Abstract: A method for securing execution of software containers using security profiles. The method comprises receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image, wherein the generated security profile includes at least a spawned processes profile, wherein the security profile is of the container image corresponding to the application container; monitoring the operation of a runtime execution of the application container; and detecting a violation of the spawned processes profile based on the monitored operation.

Abstract: Encrypted user data are received at a service device from at least one user equipment, and the user data is encrypted in a trusted zone of the at least one user equipment. The encrypted user data then be decrypted in a trust zone of the service device by a first central processing unit (CPU) to obtain decrypted user data. A model is trained by using the decrypted user data to determine a training intermediate value and a training effective representative value, and a determination is made whether the training effective representative value satisfies a specified condition is determined. If so, the trained model is generated based on a model parameter. Otherwise, a model parameter is iterately adjusted and the model is iteratively trained based on an adjusted model parameter until the trained effective representative value satisfies the specified condition.

Abstract: Systems and methods are provided for monitoring information-security coverage to identify a vulnerability or risk in the information-security coverage. An information-security system can include computing systems, databases, a security server, etc. that can communicate data via a network. The server can be used to obtain data indicating a process for managing or monitoring information-security in the system and data indicating activity on the network, computing systems, server, or databases. The server then determines a metric based on the obtained data and the metric can indicate a risk or vulnerability in information-security coverage in the system. The server can then aggregate the data and transmit the aggregated data to a computing device. The computing device can generate an interface for outputting data for monitoring information-security coverage or identifying a vulnerability or risk in information-security coverage, which can improve the security of the information-security system.

Abstract: Apparatuses and methods associated with authenticated production are disclosed herein. In embodiments, a digital fingerprint processor may be configured to: identify an activation of at least one of the one or more machines to attempt to produce or manufacture at least one of physical product or physical manufacture; responsive to completion of one or more operations associated with the activation by the one or more machines, acquire digital image data of a portion of a physical object on or inside the one or more machines; analyze the digital image data to form a digital fingerprint of the physical object, wherein the digital fingerprint is responsive to structure of the physical object; and store the digital fingerprint in a database record of the database system. Other embodiments may be disclosed or claimed.

Abstract: Disclosed herein is a technique that can selectively display secure content on a computing device. The technique can detect both lock and unlock events and issue appropriate control signals that cause an application to display a more secure version of the application when necessary based on a particular UI context file. The UI context file can specify a configuration that includes pre-configured hidden or removed UI elements that do not need to be adjusted at runtime. Moreover, the technique can seamlessly pivot to a different UI context file that specifies a configuration of the application that allows the user to experience the full-capabilities of the application when the computing device is in an unlocked-mode.

Abstract: A system for distributed key storage, comprising a requesting device communicatively connected to a plurality of distributed storage nodes, the requesting device designed and configured to receive at least a confidential datum, select at least a distributed storage node of a plurality of distributed storage nodes, whereby selecting further comprises receiving a storage node authorization token from the at least a distributed storage node, querying an instance of a distributed authentication listing containing authentication information using at least a datum of the storage node authorization token, retrieving an authentication determination from the instance of the authentication listing, and selecting the at least a distributed storage node as a function of the authentication determination, generate at least a retrieval authentication datum, and transmit the at least a confidential datum and the at least a retrieval verification datum to the at least a distributed storage node.

Abstract: Secure analytics using homomorphic and injective format-preserving encryption are disclosed herein. An example method includes encoding an analytic parameter set using a homomorphic encryption scheme as a set of homomorphic analytic vectors; transmitting the set of homomorphic analytic vectors to a server system; and receiving a homomorphic encrypted result from the server system, the server system having utilized the homomorphic encryption scheme and a first injective, format-preserving encryption scheme to evaluate the set of homomorphic analytic vectors over a datasource.

Abstract: An authentication request including at least one of a user identifier and a wearable device identifier of a user is received at a server from a terminal. The server stores a relationship between the user identifier, the wearable device identifier, and a server authentication key. Downlink authentication information is acquired by the server. A detection instruction including the downlink authentication information and the wearable device identifier is issued to the terminal. A detection acknowledgment returned by the terminal is received by the server. The detection acknowledgment includes uplink authentication information generated by a wearable device designated in the detection instruction, according to a device authentication key and the downlink authentication information. The device authentication key is the same as, or corresponds to, the server authentication key.

Abstract: Techniques for determining whether a public encryption key is vulnerable as the result of deficiencies in pseudorandom number generation algorithms are provided. In some embodiments, a system may compile a database of cryptographic information received from a plurality of sources, including databases, and network traffic monitoring tools. RSA public keys extracted from the cryptographic information may be stored in an organized database in association with corresponding metadata. The system may construct a product tree from all unique collected RSA keys, and may then construct a remainder tree from the product tree, wherein each output remainder may be determined to be a greatest common divisor of one of the RSA keys against all other unique RSA keys in the database. The system may then use the greatest common divisors to factor one or more of the RSA keys and to determine that the factored keys are vulnerable to being compromised.

