Abstract: An example operation may include one or more of receiving a file from a content owner node, by a file processor node, dividing the file into a plurality of chunks by the file processor, placing, by the file processor, the plurality of chunks on blockchain nodes, and generating a file storage plan comprising locations of the plurality of the chunks.

Abstract: A service providing method comprises: receiving a microservice access request, which carries an identity authentication credential, transmitted by a client device; authenticating the client device's identity based on the identity authentication credential; determining a target microservice corresponding to the client device if the authentication of the client device's identity is successful; and providing the client device with the target microservice via a target application programming interface corresponding to the target microservice.

Abstract: Method and system for determination of authenticity of an electronic document by comparing the document in question with itself at a later date or with a copy thereof, which method comprises two phases wherein the first phase is the entry of the original document and the second phase is the verification of the identity between the document to be authenticated and the original one. The method requires a double levelled system comprising of a satellite system accessible by the user and a central core system. Only values which are derived from the document in a predetermined way are stored in the core system and the core system generates an individual first code which is associated with the document. During verification a transformed control value is generated in the same way as previously from the document and the associated code, then based on the first code following a transformation access is provided to the transformed control value stored in the core system.

Abstract: Providing security functions in an IoT device can comprise executing, by a TPM of the IoT device, a set of cryptographic functions. The set of cryptographic functions can comprise providing a secure unidirectional uplink from the IoT device to one or more communications networks. The set of cryptographic functions can also be executed by a second TPM to provide a secure unidirectional downlink from the one or more communications networks to the IoT device. The processor of the IoT device need not perform cryptographic functions and the processor of the IoT device and a memory of the IoT device can be outside of a secure boundary maintained by the first TPM and the second TPM. Cryptographic information to provide the secure unidirectional uplink and the secure unidirectional downlink can be exchanged between the first TPM and the second TPM.

Abstract: Devices and techniques are generally described for fraud detection. In various examples, a first plurality of requests are received over a first time period. In at least some examples, the first plurality of requests may be requests to access a first service. A hierarchical data representation comprising an ordered set of values may be determined for each request of the first plurality of requests. A first subset of the first plurality of requests may be determined. The hierarchical data representation associated with each request of the first subset may include fewer than a threshold number of value substitutions relative to each other hierarchical data representation of the first subset of the first plurality of requests. Access to the first service may be prevented by subsequent requests associated with the first subset of the first plurality of requests.

Abstract: A method for document authorization and distribution is provided. The method is based on a system including a repository server, communicating with or hosting a repository; a blockchain network, including a plurality of peers; and a plurality of user devices, each communicating with the repository server or the blockchain network. The repository contains a plurality of published documents. A plurality of document publication records, a plurality of document dissemination records, and an access control smart contract are distributed over the peers. The method includes: when an access request for a published document is submitted by a user from a user device, retrieving the published document; verifying the document access right; encrypting the published document with a document password encrypted using the user's public key; signing and posting a document dissemination record, including the document password; and placing the document contents and a signed document hash value in a container document.

Abstract: There is a need for solutions for efficiently and reliably maintain data security policies. This need can be addressed by, for example, solutions for performing dynamic security enforcement in a data interaction platform. In one example, a method includes determining a security profile for a data object; receiving a data access request associated with the data object, wherein the data access request is associated with one or more runtime parameters associated with the data access request; determining, based at least in part on the one or more runtime parameters; determining, based at least in part on the selected security environment and the security profile, a selected access level of the plurality of access levels for the data object; and processing the data access request based at least in part on the selected access level.

Abstract: A packet-filtering network appliance protects networks from threats by enforcing policies on in-transit packets crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their flows are sent to cyberanalysis applications located at security operations centers (SOCs). Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, generating a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses. The present disclosure describes incident logging that efficiently incorporates logs of many flows that comprise the incident, potentially reducing resource consumption while improving the informational/cyberanalytical value for cyberanalysis when compared to the component flow logs. Incident logging vs. flow logging can be automatically and adaptively switched on or off.

Abstract: An example method includes obtaining, by a processor on an end user device, from an operating system of the end user device, a permission to access the operating system by a malicious software management application, receiving, by the processor via the malicious software management application from the operating system, a first set of click information indicative of a set of clicks detected by an input-output interface of the end user device and a second set of click information indicative of a set of clicks detected by a web browser of the end user device, identifying, by the processor via the malicious software management application based on the first and second sets of click information, a presence of a click generating application on the end user device, and initiating, by the processor via the malicious software management application based on the presence of the click generating application, a mitigation action.

Abstract: Systems and methods are disclosed herein for activating a sensor of a client device by toggling, at the client device, a position of a switch that connects the sensor to a power source of the client device to an on position. The client device receives user input corresponding to a privacy mode. In response to receiving the user input, the client device disables the sensor by toggling the position of the switch that connects the sensor to the power source to an off position, and enables a privacy indicator by toggling a position of a switch that connects the privacy indicator to a power source to an on position.

