Abstract: Methods and systems provide for detecting exploitation of kernel vulnerabilities which typically corrupt memory. The methods and systems are implemented, for example, via a host, which includes a hypervisor, which controls the operating system (OS) user space and the OS kernel space.

Abstract: Provided is an analysis device with which it is possible to find information relating to the intention and purpose of an attacker. The analysis device is provided with a purpose estimating means that estimates the purpose of behavior, based on predetermined behavior in the computer and knowledge information that includes the relation between the behavior and the purpose of executing the behavior.

Abstract: A selection apparatus includes a macro analysis unit that acquires a macro feature amount from a macro in a document file to which the macro is added, a text analysis unit that acquires a text feature amount from text in the document file, a cluster analysis unit that performs clustering using the macro feature amount and the text feature amount, and a selection unit that selects an analysis target document file based on a cluster analysis result, and is able to efficiently and accurately select the macro-added document file to be analyzed.

Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.

Abstract: Disclosed is a method, for detecting anomalies in a computer application which is running on a device in a data communications system, thereby creating events in the computer application. Each event comprises an event code identifying the event. The method comprises obtaining (200) an event profile of the computer application, the event profile comprising each unique event code of events detected during a defined period of operation of the computer application. The method further comprises detecting (220) a first event from the computer application, and comparing (222) the event code of the first event with the event codes of the event profile. The method further comprises, if the first event does not match any event in the stored event profile, creating (224) a notification.

Abstract: In accordance with one embodiment of the present disclosure, a method for determining the similarity between a first data set and a second data set is provided. The method includes performing an entropy analysis on the first and second data sets to produce a first entropy result, wherein the first data set comprises data representative of a first one or more computer files of known content and the second data set comprises data representative of a one or more computer files of unknown content; analyzing the first entropy result; and if the first entropy result is within a predetermined threshold, identifying the second data set as substantially related to the first data set.

Abstract: Methods and apparatuses for malware analysis and root-cause analysis, and information security insights based on Operating System sampled data such as structured logs, Operating System Snapshots, programs and/or processes and/or kernel crash dumps or samples containing payload for extraction for the purpose of detection and evaluation of threats, infection vector, threat actors and persistence methods in the form of backdoors or Trojans or unknown exploitable vulnerabilities used.

Abstract: A device may generate versions of a first executable process that is associated with deterministically defined parameters. The device may run the versions of the first executable process, and may monitor device parameters of the device or the first executable process when running the versions of the first executable process. The device may determine, based on monitoring the device parameters of the device or the first executable process, a variance to a parameter of the deterministically defined parameters relative to an expected value for the parameter, and may provide information indicating a presence of malware in connection with the device based on determining the variance to the parameter.

Abstract: Methods and systems for performing an authenticated boot; performing a continuous data protection; performing automatic protection and optionally a consolidation; and performing other defenses and protection of a protected computing device (such as a computer system) are provided. The aspects include integrating security mechanisms (which may include a “call home” function, role and rule-based policies, validating technologies, encryption and decryption technologies, data compression technologies, protected and segmented boot technologies, and virtualization technologies. Booting and operating (either fully or in a restricted manner) are permitted only under a control of a specified role-set, rule-set, and/or a controlling supervisory process or server system(s). The methods and systems make advantageous use of hypervisors and other virtual machine monitors or managers.

Abstract: Systems, methods and computer readable mediums for determining a risk rating for software vulnerabilities of host devices and services on an enterprise network are discussed. Risk-rating systems and methods prioritize cyber defense resources utilizing both network-independent and network-specific approaches.

Abstract: Embodiments of the present systems and methods may provide techniques for encryption of location information, while preserving a format and semantics of the information. For example, in an embodiment, a computer-implemented method for encrypting data may comprise receiving location data and generating encrypted data from the received location data, wherein the encrypted data preserves the format and semantics of the received location data.

Abstract: Techniques for managing an application token may include providing, by a first service provider application on a communication device to a first service provider computer, a first request for a first application token, receiving, by an account management application on the communication device from a token service computer in communication with the first service provider computer, the first application token, and storing the first application token in a token container in the account management application.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: A computer implemented method of authenticating a user accessing a secure terminal, comprising obtaining identification information stored in a personal machine readable storage medium exclusively associated with an accessing user attempting to access a secure system, retrieving authentication information exclusively associated with the accessing user from a remote network resource using the identification information, operating one or more privately directed user interfaces to exclusively present to the accessing user a requested alteration to a challenge request generated based on the authentication information and presented via another user interface, receiving a response to the challenge request from the accessing user and granting the accessing user access to the secure terminal in case the response matches the altered challenge request and denying access in case of no match.

