Abstract: Disclosed herein are systems and methods of executing scanning software, such an executable software program or script (e.g., PowerShell script), by a computing device of an enterprise, such as a security server, may instruct the computing device to search all or a subset of computing devices in an enterprise network. The scanning software may identify PowerShell scripts containing particular malware attributes, according to a malicious-code dataset. The computing system executing the scanning software may scan through the identified PowerShell scripts to identify particular strings, values, or code-portions, and take a remedial action according to the scanning software programming.

Abstract: Techniques are disclosed for providing dynamic threat treatment for a software defined networking (SDN) environment. In one example, a software defined networking controller comprises one or more processors, wherein the one or more processors are configured to: determine that a security device of a network has detected a threat; apply the threat to a threat treatment model, wherein the threat treatment model is generated based on threat treatment information that includes one or more steps used to resolve previous instances of the threat or previous instances of similar threats; and generate one or more treatment processes to resolve the threat based on the threat treatment model.

Abstract: The present embodiments relate to entry and management of identifiers and credentials. The present embodiments display a credential affordance that, upon selection, provides a credential-assistance user interface for enabling swift access to various credential and management options. The credential affordance can be displayed based on a determination by electronic device that a webpage includes a text entry field associated with a set of one or more restricted resources (e.g., document and/or webpage).

Abstract: Methods and systems are provided for restoring access for user accounts when suspicious activity is detected. The methods and systems identify any potential suspicious activity or potential misuse associated with a user account. The user account has account privileges associated with a network service. The methods and systems sends a notification to a network application to indicate that account privileges associated with the user account are limited. In response to the notification, a series of tasks to restore access to the user account may be performed.

Abstract: Disclosed herein is a method to facilitate establishing a connection between an access-seeking device and an access granting device. The method may include receiving, using a communication device, a Quantum Level Security (QLS) code from the access-seeking device. Further, the QLS code may be generated by the access-seeking device based on at least one QLS function and at least one parameter. Further, the method may include receiving, using the communication device, an independent QLS code generated by an access granting device based on the at least one QLS function and the at least one parameter. Further, the method may include comparing, using a processing device, the QLS code and the independent QLS code. Further, the method may include establishing, using the communication device, the connection between the access-seeking device and the access granting device based on a result of the comparing.

Abstract: A network node (110) is provided configured for a cryptographic protocol based on a shared matrix. The network node is arranged to construct the shared matrix (A) in accordance with the selection data and a shared sequence of values. Multiple entries of the shared matrix are assigned to multiple values of the sequence of data as assigned by the selection data. The shared matrix is applied in the cryptographic protocol.

Abstract: An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.

Abstract: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the obtained tags and the one or more criteria.

Abstract: Systems and methods for an end-to-end secure operation from an expression in natural language. Exemplary methods include: receiving a set of queries from a natural language processor, the set of queries being produced by a method including: getting data schemas associated with a target data source; obtaining the expression in natural language; performing natural language processing on the expression to determine a desired operation; and generating the set of queries using at least one of matching and inference techniques over the desired operation with respect to the data schemas; encrypting the set of queries using a homomorphic encryption technique; providing the encrypted set of queries to a server, the server including the target data source; acquiring encrypted results, the encrypted results being responsive to the encrypted set of queries; and decrypting the encrypted results using a decryption key to produce desired results.

Abstract: Some embodiments are directed to location-tracking system (100) comprising a location database (120) configured to receive a plurality of location updates from a plurality of tracking devices (112, 113), the plurality of location updates indicating the location of one or more objects, the location updates being stored encrypted with a cryptographic database encryption-key (130), multiple location-analysis devices execute a multi-party computation protocol on the encrypted location updates using a stored key-share, thus jointly computing a location-analysis result secret-shared among the multiple location analysis devices.

Abstract: Media, system, and method for providing encryption key management to a channel within a group-based communication system. The contents of the channel is encrypted according to the encryption key management policy of the organization to which the author of the content belongs and is stored in a data store. Responsive to a revocation request from a first organization, the encryption keys associated with any content in the channel submitted by the authors of said first organization may be revoked from a second organization, such that users of the second organization no longer have access to the content.

