Abstract: Disclosed are systems and methods for routing personal data when executing queries, in a client-server architecture. A data structure intended for dispatching to the server is divided at the client side into at least two substructures. These data substructures are dispatched from the client to the server by different routes. One of the routes includes a network node with anonymization module, said node being situated in a regional network different from the regional network in which the server is located and not being in the same intranet as the server or the client. The anonymization module of the node transforms each data substructure dispatched by this route. The data substructures are combined into a structure at the server after being obtained.

Abstract: Systems and methods are provided for detecting system anomalies and detecting compatible modules for replacing computing systems. The described technique includes receiving system parameters specifying functionality of a first computing system, and interrogating a state model using the received system parameters to detect an anomaly within the first computing system. Responsive to detecting an anomaly in the first computing system based on the state model, the system re-interrogates the state model based on at least one candidate module such that the system parameters of the first computing system are replaced by equivalent system parameters of the candidate module. The system then selects the at least one candidate module based on a determination that the candidate module is compatible with the first computing system, and that no anomaly was detected during the repeat interrogation of the state model using the system parameters of the candidate module.

Abstract: A method for controlling secure access to user requested data includes retrieving information related to potential unauthorized access to user requested data. The information is collected by a plurality of sensors of user's mobile device. A trained statistical model representing an environment surrounding a user is generated based on the retrieved information. A first data security value is determined using the generated trained statistical model. The first data security value indicates a degree of information security based on user's environment. A second data security value is determined using the generated trained statistical model. The second data security value indicates a degree of confidentiality of the user requested data. The user requested data is filtered based on a ratio of the determined first data security value and the second data security value.

Abstract: Systems and methods for anonymously transmitting data in a network are provided, in which a request data structure is received by a network node from a client device. A first substructure containing personal data (PD) and a second substructure not containing PD are identified in the request data structure, by the network node. The first substructure is encrypted, by the network node, and is transmitted along with the second substructure to a server. A response data structure is received, by the network node, from the server. The first encrypted substructure and a third encrypted substructure are identified, by the network node, in the response data structure. The first encrypted substructure is decrypted, by the network node, and is transmitted along with the third encrypted substructure to the client device. The third encrypted substructure can be decrypted and viewed by the client device.

Abstract: Systems and methods for anonymous collection of malware-related data from client devices. The system comprising a netwok node configured to (i) receive a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device and/or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independed certification authoirity, (ii) transform the received first data structure by replacing the identifier of the client device with an anonymized identifier, and (iii) transmit the transformed first data structure containg the anonymized identifier and the encrypted data to a server.

Abstract: Disclosed herein are systems and method for sending user data in a client-server architecture with data anonymity and consistency. In an exemplary aspect, a client device may identify, a structure to send to the server, wherein the structure comprises the user data. The client device may divide the structure into two or more substructures and for each respective substructure of the two or more substructures, the client device may (1) assign a degree of confidentiality to the respective substructure and (2) send the respective substructure to a respective node of a plurality of nodes based on the assigned degree of confidentiality and a degree of security of the respective node. The respective node may be configured to apply a respective transformation to the respective substructure and transmit the transformed respective substructure to the server. The server may be configured to combine received transformed substructures into a transformed structure.

Abstract: Systems and methods for transmitting critical data to a server are provided. The data structure intended for transmission to the server is divided up on the client side into a substructure containing critical data (CD) and a substructure not containing CD. The substructure containing CD is further divided up at the client side into at least two substructures and the resulting substructures are sent consecutively to the server via a node with a transformation module. The substructure not containing CD is sent directly to the server, bypassing the node with the transformation module. After receiving the substructures, they are combined at the server side into a single data structure. The critical data are data with respect to which the law of the state in whose jurisdiction the client or an authorized entity is located imposes restrictions on the gathering, storage, accessing, dissemination and processing thereof.

Abstract: Systems and methods are presented for selection of compatible components for an observed system. An exemplary method comprises collecting parameters of one or more components of the system, assessing conformity of the one or more components of the system with a required state of the system, identifying one or more anomalies based on the assessment of conformity, analyzing the one or more anomalies to identify a class and parameters of the system corresponding to the one or more anomalies, determining one or more models of methods of restoration of the system, selecting one or more components that meets requirements of the one or more models of methods of restoration and implementing the one or more components in the system that are compatible with the system to eliminate the one or more anomalies.

Abstract: Systems and methods are presented for identifying and addressing anomalies in a system. An exemplary method comprises collecting parameters of one or more components of the system, assessing conformity of a state of the system by comparing the collected parameters to one or more state models, wherein the one or more state models describe normal and anomalous states, identifying one or more anomalies based on the assessment of conformity, obtaining a database of third party information for the one or more components, replacing the collected parameters with the third party information and interrogating the one or more state models using the third party information, responsive to identifying no further anomalies in the interrogation, identifying one or more components that are compatible with the system from the obtained database, and selecting a single component from the one or more components to address the identified anomalies, based on one or more criteria.

Abstract: System and methods are provided for searching users that meet one or more search requirements. Configuration profiles are obtained of computing systems operated by sample users that have at least one determined characteristic. A machine learning model is generated that associates the determined characteristic of the sample users with the configuration profiles of the computing systems of the sample users. Identifying at least one target user that matches the at least one determined characteristic specified in a search query based on analysis of the configuration profile of the computing system of said target user by the machine learning model.

