Abstract: A computer-implemented method for identifying proprietary content in composite media comprising a plurality of media components, the method comprising: identifying a first media component of the composite media as proprietary content; identifying a second media component of the composite media as a context indicator; and determining a context for the proprietary content based on the context indicator.

Abstract: This disclosure describes systems and methods for protecting commercial off-the-shelf software program code from piracy. A software program may include an executable file. The executable file may include code and data. A platform may modify the executable file such that the data may be placed at a location in memory not based on a fixed distance from the code. The platform may modify the executable file to indicate that the code should be loaded in a hardware enclave and at least a portion of the data should be loaded in the memory outside the hardware enclave. The platform may encrypt the code and provide it to a computing device.

Abstract: Systems and methods include program instructions to identify that a user is accessing, via a user interface of a user device, a user interaction aggregator of a digital platform to perform user interaction(s) across a network, each user interaction of the one or more user interactions having specific interaction-based authentication data associated therewith to perform each user interaction. Further, program instructions access a virtual aggregation table of stored recurring electronic processes, each stored recurring electronic process having associated therewith stored interaction-based authentication data. Program instructions also display, via the user interface, an aggregation of optional user interactions for the user to perform via the digital platform, each optional user interaction being selected from the stored recurring electronic processes.

Abstract: A user access control method for an information system is proposed. The method may include processing login of a user using the information system, and acquiring a reference image obtained by capturing the logged-in user on the basis of a login time. The method may also include extracting reference feature information from the reference image and storing the reference feature information, and acquiring target images obtained by capturing a user using the information system at predetermined intervals. The method may further include extracting each target feature information from each target image; comparing each target feature information with the reference feature information to confirm whether or not each user using the information system at predetermined intervals is the same as the logged-in user, and controlling an access for the each user using the information system when the each user using the information system is not the same as the logged-in user.

Abstract: Embodiments of the present disclosure provide systems and methods for performing ECG-based authentication. A set of electrocardiogram (ECG) signals of a user may be received by a computing device from an ECG monitor. The computing device may be associated with a resource to which the computing device controls access. An ECG profile for the user may be determined based on the set of ECG signals. In response to receiving a request to access the resource, an authentication ECG signal may be requested to authenticate the user. The authentication ECG signal may be received from the ECG monitor and compared to the ECG profile of the user to determine whether the authentication ECG signal matches the ECG profile. In response to determining that the authentication ECG signal matches the ECG profile, the user may be authenticated and granted access to the resource.

Abstract: Systems, methods, and apparatuses for proactive generation of biometric signatures are described. Based on a first biometric signature matching a first authenticated signature, an indication of portions of the biometric input that will be different after a second time may be generated. A second authenticated signature based on the indication and the biometric input received at the first time may be generated. A second biometric signature based on the indication and the biometric input received after a second time may be generated. Based on the second biometric signature matching the second authenticated signature, a prompt requesting authorization to generate a third authenticated signature based on the biometric input received after the second time may be generated. Based on receiving authorization to generate a third authenticated signature, a third authenticated signature may be generated.

Abstract: Disclosed herein are systems and methods for associating a voice signature with an order identifier and/or authenticating an individual for an order pickup. A system can receive an order identifier and obtain an audio stream from a user that is designated to retrieve the contents of the order from a pickup location. The system can determine a voice signature associated with the audio stream and associate that voice signature with the order for pickup. During an order pickup period, an individual can provide an audio sample to the system to authenticate himself for picking up an order. The system can compare a voice signature of the audio sample with stored voice signatures relating to outstanding orders to determine whether the individual is authorized to retrieve an order identifier.

Abstract: Systems and methods include program instructions to predict that a user will utilize external source(s) to transfer at least one resource into an entity-based record. The program instructions obtain identifying information data about the external source(s), the identifying information data including user-specific authentication information data, and automatically populate one or more data entries of a virtual aggregation table that is configured to store data records of external source identification information, where the automatically populating includes storing the obtained identifying information data about the external source(s). The program instructions also determine that a user is accessing an entity-based digital platform to access optional sources for making a resource transfer. Additionally, the program instructions display, via a user interface of a user device, an aggregation of optional external sources each optional external source having a selectable input associated therewith.