Abstract: Disclosed are various embodiments for decentralizing the authentication or verification of data. An identity key can be generated for a data item. A request can then be sent to an authentication service for authentication of the data item, the request comprising the identity key and the data item. A verified claim for the data item can then be received in response. Subsequently, an identity document is generated, the identity document comprising the identity key for the data item and the verified claim. Finally, the identity document can be stored in a distributed ledger.

Abstract: A client-side, bearer token-based decentralized authentication system and associated method are, from a user's perspective, similar to familiar, centralized third-party authentication techniques.

Abstract: Disclosed are various embodiments for authenticating users of applications using decentralized data models for storing a user's identity. A fingerprint for a computing device is received from an application executing on the computing device. An identity key associated with the fingerprint for the computing device is then obtained, the identity key being linked to a signed claim. The signed claim is retrieved and evaluated. The application executing on the computing device access is then granted access to the computing resource in response to evaluating the signed claim.

Abstract: A method includes storing, in one or more databases amongst a plurality of databases by one or more nodes in a distributed database system, data for one or more of network-enabled devices. The data for each network-enabled device includes encrypted private data, and metadata associated with the private data. The metadata may include permissions data, time period validation data, and encryption parameters. In addition, the method may include locating the encrypted first private data and determining using first permissions data associated with the encrypted first private data and using the second network-enabled device identifier if the second network-enabled device is authorized to access the first private data. The method includes providing the first private data to the second network-enabled device. The second network-enabled device obtains and decrypts the encrypted first private data to obtain the first private data.

Abstract: Systems and methods for device identification for management and policy in the cloud, using a combination of several hardware parameters and user's identification to generate a unique identifier for a user device and associated user. IOCTL and Assembly can be used to get the different hardware parameters. All the hardware parameters can then run through a process to generate a fixed size hardware fingerprint. A base64 encoding can be performed to convert it into a string, for consumption of database. The resultant identifier is unique and it is never stored on machine. The application can simply generate it whenever needed. The resultant identifier can used by a service provider to uniquely identify the device even when the device is moving hands or locations. The resultant identifier is never stored, so moving data from one device to another will not result in the same identifier for two devices.

Abstract: The present disclosure relates generally to managing security artifacts for a software application executing on a software stack. Techniques are described for defining a security configuration such that each layer of the software stack may be associated with one or more datastores, each datastore including one or more security artifacts for a particular layer. The security configuration may specify, for example, an order in which the various datastores are to be accessed when a request is received for a security artifact that is available from multiple datastores. Using the security configuration, access to security artifacts can be handled in connection with requests generated through a particular layer in the stack. A system managing the security artifacts can provide a unified view of the datastores such that, from the end-user's perspective, there is only one logical datastore.

Abstract: An in-vehicle communication network comprising at least one node connected to a bus, the network comprising: at least one memory comprising software having data characterizing messages that propagate over the network during normal operation and executable instructions for processing a message based on the data to determine if the message is normal or anomalous; a module operable to: process messages received from the in-vehicle network in accordance with the executable instructions and the data to identify an anomaly in communications over the in-vehicle communication network; accumulate and store information responsive to the processing of the received messages; instruct a communication interface, configured to support communication with an entity external to the vehicle, to upload the stored information or a portion thereof to the entity external to the in-vehicle network.

Abstract: Various multiple methods of data transport, and combinations thereof, may be used to initialize or update conditional access information on various devices. In an integrated device having both a broadcast receiver, such as an SDARS receiver, and a two-way communications transceiver, such as an LTE, 3G, 4G or 5G modem, or the like, conditional access information for the broadcast receiver may be sent to the transceiver, and then passed to the broadcast receiver, or vice versa. Additionally, for example, the broadcast receiver may be sent, over the broadcast communications channel, a “wake-up” message for the two-way transceiver, which message may then be passed to the two-way transceiver, so as to make it ready to receive conditional access information over the two-way communications channel, or vice versa.

Abstract: A compiler transforms the source code into object code, but it will postpone the assignment of all of the machine language jumps until installed time. This can be performed by labeling the jumps during compiled time, similarly to how variables are labeled for later indexing by the debugger. At installation time, given a random key, the installer will take the jump labels and assign random ordering of the code and data using the key as a seed. The final effect is that the same source code can potentially generate an infinite number of object codes, with the exact same functionality of execution. The main difference, however, is that as more jump labels are included, less fixed offsets between buffers are available to the black hat.