Abstract: The invention relates to a data transmission method between a client device (2) and a verifying device (1), comprising the following steps: (a) simultaneous acquisition, by the verifying device and the client device, of an ambient analog signal (S), (b) calculation, by a processor (10) of the verifying device, of a first random number obtained by applying a transformation to the ambient analog signal, and calculation, by a processor of the client device, of a second random number obtained by applying the transformation to the ambient analog signal, (c) transmission of a first cryptographic datum, encrypted at least in part by means of an encryption function depending on the second random number, via an analog data signal, by analog signal emission means (24) of the client device (2) to analog signal acquisition means (15) of the verifying device (1), (d) processing of the first datum by the verifying device, comprising decryption of the first datum.

Abstract: Example implementations relate to a file system lock down. In an example, an audit log is produced from I/O events related to data placed on a storage medium and managed by a file system. The audit log is analyzed based on compliance policies to generate a control signal. A compliance enforcer integrated in an I/O path of the file system sends a file system lock down command directly to the file system in response to the control signal indicating that a compliance policy has been violated by at least one of the I/O events in the audit log.

Abstract: A system for protecting user-editable files against unauthorized data alteration or against compromised operating systems or compromised applications. It comprises of untrusted operating environments and a trusted operating environment. One or more untrusted operating environments makes available user-editable files for creation and editing, and are stored in a non-protected partition of storage drive. The trusted operating environment provides an authentication key to access protected partition of storage drive, and stores copies of user-editable files in a protected partition of storage drive. Each new stored copy of a user-editable file in the protected partition corresponds to a new or an updated version of the user-editable file. A set of files and folders can be initially selected in an uncompromised untrusted operating environment. A trusted updater module running inside the trusted operating environment can perform copying to protected partition. Scheduled tasks can also copy user-editable files.

Abstract: Computer systems and methods are provided for distributing a data bookmark. An interface of a first device receives a scope definition. The scope definition includes information that defines a scope of access to data that corresponds to data stored by one or more databases and identifying information that identifies at least one column, table, or dimension of the one or more databases. A pointer is generated for the data bookmark. The data bookmark is generated using the pointer and the scope definition. The generated data bookmark, including the pointer for the data bookmark and the scope definition that includes the identifying information that identifies the at least one column, table, or dimension of the one or more databases within the scope of access, is stored. The pointer for the data bookmark is transmitted to a second device that is distinct from the first device.

Abstract: The present invention discloses a system for storing a blockchain on a distributed network. The system includes a distributed network containing a plurality of nodes. The system stripes a blockchain into individual blocks where each individual block is separately encrypted and stored on a different node of the distributed network. The system forms a parity block from the individual blocks striped from the single blockchain. The parity block is separately encrypted and stored on a node of the distributed network separate from the other nodes storing the individual blocks for the blockchain. The system uses a blockchain distributed network map identifying where all of the individual blocks and the parity block are stored on the distributed network to reassemble all of the individual blocks into an undivided single blockchain.

Abstract: Techniques for proving authenticity of data files, such as digital photos. An authentication/indexing server content from a client device such as a mobile device, and generates or receives other related data such as a reference to the content object, a fingerprint for the content object, and other metadata indicating for example a timestamp related to the content object. The fingerprint is inserted into a distributed ledger, with the distributed ledger returning a ledger address. A manifest object containing the transaction object, the ledger address, and a list of the content object and, optionally, related edits is then created and stored. The server may index fingerprints. Thus, a fingerprint can be used to authenticate subsequently received object against the stored metadata.

Abstract: A computer implemented method of applying a unified search for a match of one or more features in a plurality of encrypted records, comprising using one or more processors of a server associated with a database comprising a plurality of encrypted records. The processor(s) is adapted for receiving a query for searching one or more plaintext features in the plurality of encrypted, searching for a match of the one or more plaintext features using a first search methodology and a second search methodology and outputting an indication of matching encrypted records according to the match. Wherein the second search methodology is asymptotically faster than the first search methodology and wherein the first search methodology is used for searching a subset of the plurality of encrypted records selected based on status indication associated with each encrypted record.

Abstract: A system and method for managing permissions of users for a column-oriented data structure, including: generating a column oriented data structure in response to receiving a request to generate the data structure from a first user device associated with a first user account, wherein the data structure comprises a plurality of columns, wherein each column is of single data type and is assigned metadata associated with the single data type; associating the first user account with a first set of permissions associated with the generated data structure; and, associating a second user account with a second set of permissions, wherein the first set of permissions comprises at least one additional permission with respect to the second set of permissions.