Abstract: A server device according to an aspect of the present disclosure includes: at least one memory storing a set of instructions; and at least one processor configured to execute the set of instructions to: acquire biometric information of each of a plurality of employees working in a first company and registers the biometric information in a database; execute biometric authentication using biometric information of a first authentication target and the plurality of pieces of biometric information registered in the database, the biometric information of the first authentication target being included in a first authentication request transmitted from a first authentication terminal installed in a second company having a partnership with the first company; and manage so that the first authentication target has clocked in to the first company when authentication is successful.

Abstract: An electronic device adapted to executing at least one application, includes an access control, wherein a number of authentication means implemented by the access control is settable according to a security level assigned to the application.

Abstract: The image acquisition unit acquires a body image generated by capturing an image of a body of a target person when a target person is in a position away from an imaging unit by a first distance and acquires a code image generated by capturing an image of a code recording medium carried by the target person when the target person is in a position away from the imaging unit by a second distance shorter than the first distance. The authentication information generation unit starts processing for generating biometric information for authentication of the target person from the body image in accordance with the acquisition of the body image of the target person. The embedded information acquisition unit acquires embedded information from the code image. The authentication unit executes biometric authentication by collating biometric information for authentication with biometric information for registration included in the embedded information.

Abstract: An apparatus, method and system are provided for sensing an individual's biometric information, and generating and transmitting an acoustic signal representative of the sensed biometric information. The acoustic signal may be transmitted as an audio signal or an ultrasonic signal to another apparatus in the system for authentication or verification of the individual's identity.

Abstract: An apparatus for activating a physical card in a virtual environment comprises a processor associated with a server. The processor is configured to receive a request to issue a physical card to a first user and to generate a first non-fungible token (NFT) for storage in the physical card, wherein the first NFT is then displayed as a digital card in a virtual environment. The processor is further configured to receive the digital card in an interaction and to generate a second NFT. The processor is further configured to combine the first NFT and the second NFT to generate an activation NFT that allows the physical card to access a profile corresponding to the first user during an interaction. The processor is further configured to transmit the activation NFT and an instruction to the first user device to store the activation NFT in the physical card.

Abstract: A method including: providing, on an output user interface of an electronic device, data including an audio sequence and/or an image, the provided data including a first and a second datum, the provided first datum being obtained by altering a third datum associated with a user account, the provided second datum being an unaltered datum or portion of a datum associated with the user account; designating one of the provided data via an input user interface; authenticating access to the user account from the electronic device based on a proximity between the designated datum and the provided first and/or second datum. A related electronic device, computer program product and corresponding medium.

Abstract: Methods of verifying a genuine presence and identity of a user of a mobile device include analyzing a stream of data from sensors of the mobile device over a period spanning a user press of a button displayed on a touch screen of the device. Results of the analysis are used to distinguish a genuine user button press from a simulated event generated by device emulation software or other simulation tool. The presence and identity verification are determined in part by the results of the sensor stream analysis, optionally in conjunction with an analysis of biometric data captured by the mobile device when the press of a button on the device touch screen has been elicited. The biometric data may include capture of imagery of a user face or body part by a camera of the mobile device.

Abstract: Provided is a robot device having a structure in which a plurality of links is hinge-coupled, and having simplified wiring for signal and power transmission at a hinge portion. The robot device includes a plurality of links and a hinge part that includes a deformable signal transmission part and connects the links adjacent to each other. The robot device further includes a flexible circuit board including a signal transmission line layer and a low-rigidity insulating layer stacked on top of each other, the signal transmission line layer transmitting a signal, the low-rigidity insulating layer insulating the signal transmission line layer, each of the plurality of links is formed by the flexible circuit board having a high-rigidity material bonded to both sides or at least one side thereof, and the hinge part is formed by the flexible board having no high-rigidity material bonded to either of the sides thereof.

