Abstract: The instant disclosure illustrates how the privacy and security of activities occurring on distributed ledger-based networks (DLNs) can be enhanced with the use of zero-knowledge proofs (ZKPs) that can be used to verify the validity of at least some aspects of the activities without private information related to the activities necessarily being revealed publicly. Methods and systems that are directed at facilitating the tracking and recovery of assets stolen on ZKP-enabled DLNs while preserving the confidentiality of the tokens are presented herein.

Abstract: The instant disclosure illustrates how the privacy and security of activities occurring on distributed ledger-based networks (DLNs) can be enhanced with the use of zero-knowledge proofs (ZKPs) that can be used to verify the validity of at least some aspects of the activities without private information related to the activities necessarily being revealed publicly. Methods and systems that are directed at facilitating the tracking and recovery of assets stolen on ZKP-enabled DLNs while preserving the confidentiality of the tokens are presented herein.

Abstract: A system for verifying a user identity. The system comprises one or more memory devices storing instructions and one or more processors configured to execute the instructions. The processors are configured to receive information associated with an account of a user. The processors are further configured to generate a first profile, where the first profile being related to the user. The processors also receives an indication that the account is accessed by an accessor through an accessor device; and receive, from the accessor device, identity data comprising a plurality of data subsets associated with the accessor. The processors are configured to store the data subsets in respective clusters. The processors are further configured generate cluster analyses by analyzing the data subsets in respective clusters; and output the cluster analyses to node instances that weighs the cluster analyses outputs.

Abstract: A system performs a method including: generating a posture of a first microservice in a microservice based network environment; implementing the posture of the first microservice at a sidecar of the first micro service; distributing the posture of the first microservice to a sidecar of a second microservice in the microservice based network environment; implementing the posture of the first microservice at the sidecar of the second micro service; and controlling communication of personally identifiable information between the first microservice and the second microservice based on the posture of the first microservice through either or both the sidecar of the first microservice and the sidecar of the second micro service.

Abstract: Exemplary system, method, and computer-accessible medium for transmitting or generating an encrypted message(s) to or for a receiver(s) from a sender(s), can be provided, which can include, for example, generating an electronic public key(s) and an electronic private key(s) for the sender(s), generating first information based on (i) data of the sender(s), (ii) a state(s) of the sender(s), and/or (iii) a type of the sender(s), electronically selecting an electronic message signal(s) and a time stamp(s) based on the first information, generating a message(s) based on the electronic message signal(s) and the time stamp(s), generating the encrypted message(s) by encrypting the message(s) using the electronic private key(s), and transmitting the encrypted message(s) to the receiver(s).

Abstract: Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.

Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: One aspect provides a method of authenticating a user of a user device, the method comprising: receiving motion data captured using a motion sensor of the user device during an interval of motion of the user device induced by the user; processing the motion data to generate a device motion feature vector, inputting the device motion feature vector to a neural network, the neural network having been trained to distinguish between device motion feature vectors captured from different users; and authenticating the user of the user device, by using a resulting vector output of the neural network to determine whether the user-induced device motion matches an expected device motion pattern uniquely associated with an authorized user, the neural network having been trained based on device motion feature vectors captured from a group of training users, which does not include the authorized user.

Abstract: A method includes receiving a request to migrate a virtual machine executing on a source host computer system to a first destination host computer system. The method further includes receiving, from the virtual machine executing on the source host computer system, an encryption key specific to the virtual machine. One or more memory pages associated with the virtual machine are encrypted using the encryption key specific to the virtual machine. The method further includes causing the one or more memory pages associated with the virtual machine to be copied to the first destination host computer system.

Abstract: Data may be stored by receiving the data to be stored, determining whether the data is regulated in a jurisdiction, and, responsive to the determination, selecting between a regulated storage scheme, requiring that the data be stored and/or processed in the jurisdiction in accordance with one or more laws pertaining to the jurisdiction, and an unregulated storage scheme, in which the data is not required to be stored in the jurisdiction and/or is not required to be stored in accordance with the one or more laws. Further, the regulated storage scheme may be followed by initiating storage of the data in the jurisdiction in accordance with the one or more laws.

Abstract: A computer-implemented method at a data management system comprises: receiving, at a storage appliance from a server hosting a virtual machine, a write made to the virtual machine; computing, at the storage appliance, a fingerprint of the transmitted write; comparing, at the storage appliance, the computed fingerprint to malware fingerprints in a malware catalog; repeating the computing and comparing; and disabling the virtual machine if a number of matches from the comparing breaches a predetermined threshold over a predetermined amount of time.