Abstract: The present invention discloses a system for storing a blockchain on a distributed network. The system includes a distributed network containing a plurality of nodes. The system stripes a blockchain into individual blocks where each individual block is separately encrypted and stored on a different node of the distributed network. The system forms a parity block from the individual blocks striped from the single blockchain. The parity block is separately encrypted and stored on a node of the distributed network separate from the other nodes storing the individual blocks for the blockchain. The system uses a blockchain distributed network map identifying where all of the individual blocks and the parity block are stored on the distributed network to reassemble all of the individual blocks into an undivided single blockchain.

Abstract: The present disclosure provides a communication system and method, among other things. As a non-limiting example, the method includes enabling access to entries of personal digital data for a plurality of users; enabling at least some of the personal digital data for the plurality of users to be retrieved by a query that contains an identification of a first user and authentication information associated with the first user; receiving a group identifier that is stored with reference to personal digital data of the first user; and distributing relationship digital data that describes a relationship between the first user and the second user based on the existence of the group identifier.

Abstract: Systems and methods for censoring text characters in text-based data are provided. In some embodiments, an artificial intelligence system a be configured to receive text-based data and store the text-based data database. The artificial intelligence system may be configured to receive a list of target pattern types identifying sensitive data and receive censorship rules for the target pattern types determining target pattern types requiring censorship. The artificial intelligence system may be configured to assemble a computer-based model related to a received target pattern type in the list of target pattern types. The artificial intelligence system may be configured to use a computer-based model to identify a target data pattern corresponding to the received target pattern type within the text-based data, identify target characters within the target data pattern, and to assign an identification token to the target characters.

Abstract: A system and method is provided to allow access to centralised patient data captured from a medical device across an open network to a third party. The system and method receives the request based upon patient-specific information, checks the request and allows access if the request matches stored information.

Abstract: In various embodiments, a data subject request fulfillment system may be adapted to prioritize the processing of data subject access requests based on metadata of the data subject access request. For example, the system may be adapted for: (1) in response to receiving a data subject access request, obtaining metadata regarding the location from which the data subject access request is being made; (2) using the metadata to determine whether a priority of the data subject access request should be adjusted based on the obtained metadata; and (3) in response to determining that the priority of the data subject access request should be adjusted based on the obtained metadata, adjusting the priority of the data subject access request.

Abstract: An automated classification system may be configured to substantially automatically classify one or more pieces of personal information in one or more documents (e.g., one or more text-based documents, one or more spreadsheets, one or more PDFs, one or more webpages, etc.). The system may be implemented in the context of any suitable privacy compliance system, which may, for example, be configured to calculate and assign a sensitivity score to a particular document based at least in part on one or more determined categories of personal information identified in the one or more documents. The storage of particular types of personal information may be governed by one or more government or industry regulations, which may require particular security measures, storage techniques, handling, etc. for documents based on one or more categories of information contained therein.

Abstract: Position data may gradually pseudonymized by a method, comprising: generating a sequence of relative positions from a sequence of absolute positions of a moving object; randomizing the sequence of relative positions using at least a sequence of random numbers generated from at least one seed; in response to receiving an analytical job comprising the at least one seed, restoring the sequence of relative positions from the randomized sequence of relative positions; and in response to receiving an analytical job comprising both the at least one seed and at least one absolute position derived from the sequence of absolute positions, restoring the sequence of absolute positions from the randomized sequence of relative positions.

Abstract: Position data may gradually pseudonymized by a method, comprising: generating a sequence of relative positions from a sequence of absolute positions of a moving object; randomizing the sequence of relative positions using at least a sequence of random numbers generated from at least one seed; in response to receiving an analytical job comprising the at least one seed, restoring the sequence of relative positions from the randomized sequence of relative positions; and in response to receiving an analytical job comprising both the at least one seed and at least one absolute position derived from the sequence of absolute positions, restoring the sequence of absolute positions from the randomized sequence of relative positions.

Abstract: Cloud-based methods and systems for content sharing are disclosed. In some embodiments, the systems may include one or more processors configured to: receive, from a client device, an instruction for sharing a designated digital asset; retrieve the designated digital asset from a storage device; determine provenance of the designated digital asset based on metadata of the designated digital asset; generate authentication information based on the provenance of the designated digital asset; identify sensitive information in the designated digital asset; generate a redacted version of the designated digital asset by modifying content of the designated digital asset to alter the identified sensitive information; and provide the redacted version and authentication information of the designated digital asset to a recipient of the designated digital asset.

