information of processes running in the machines, for each cluster calculating tf-idf values for each process, wherein if a tf-idf value is greater than a first predetermined threshold, the process is considered as outlier, for all clusters calculating itf-idf value for each process considered as outlier, and if a itf-idf value is lower than a second predetermined threshold, the process is confirmed as outlier.

Abstract: A key management device according to an embodiment is a key management device managing an application key for encrypting a communication in an application network including a plurality of applications. The key management device includes a hardware processor configured to function as a collection unit, a calculation unit, a determination unit, and a communication unit. The collection unit collects, using quantum key distribution (QKD), resource information indicating a resource of a link for which a link key is generated. The calculation unit calculates metric for a key relay route including the link on the basis of the resource information. The determination unit determines a key relay route from among a plurality of key relay routes on the basis of the metric. The communication unit uses the key relay route determined by the determination unit to send, to a destination, an application key encrypted with the link key.

Abstract: The invention provides improved methods and corresponding systems for the sharing, storage, creation and accessing of data stored on a blockchain eg the Bitcoin blockchain. It may form part of a protocol for searching the blockchain for content/data. A method in accordance with the invention may be used for associating or linking data stored within (separate/different) blockchain transactions to enable the identification, retrieval and/or sharing of data stored therein. Additionally, or alternatively, it facilitates identification of transactions (TX) in a blockchain which store content/data that needs to be shared, transmitted, stored and/or accessed by a user. Such a method comprises the step of mapping a mnemonic to: 1) a public key (PK) associated with the transaction (TX); and 2) the transaction ID (TXID) of the transaction (TX).

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.

Abstract: A system and method for identifying computing interface calls using communications protocols. A method includes extracting data from a communications session involving communication between a first computing interface and a second computing interface, wherein the communication between the first computing interface and the second computing interface is implemented via a plurality of communication protocol layers, wherein extracting the data from the communications session further comprises building at least one layer of the plurality of communication protocol layers based on a portion of the data extracted from at least one other layer of the plurality of communication protocol layers; duplicating traffic for the communications session based on the extracted data, wherein duplicating the traffic further comprises converting the extracted data into a unified data modeling format; and identifying at least one computing interface call based on the duplicated traffic.