Abstract: At least a static analysis and a dynamic analysis to perform for a first software application are determined based, at least in part, on a profile of the first software application. The first software application is analyzed with the static analysis to generate static analysis results. The first software application is analyzed with dynamic analysis to generate dynamic analysis results. An assessment report is generated based on the static analysis results and the dynamic analysis results, wherein the assessment report indicates a security score of the first software application that is based, at least in part, on the static analysis results and the dynamic analysis results.

Abstract: This application provides a key distribution method, an apparatus, and a system, includes: determining, by an identity management server based on AAA authentication information, whether AAA authentication on the terminal succeeds; if the AAA authentication succeeds, sending the ID of the terminal to a key management server; and generating, by the key management server, a private key of the terminal and returning the private key to the management server. After negotiating with the terminal to generate a first key, the identity management server encrypts the ID and the private key of the terminal, and sends an encrypted ID and an encrypted private key to the terminal. The terminal obtains the ID and the private key of the terminal. According to the key distribution method, apparatus, and system provided in this application, communication security performance of the terminal during ID-based registration authentication is improved.

Abstract: Systems, methods, and non-transitory computer-readable media can determine a content item being posted to a social networking system. A selection of an option to obfuscate at least one portion of the content item can be determined. The at least one portion of the content item can be obfuscated.

Abstract: A blockchain-based data distribution management method according to an embodiment is performed by a computing device. The method includes generating a plurality of shards by fragmenting a first information, requesting a first block event for distributed storage of the plurality of shards in a plurality of off-chain storages to a blockchain network, and transmitting the plurality of shards to the plurality of off-chain storages, wherein a second information indicating a history of the plurality of shards distributed and stored in the plurality of off-chain storages is recorded in the blockchain network through the first block event, wherein when a predetermined number or more of shards among the plurality of shards are collected, the first information is restored from the collected predetermined number or more of shards.

Abstract: A system for securing electronic devices includes a processor, non-transitory machine readable storage medium communicatively coupled to the processor, security applications, and a security controller. The security controller includes computer-executable instructions on the medium that are readable by the processor. The security application is configured to determine a suspicious file from a client using the security applications, identify whether the suspicious file has been encountered by other clients using the security applications, calculate a time range for which the suspicious file has been present on the clients, determine resources accessed by the suspicious file during the time range, and create a visualization of the suspicious file, a relationship between the suspicious file and the clients, the time range, and the resources accessed by the suspicious file during the time range.

Abstract: Systems and methods for validating credentials are disclosed. One example method, performed by one or more processors of a computing device associated with a neural network, includes training the neural network to infer validity information for encrypted credentials received from a credential source, wherein the validity information is inferred without decrypting the encrypted credentials, receiving a first encrypted credential from the credential source, generating an encrypted validity indicator for the first encrypted credential based on the validity information inferred by the neural network, and providing the encrypted validity indicator to the credential source.

Abstract: A method and a system for restricting access to automotive data in a regulated automotive data distribution network are provided herein. The method may include the following steps: receiving a plurality of automotive data sharing rules from automotive data sharing regulations; receiving data sharing restrictions applicable to at least some of the automotive data; generating a data sharing policy based on the automotive data sharing rules and the data sharing restrictions; and applying the data sharing policy to the automotive data to restrict one or more data consumers from accessing all or portions of the automotive data. The system may implement the steps of the aforementioned method using a regulated data distribution server such as a neutral server for automotive data.

Abstract: The systems and methods of enabling a collaborative application on a private network, comprising: establishing a secure and encrypted private network with a whitelist of two or more profiles using alias and digital keys; hosting an application on a computing device associated with a first profile on the whitelist; enabling the application to accept content using an application program interface, broadcasting the application with digital signature of the first profile to the profiles on the whitelist of the private network; receiving a request to send content to the application with digital signature from a second profile on the whitelist; automatically updating the content of the application after validation of the request; broadcasting the update notification to all the profiles on the whitelist of the private network.

Abstract: A method for using a self-signed digital certificate for establishing a secure connection between an Extensible Provisioning Protocol (EPP) client and a server on a communications network, including: receiving a communicated self-signed certificate from the EPP client; obtaining a unique identifier of the EPP client, the unique identifier associated with a domain name stored in a Domain Name System (DNS); using the unique identifier to access a designated DNS record in a DNS zone of the DNS associated with the domain name; retrieving the copy of the digital certificate from the designated DNS record, the copy of the digital certificate containing a public key of the EPP client bound to the domain name; authenticating the copy of the digital certificate with the communicated self-signed certificate; and receiving a generated session key from the EPP client to establish the secure connection over the communications network with the EPP client.