Abstract: Systems and methods for provided for detecting compatible modules for replacing anomalous elements in computing systems. The described technique includes receiving system parameters specifying functionality of a first computing system, and querying a state model using the received system parameters to detect an anomaly within the first computing system. In response to detecting an anomaly in the first computing system based on the state model, the system determines a recovery method based on a recovery-method model and information about the detected anomaly, and selecting, from a tool database, a third-party, system-compatible tool configured to implement the determined recovery method.

Abstract: Systems and methods are provided for detecting system anomalies and detecting compatible modules for replacing computing systems. The described technique includes receiving system parameters specifying functionality of a first computing system, and interrogating a state model using the received system parameters to detect an anomaly within the first computing system. Responsive to detecting an anomaly in the first computing system based on the state model, the system re-interrogates the state model based on at least one candidate module such that the system parameters of the first computing system are replaced by equivalent system parameters of the candidate module. The system then selects the at least one candidate module based on a determination that the candidate module is compatible with the first computing system, and that no anomaly was detected during the repeat interrogation of the state model using the system parameters of the candidate module.

Abstract: Disclosed are systems and methods for controlling opening of computer files by vulnerable applications. An example method includes: responsive to detecting creation by a source software application of a computer file on the user computer, determining a file access policy associated with the computer file based on one or more parameters of the computer file; responsive to detecting a request from a consumer software application to open the computer file, determining an application launching policy associated with the consumer software application based on one or more vulnerabilities identified for the consumer software application; determining a file opening policy associated with the computer file and the consumer software application based on the file access policy, the application launching policy, and respective priorities amongst the policies; and controlling opening of the computer file by the consumer software application according to the determined file opening policy.

Abstract: Disclosed are systems and methods for routing during statistics collection. A method is described of exchanging data in a client/server architecture across a node with an anonymization module situated in a regional network different from the network in which the server is located and not being in the same intranet as the server or the client when making the request.

Abstract: Disclosed are systems and methods for routing personal data when executing queries, in a client-server architecture. A data structure intended for dispatching to the server is divided at the client side into at least two substructures. These data substructures are dispatched from the client to the server by different routes. One of the routes includes a network node with anonymization module, said node being situated in a regional network different from the regional network in which the server is located and not being in the same intranet as the server or the client. The anonymization module of the node transforms each data substructure dispatched by this route. The data substructures are combined into a structure at the server after being obtained.

Abstract: Disclosed are systems and methods for exchanging data in a client-server architecture. At the client side, a first data structure intended for dispatch to a server is divided into at least two substructures including a first substructure and a second substructure. The substructure is dispatched from the client to the server across a first network node with an anonymization module, wherein data of the first substructure is transformed by the anonymization module. The second substructure from the client is dispatched to a second network node with a storage module. The second substructure is received by the server from the network node with the storage module, and the obtained data substructures are combined into a second data structure by the server.

Abstract: An air pressure probe (APP) relates to the field of aviation and is intended to determine aircraft flight parameters or wind tunnel flow parameters. The APP comprises a head part with intake holes located thereon, which are connected by channels to couplers, and a support, attached to the head part from behind. The surface of the head part is provided with flow vortex generators. The generators can be in the form of indentations or protrusions of various shapes on the surface of the air pressure probe, or in the form of ribs formed as a result of the mating of elements of the flat or curved planes that form the surfaces of the head part and the support. The technical result is an increased operational range of measurement and a wider field of practical application.

Abstract: Disclosed are systems and methods for controlling opening of computer files by vulnerable applications. An example method includes: responsive to detecting creation by a source software application of a computer file on the user computer, determining a file access policy associated with the computer file based on one or more parameters of the computer file; responsive to detecting a request from a consumer software application to open the computer file, determining an application launching policy associated with the consumer software application based on one or more vulnerabilities identified for the consumer software application; determining a file opening policy associated with the computer file and the consumer software application based on the file access policy, the application launching policy, and respective priorities amongst the policies; and controlling opening of the computer file by the consumer software application according to the determined file opening policy.

Abstract: Disclosed are systems and methods for controlling opening of computer files by vulnerable applications. An example method includes: detecting a request from a software application to open a computer file on the user computer; determining one or more parameters of the file; determining a file access policy based on the parameters of the file, wherein the file access policy specifies at least access rights of the software application to the resources of the user computer; identifying vulnerabilities of the software application; determining an application launching policy for the software application based at least on the determined vulnerabilities, wherein the application launching policy specifies at least whether opening of the file is permitted or prohibited; and controlling opening of the file on the user computer and accessing of the computer resources by the software application working with the opened file based on the file access policy and application launching policy.

Abstract: Disclosed are systems and method for utilizing a dedicated computer security service. An exemplary method includes storing in an electronic database rules that indicate when to use either a first cloud service or a second cloud service for one of the security services, receiving a request from a client computer to access the security service, determining parameters relating to the received request, applying the parameters to the plurality of rules to determine an instruction indicating whether to transmit the request to the first cloud service or the second cloud service; and transmitting the request to either the first cloud service or the second cloud service, based on the instruction, to use the at least one security service.