Abstract: Techniques for secure public exposure of digital data include extracting n chunks, each containing Q bits, n=2(Q+1). A random mapping of each chunk to only one batch of M numbered batches is determined and stored securely. A bit based on a random key is combined at a location based on batch number with each of the chunks in the batch to produce a batch of enhanced chunks, each containing Q+1 bits. This is repeated with each non-overlapping batch of chunks, each enhanced chunk of the batch having one bit based on a different bit from the key. A unique set of the enhanced chunks is combined with a XOR to produce an encoded chunk, every bit of which is based on a bit from the key. An encoding vector B that indicates the unique set is stored securely. The encoded chunk can be safely exposed publically.

Abstract: Systems and methods determine whether domain names are potentially maliciously registered variants of a set of monitored domain names. A computer system can receive domain names from a feed of newly registered domain names. For each received domain name, the computer system can generate a series of images of the domain name in different fonts and/or with various distortions applied thereto. The computer system can then transform the domain name images back to text via optical character recognition. Due to the differences in fonts and/or distortions applied to the generated images of the received domain name, the optical character recognition process can produce different text strings than the originally received domain name. The converted textual domain names are then analyzed to determine whether any one is sufficiently similar to a monitored domain name, indicating that the received domain name could be a malicious variant thereof.

Abstract: Embodiments of the present invention provide a method, system and computer program product for co-dependent document container management. Co-dependent document container management includes loading into memory of a computer, a document container encapsulating a document, a co-dependency rule assigning a dependency of access to the document upon a specific geographic location, and co-dependency document access program code. The program code of the container may be executed in the memory of the computer causing the retrieval of a geographic position of the computer, the application of the co-dependency rule to the retrieved geographic position and, on condition that the geographic position of the computer satisfies the co-dependency rule, the location of a document viewer registered in the computer to render the document and the direction of the computer to launch the document viewer with the document as input to the document viewer.

Abstract: There is disclosed a method for identifying malicious activity, the method being executable by a supervisory electronic device. The method comprises accessing, a log to retrieve usage information associated with at least a portion of the plurality of electronic devices; analyzing the usage information to identify a subset of electronic devices; analyzing a list of network resources accessed; executing, by the supervisory electronic device a polling robot, the polling robot configured to: transmit to each of the list of network resources a ping message, the ping message having a first pre-determined format having been generated based on the malicious activity; analyzing, the response message; responsive to the response message having a second pre-determined format, the second pre-determined format having been identified based on the pre-determined type of malicious activity: determining that an associated network resource having generated the response message is associated with malicious activity.

Abstract: A method of identifying cryptocurrency mining on a networked computerized device includes intercepting network traffic between the networked computerized device and a public network, and extracting Internet Protocol (IP) packet data of the intercepted network traffic. The IP packet data of the intercepted network traffic is evaluated such that if the intercepted network traffic is determined to be characteristic of communication with a cryptocurrency mining pool it is determined that the networked computerized device is mining cryptocurrency. One or more remedial actions are taken if it is determined that the networked computerized device is mining cryptocurrency, such as blocking traffic between the networked computerized device and the mining pool or notifying a user.

Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.

Abstract: An example system includes a processor to receive a current session and previous sessions associated with an account. The processor can split the current session and the previous sessions into action windows. The processor can calculate a window similarity score for each action window of the current session using a pair-wise comparison with action windows of each of the previous sessions. The processor can aggregate the window similarity scores to generate a replay likelihood score for the current session with respect to each of the previous sessions. The processor can classify the current session as a replay attack in response to detecting that a replay likelihood score of the current session exceeds a threshold.

Abstract: A content management device includes: a storage that stores (a) a content generated by imaging performed by a first terminal that is at least one of a plurality of terminals, (b) a time at which the imaging of the content was performed, and (c) a history indicating whether each of one or more terminals among the plurality of terminals excluding a second terminal received, during a period that includes the time at which the imaging was performed, a beacon signal transmitted from the second terminal by radio waves, the second terminal being at least one of the plurality of terminals; and a manager that manages the content as a permissible content that is permitted to be presented by the plurality of terminals when determining, with reference to the storage, that each of the one or more terminals received the beacon signal during the period.

Abstract: In an industrial system, a data capture apparatus can be configured to operate as a unidirectional communication connection between a private network and a public network. The data capture apparatus can be further configured to time stamp data, for instance digitally sign data with a time stamp, so as ensure data integrity over the unidirectional communication connection, while maintaining physical isolation between the private network and public network.

Abstract: A method for controlling the transfer of data through a firewall. The method includes one or more computer processors establishing a first communication channel between a first server and a second server. The method further includes transmitting, via the first communication channel, information related to a pending transmission of data from the first server to the second server. The method further includes receiving from the second server, via the first communication channel, a set of security information associated with accessing the second server via a second communication channel. The method further includes establishing the second communication channel between the first server and the second server based on the set of security information received from the second server. The method further includes transmitting the data from the first server to the second server utilizing the established second communication channel.