Abstract: The disclosed embodiments relate to a system that generates an alert based on information extracted from search results generated by a query. During operation, the system executes the query to generate the search results. The system also obtains configuration information for the alert, wherein the configuration information identifies information associated with the search results, and also specifies a trigger condition for the alert. Next, when the trigger condition for the alert is met, the system uses the configuration information to generate a payload containing the identified information associated with the search results. The system then invokes alert-generating functionality and provides the payload as input to the alert-generating functionality. This enables the alert-generating functionality to use the information from the search results while performing one or more alert actions association with the alert.

Abstract: Systems and methods for ensuring data security. A MAC is computed sequentially for each selected message from a data log that contains at least two messages. To build a data block, a preset encryption key is used for a first message and an encryption key for the previous message is used for subsequent messages. A determination that the data log is compromised can be made based on MAC data block data and an independent calculation of a MAC.

Abstract: In some examples, a system comprises a memory device for storing instructions and a processor which executes instructions causing the system to perform operations comprising receiving an instruction to transfer a state of a first device to a second device, and packaging information relating to the state of the first device in a file. The packaging of the information relating to the state of the first device includes recording each application executing on the first device in a list maintained in the file, and transferring the file containing information relating to the state of the first device to the second device, either directly or indirectly based on an availability of connections between the first device and the second device. The file, when processed by the second device, causes the second device to reproduce the state of the first device. In some example, reproducing the state of the first device includes the second device downloading, from one or more of the locations, one or more of the applications.

Abstract: Aspects of the disclosure relate to providing information security and preventing unauthorized access to resources of an information system by injecting device data collectors into pages and/or other interfaces provided by and/or otherwise associated with an information system. A computing platform may intercept a request for a uniform resource locator from a client computing device based on configuration information identifying the uniform resource locator as being protected. The computing platform may request and receive, from an application server, a page associated with the uniform resource locator. Then, the computing platform may generate a modified version of the page associated with the uniform resource locator by injecting collector code into source code defining the page associated with the uniform resource locator. Subsequently, the computing platform may send, to the client computing device, the modified version of the page associated with the uniform resource locator.

Abstract: The present invention involves with a method of hybrid searchable encryption, involving using at least one first computing device that has a first processor configured to perform steps of: using a first symmetric key to encrypt data so as to obtain a data first ciphertext, using a second symmetric key to encrypt a keyword related to the data so as to obtain a searchable keyword first ciphertext that is related to the data first ciphertext, and saving the data first ciphertext and the keyword first ciphertext in a first memory of a first computing device; and using the first symmetric key to encrypt the keyword so as to generate a keyword second ciphertext, using a first public key to encrypt the keyword so as to obtain a searchable third keyword ciphertext related to the keyword second ciphertext, and sending the keyword second ciphertext and the searchable third keyword ciphertext to a second computing device; wherein the second computing device has a second processor that is configured to perform steps of:

Abstract: There is disclosed in one example a sentinel device, including: a hardware platform including at least a processor and configured to provide a trusted execution environment (TEE); and a security engine operable to instruct the hardware platform to: determine that an internet of things (IoT) device in a first realm R1 requires a secure communication channel with a second device in a second realm R2; query a key server for a service appliance key for the secure communication channel; establish a secure communication channel with the endpoint device using the service appliance key and the TEE; and provide a security service function within R1 including brokering communication via the secure communication channel between the IoT device and the second device.

Abstract: In one example, a method includes obtaining, by a data processing device, first secret data associated with a first user and corresponding to a first location of a remote resource. The method further includes generating, using the first secret data, a first uniform resource locator (URL) usable to obtain the first location, and accessing the first location using the first URL. The method further includes obtaining, in response to transfer of usage rights of the data processing device from the first user to a second user, second secret data associated with the second user and corresponding to a second location of the remote resource. The method further includes generating, using the second secret data, a second URL usable to obtain the second location, and accessing the second location using the second URL. The second location is inaccessible via the first URL. The first location is inaccessible via the second URL.

Abstract: An analytics-based security monitoring system adapted to detect a plurality of behavioral characteristics from behavioral data, each representing an action conducted in a computing environment. Furthermore, the system determines, in accordance with a correlation profile, one or more behavioral fragments, each comprising a plurality of the behavioral characteristics. In accordance with the correlation profile, the one or more determined behavioral fragments are correlated against an attack profile comprising a plurality of sets of behavioral fragments where each set of behavioral fragments forms a malicious behavior pattern of a known attack. Thereafter, an attack based on the correlated one or more determined behavioral fragments may be identified, and the correlation profile is updated after an analysis of the identified attack.