Abstract: A system and method for maintaining image integrity in a containerized environment. Image layers of a software container are scanned for metadata. The metadata is indexed and contextual metadata is added. Execution of the containerized environment is monitored to detect new image layers being executed. Integrity of images in the environment is maintained based on integrity rules and the metadata of each image layer. The integrity rules ensure image integrity by ensuring that pulled images are composed from trusted images, image layers are pushed by trusted users, image layers do not include potential vulnerabilities, and image layers do not override specific file paths. Trusted image layers may be automatically detected using a machine learning model trained based on historical image layer metadata.

Abstract: To provide an information processing system, a storage medium and a control method through which a user privacy level in a telepresence system can be set depending on a counterpart.

Abstract: According to an embodiment, an information processing device switching between a secure mode and a non-secure mode to operate, includes one or more processors configured to perform: implementing a secure OS which operates in the secure mode; implementing a non-secure OS which operates in the non-secure mode; acquiring initialization process information autonomously in the secure mode, the initialization process information relating to an initialization process which the non-secure OS executes for a shared resource shared by the secure OS and the non-secure OS; and enabling, based on the initialization process information, the shared resource to be shared and used by the secure OS and the non-secure OS.

Abstract: A device configured to implement multiple locks to increase security of assets associated with the device including an embedded system, a multi-lock mechanism configured to provide a plurality of locks to prevent an authorized access to the assets associated with the embedded system, each of the plurality of locks of the multi-lock mechanism having an different unlock parameters, a memory configured to securely store at least one of the lock parameters of the plurality of locks of the multi-lock mechanism, the memory further configured to securely store at least one of the unlock parameters of the multi-lock mechanism, and the embedded system further configured to provide access to the assets after each of the lock parameters of the plurality of locks of the multi-lock mechanism is provided the unlock parameters of the multi-lock mechanism.

Abstract: A computing device incorporating repetitive side channel attack (SCA) countermeasures can include a timer circuit and a capacitive delay circuit that notifies of a potential repetitive-based attack by sending an activity-detected signal that can be used to initiate an appropriate countermeasure response. Additionally, or independently, a computing device incorporating repetitive SCA countermeasures can include at least one storage unit that can store an incoming input signal, at least one comparator to compare the incoming input signal with another signal and indicate a match, and a counter that increments upon the match. When the counter reaches a specified limit, a limit-exceeded signal can be sent to notify of a potential repetitive-based attack and initiate an appropriate countermeasure response.

Abstract: The present invention relates to a storage device for secure authentication, comprising a mass data memory and a security element which enables the secure authentication of a storage device in the presence of further hardware components without the need for a large amount of technical expenditure. The present invention further relates to a corresponding method for providing or producing the proposed storage device and to a computer program product comprising control commands which implement the proposed method.

Abstract: Disclosed is a security device for preventing leakage of data information in solid-state drive. The present invention provides the security device for preventing leakage of data information in solid-state drive (SSD), the device enabling a user to electrically destroy flash memory personally to prevent leakage of data stored in the SSD, which is used and is to be waste-processed.

Abstract: An apparatus that includes a substrate and a first plurality of circuit components mounted on the substrate, which is associated with a protected area. The apparatus includes a connector formed on the substrate to at least partially circumscribe the protected area and a second plurality of circuit components mounted on the substrate to at least partially circumscribe the connector to form a security barrier to physically inhibit a penetration attack into the protected area.

Abstract: A foldable circuit board that includes OLED display technology is provided. Apparatus may include embedded card reading technology (e.g., EMV, magnetic stripe, QR-Reader Technology) into a foldable OLEO-based mobile device. The mobile device may fold, to create a channel for swiping a purchasing instrument. Such a device may provide portable card reading technology and an ability to seamlessly transmit the captured information to a remote server/network for authorization. Such devices may avoid use of an external plug-in device to capture payment instrument information. Also, such devices may revive use of magnetically encoded information which is typically less-expensive-to-manufacture and provides a faster “swipe” time to read the magnetically encoded information as compared to other technology such as EMV chips.

Abstract: A data writing device includes a reader and a processor. The reader receives a radio wave from a wireless tag for storing a first identifier and a second identifier and measures a radio wave intensity of the radio wave received from the wireless tag. The processor determines the radio wave intensities of the radio waves received from the plurality of wireless tags by acquiring the first identifiers from the plurality of wireless tags through the reader, and determines the radio wave intensities of the radio waves received from the plurality of wireless tags. A reading threshold is set between a strongest radio wave intensity and a next strongest radio wave intensity among the radio wave intensities, and the second identifiers are acquired from the wireless tags having the radio wave intensities exceeding the set reading threshold through the reader.