Abstract: Methods, systems, and devices, including computer programs encoded on computer storage media, for security scanning a mini program are provided. One of the methods includes: obtaining a target mini program to be released, invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program; and when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server. The multi-dimensional security scanning may include malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program.

Abstract: Methods, systems, and computer-readable media for using a multi-tenant web relay service to provide secure access to on-premises web services from a tenant-specific cloud service are described herein. In one or more embodiments, a multi-tenant web relay service may receive from a tenant-specific cloud service a connection request to an on-premises web service hosted within a tenant datacenter. The connection request may comprise data indicating a display-friendly name of the web service and the tenant datacenter. Responsive to receiving the request, the web relay service may forward the connection request to the on-premises web service via a rendezvous support service and a web relay agent. Responsive to receiving the connection request, the on-premises web service may generate a response which may be relayed back to the tenant-specific cloud service by the multi-tenant web relay service.

Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSII user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

Abstract: Embodiments of this disclosure are directed to an execution profiling handler configured for intercepting an invocation of memory allocation library and observing memory allocation for an executable application process. The observed memory allocation can be used to update memory allocation meta-data for tracking purposes. The execution profiling handler can also intercept indirect branch calls to prevent heap allocation from converting to execution and intercept exploitation of heap memory to block execution.

Abstract: This invention amounts to tools and procedures designed to use randomness sources to establish a secure communication between two nodes in cyber space, and then building on these bilateral trust elements to spread trust throughout the network. Applications include online identity management, and secure payment platforms. This trust build-up from bilateral connections may serve as a blockchain alternative. The bilateral trust solution is not based on mathematical complexity, as the prevailing solutions, but rather on the perfect unpredictability of quantum grade randomness, and as such it is well positioned to withstand cryptanalytic attacks based on quantum computing capability now secretly developed by powerful adversaries.

Abstract: Provided are methods and systems for performing a secure probabilistic analytic using an encrypted analytics matrix. An example method includes acquiring, by a client, an analytic, analytic parameters associated with the analytic, and a homomorphic encryption scheme including a public key for encryption and a private key for decryption. The method further includes generating, using the encryption scheme, an analytic matrix based on the analytic and analytic parameters, and sending the analytic matrix and the encryption scheme to at least one server. The method includes generating, by the server and based on the encryption scheme, set of terms from a data set, evaluating the analytic matrix over the set of terms to obtain an encrypted result, and estimating a probabilistic error of the encrypted result. The method further includes sending, by the server, the encrypted result and the probabilistic error to the client where the encrypted result is decrypted.

Abstract: A data transmission method and apparatus are disclosed that resolves a technical problem where an existing data encryption algorithm offers poor security during transmission of data. The solution includes obtaining, by a first terminal, a data transmission request sent by a second terminal, the data transmission request at least carrying first encrypted data that is obtained by encrypting first exchange key of the second terminal by using a private key of the second terminal. The solution further includes decrypting, by the first terminal, the first encrypted data by using a public key of the second terminal to obtain the first exchange key, and obtaining a shared key of the first terminal and the second terminal according to the first exchange key. The solution further includes encrypting, by the first terminal, to-be-transmitted data by using the shared key to obtain encrypted to-be-transmitted data, and sending the encrypted to-be-transmitted data to the second terminal.

Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.

Abstract: A quantum direct communication with user authentication and an apparatus using the same. The quantum direct communication method includes performing verification of security of a quantum channel using a preset channel verification probability and a quantum state source generated by a receiver of quantum direct communication, performing user authentication using one or more of a preset user authentication probability, the quantum state source, and an authentication key shared between the receiver and a sender, stopping quantum direct communication and resetting the quantum channel when the verification of security of the quantum channel fails, and stopping quantum direct communication when the user authentication fails.

Abstract: A user terminal using cloud service, an integrated security management server for the user terminal, and an integrated security management method for the user terminal. The integrated security management method includes receiving, by an integrated security management server, authentication information from at least one user terminal that use a cloud service, authenticating, by the integrated security management server, the user terminal using the authentication information, transmitting, by the integrated security management server, task information to the user terminal so as to control the user terminal, receiving, by the integrated security management server, at least one of a result of processing the task information and state information from the user terminal that verifies the task information, and managing, by the integrated security management server, a state of the user terminal based on at least one of the result of processing and the state information.

Abstract: Content individualization, including: encrypting a first part of a source data set using a first key creating a first encrypted data set; encrypting a second part of the source data set using a second key creating a second encrypted data set; encrypting the second part of the source data set using a third key creating a third encrypted data set; and combining the first encrypted data set, the second encrypted data set, and the third encrypted data set to form a final encrypted data set. Key words include watermarking and content individualization.