Abstract: The present invention provides for streamlined issuance of certificates and other tokens that are contingent on key attestation of keys from a trusted platform module within a computing platform. Various methods are described for wrapping the requested token in a secret, such as an AES key, that is encrypted to a TPM based key in a key challenge. If the requesting platform fails the key challenge, the encrypted certificate or token cannot be decrypted. If requesting platform passes the challenge, the encrypted certificate or token can be decrypted using the AES key recovered from the key challenge.

Abstract: A system and method for metadata processing that can be used to encode an arbitrary number of security policies for code running on a stored-program processor. This disclosure adds metadata to every word in the system and adds a metadata processing unit that works in parallel with data flow to enforce an arbitrary set of policies, such that metadata is unbounded and software programmable to be applicable to a wide range of metadata processing policies. This instant disclosure is applicable to a wide range of uses including safety, security, and synchronization.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for secure data transmission using natural language. One of the methods includes: obtaining sensitive information for a user; obtaining a natural language key for the user, wherein the natural language key for the user includes one or more natural language tokens; generating decoding data for the sensitive information for the user, wherein generating the decoding data comprises: for each place in the sensitive information for the user: assigning a respective one of the natural language tokens in the natural language key for the user to the value at the place, and generating one or more respective dummy natural language tokens for each value of the respective set of possible values for the place other than the value at the place; and providing the decoding data for use in decoding the natural language key into the sensitive information.

Abstract: A method and system which shows a user contacts that are nearby but protects those contacts' privacy by mixing indistinguishably into the list contacts that are not nearby thus creating an obfuscated list such that user is unable to identify which contacts are nearby and which are not nearby. The user selects contacts the user would want to see if they were nearby. If the user selects a contact who is actually nearby, the system then protects the user's privacy by presenting another obfuscated list to the selected contact. The system discloses proximity only after two users have each mutually selected each other. The system may more broadly be used by showing the user contacts that have any form of matching personal data while still protecting all users' privacy with obfuscated lists until two users have each mutually selected each other.

Abstract: An information handling system performs a method for analyzing attacks against a networked system of information handling systems. The method includes detecting a threat indicator, representing the threat indicator in part by numerical parameters, normalizing the numerical parameters, calculating one or more measures of association between the threat indicator and other threat indicators, finding an association of the threat indicator with another threat indicator based upon the normalized numerical parameters, and assigning to the threat indicator a probability that a threat actor group caused the attack, wherein the threat actor group was assigned to the other threat indicator.

Abstract: Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities' respective business endeavors that involve the relevant vendors, products, or services.

Abstract: A system and method are disclosed for providing internet access to residents of a controlled-environment facility. There are significant dangers associated with provide such residents with Internet access due to their criminal history. However, through the generation, updating and application of strict browsing restrictions, as well as the authentication of multiple forms of identifying information, Internet access can be provided to those residents safely and securely.

Abstract: A client and server system that performs a reinforcement learning-based encryption and decryption method according to an aspect of the present invention may include: a key management module configured to manage an encryption key required in performing an encryption and a decryption of data; a secret sharing module configured to perform a secret sharing of a threshold value for a lifetime and availability of the data; and a threshold estimation module configured to perform an estimation of the threshold value; and can improve the availability and security of data to satisfy user demands in a self-destructing environment for privacy protection.

Abstract: Systems and methods of authenticating a first party to a second party are disclosed. In one embodiment, a method may include an authenticating party: receiving, from an electronic device of a first party, a request to generate authenticating indicia to authenticate the first party to a second party; generating the authenticating indicia; transmitting, over a network, the authenticating indicia to the electronic device of a first party; receiving, from an electronic device of the second party, received authenticating indicia; activating a restriction on use of the electronic device of the second party; determining that the received authenticating indicia is the same as the authenticating indicia; receiving a communication from the electronic device of the first party indicating that the electronic device for the first party is logged in to the same computer network as the first party; and releasing the restriction on the electronic device of the second party.

Abstract: A query is received from a particular endpoint device identifying a particular wireless access point encountered by the particular endpoint device. Pre-existing risk assessment data is identified for the identified particular wireless access point and query result data is sent to the particular endpoint device characterizing pre-assessed risk associated with the particular wireless access point. In some instances, the query result data is generated based on the pre-existing risk assessment data. In some instances, pre-existing risk assessment data can be the result of an earlier risk assessment carried-out at least in part by an endpoint device interfacing with and testing the particular wireless access point.

Abstract: Consistent contextual patterns may confirm ownership. Current usage of mobile and smart devices may be compared to historical usage. If a device is being used as historically observed, then ownership of the device may be confirmed. If, however, the current usage fails to coincide with historical usage, new ownership may be inferred.

Abstract: A method for providing an administration policy to a user device comprising a plurality of applications, the method comprising centrally generating the administration policy to be implemented in the user device, the administration policy comprising at least one of an application administration policy to be used by at least one of the plurality of applications and a client administration policy for the user device; and providing the generated policy to the user device.