Abstract: The invention relates to a method of acquiring information of an accessory connected to a vehicle. The method comprises, in a control unit of the vehicle, acquiring an accessory identifier from the accessory. The method further comprises transmitting the accessory identifier to a remote server comprising accessory information, matching, in the server, the accessory identifier with corresponding accessory information, transmitting the accessory information to the vehicle and receiving the accessory information in the control unit.

Abstract: In one embodiment, a self-describing fiducial includes a communication element that optically communicates navigation-aiding information. The navigation-aiding information may include a position of the self-describing fiducial with respect to one or more coordinate systems and the communication element communicates the navigation-aiding information to one or more navigating objects in the vicinity of the self-describing fiducial. In another embodiment, the communication element is further configured to communicate supplementary information describing a spatial relationship between the self-describing fiducial and the surrounding environment.

Abstract: A portable terminal includes a device body, a grip section located closer to a first end than to a second end of the device body, and a projecting section located closer to the second end than to the first end of the device body. An operation switch is provided between the projection section and the first end of the device body. The operation switch includes a pressing surface that is at an angle with respect to a thickness direction of the device body to face outward from the device body and in a direction toward the second end of the device body. The grip section includes a sloped surface provided between the operation switch and the first end of the device body. And the sloped surface faces away from a direction faced by the pressing surface of the operation switch.

Abstract: Various embodiments described herein relate to a scanning system for scanning and decoding direct part markings (DPM) type indicia. The scanning system includes an arrangement of an illumination module, a beam splitter module, and a telecentric lens assembly. The telecentric lens assembly is adapted to direct an in-line illumination received from the illumination module as collimated light to illuminate the DPM indicia. Upon illumination, a first portion of light reflected from embossments of the DPM indicia that are incident on the telecentric lens assembly at a defined angle is decoupled from an optical path between the telecentric lens assembly and the target. An imager is exposed to a second portion of reflected light, excluding the decoupled reflected light that is reflected from a substrate on the DPM indicia, in order to capture an image of the DPM indicia for decoding.

Abstract: The present disclosure provides a light receiving stacked-hole structure and a fabrication method thereof, and a fingerprint recognition device. The method includes forming a base light blocking layer having a first opening on a first surface of a substrate; forming at least one overlying light blocking layer having a second opening on a side of the base light blocking layer away from the substrate, wherein the overlying light blocking layer having the second opening is formed by using the base light blocking layer as a mask plate.

Abstract: A fingerprint recognition sensor according to an exemplary embodiment of the present invention includes: a photo sensor for sensing light that is diffuse-reflected from a finger of a user and incident on the photo sensor, or that is transmitted through the finger and incident on the photo sensor; a first matrix positioned on the photo sensor and including a first opening; a second matrix positioned on the first matrix and including a second opening; and a cover layer including one surface contacting the finger and positioned on the second matrix, wherein, from among light that is diffuse-reflected from the finger and incident on the cover layer or that is transmitted through the finger and incident on the cover layer, light having an angle, formed by a normal line on the one surface of the cover layer and a path of the light incident on the cover layer, that is greater than a critical angle, sequentially passes through the second opening and the first opening and is incident on the photo sensor.

Abstract: An optical fingerprint sensing module is provided, including a circuit board, a first light-reflective element, a lens, and an image sensor electrically connected to the circuit board. The optical fingerprint sensing module is disposed below a display panel module. Light is generated by the display panel module and reflected by a finger to propagate along a first direction. Subsequently, light is reflected by the first light-reflective element and propagates through the lens in a second direction to reach the image sensor.

Abstract: Provided are an under-screen biometric identification apparatus and an electronic device. The under-screen biometric identification apparatus includes: a lens disposed under a display screen for receiving an optical signal formed by reflection of a human finger on the display screen, where the optical signal is used to detect biometric information of the finger; a lens barrel, where the lens is fixed in the lens barrel; and a support, where the support is connected to the lens barrel by means of threaded connection for supporting the lens barrel. An under-screen biometric identification apparatus and an electronic device provided in embodiments of the present application can improve the efficiency of under-screen biometric identification.

Abstract: An arrangement and method for optical recording of live skin areas of human autopodia and documents has a layer body comprising sensor layer with light-sensitive elements in regular pixel rasters, transparent protective layer above the sensor layer as placement surface for skin areas or documents is integrated in a mobile image capture device having at least one display for user guidance and an internal power supply. The layer body has an area light-emitting layer under the sensor layer to emit light in a first angle range for frustrated total internal reflection at the placement surface when autopodia are placed thereon and to emit in a second angle range to illuminate documents on the placement surface. A controlling and data processing unit handles preprocessing and reducing captured image data and an electronic interface for wireless coupling of the image capture device with a further electronic device for image data processing.