Abstract: Various methods, apparatuses/systems, and media for programmatically generating and rotating secrets for applications to read them to connect to various services are disclosed. A processor determines, in a preconfigured time interval, whether secrets/credentials corresponding to a service provider has been changed; calls a first API to retrieve the changed secrets/credentials from the corresponding service provider; stores the changed secrets/credentials to a corresponding predefined location; causes an application to call a second API to retrieve the changed secret or the credential from the corresponding predefined location; and automatically establishes a connection between the application and the corresponding service provider based on a determination that the changed secrets/credentials retrieved from the predefined location matches with the changed secrets/credentials retrieved from the corresponding service provider during the preconfigured time interval.

Abstract: A computer-implemented method for generating multiple valid OTP (One Time Password) for a single identity using a shared logic, including using an OTP solution based on a shared logic generating and validating multiple valid OTPs in a OTP validation process; dynamically changing the shared logic in a OTP client or in a OTP server if there is a logic overlapping in the shared logic; using the OTP solution for one or more distributed disconnected environments only if the shared logic is overlapping; using valid OTP for non-valid requests with redirecting an attacker to a sandbox instead of a desired target after fake successful authentication and requesting additional data to approve authentication; and using recursively an OTP generation process output in another OTP generation process input creating a derived chained OTP defined by the shared logic being known to both the OTP generation process and the OTP server.

Abstract: In an example embodiment, a solution is provided that provides parallel executions of privileged actions in an audited and secured way. This highly impacts the resiliency of applications because it allows for quick responses in outage situations and makes maintenance activities that could prevent the outages less cumbersome.

Abstract: A system and method for building a trusted execution environment for software programs in a system-on-chip (SOC) field programmable gate array (FPGA). A processing system is located on the semiconductor substrate of the SOC which includes one or more processors, and the FPGA is in communication with the processing system and implements one more soft processors to create one or more trusted execution environments for a software program process to execute within. Each trusted execution environment is configured to allow a software program to execute in a secure manner wherein the software program is isolated from, at least, the full plurality of computing resources of the SOC. The system and method can be used with SOCs on servers hosting remote computing.

Abstract: A method installs a mitigation program in the kernel of a computing device to mitigate a vulnerability liable to affect a function to be protected running in a user space of the computing device (EQ). The method includes sending a request containing a unique identifier of the vulnerability to a security server, obtaining, in response to the request, a description file describing the program, obtaining an object code for the mitigation program identified in the description file, publishing a link to resolve at least one symbol of the object code in order to generate an executable code for the mitigation program specific to the device, and installing the executable code in the kernel of the device. The device includes means for ensuring that the mitigation program mitigates the vulnerability only for that function to be protected.

Abstract: An activity trace extraction device executes malware to collect an analysis log including a plurality of activity traces of the malware, and executes the malware again in an environment indicating time information different from time information at the time of executing the malware to collect a time change analysis log including a plurality of activity traces of the malware. The activity trace extraction device updates the analysis log by removing, from the analysis log, the activity trace different from the activity trace of the time change analysis log among the plurality of activity traces included in the analysis log based on the analysis log and the time change analysis log. The activity trace extraction device generates trace information of the malware independent of time lapse based on the updated analysis log.

Abstract: Disclosed are a system and method for automatically generating a playbook and verifying validity of a playbook based on artificial intelligence, wherein the system present invention includes a system for automatically generating a playbook that automatically generates the playbook, and a system for verifying validity of a playbook that is connected to the system for automatically generating a playbook through a network to perform the verification of the validity on the playbook received from the system for automatically generating a playbook.

Abstract: In some embodiments, techniques for identifying email events generated by bot activity are provided. For example, a process may involve applying bot detection patterns to identify bot activity among email response events.

Abstract: Described are techniques for automated labeling of cybersecurity incidents. The techniques include generating a set of labels for a received cybersecurity incident based on features of the received cybersecurity incident. The techniques further include prioritizing the set of labels to generate a subset of labels, and associating the subset of labels to the received cybersecurity incident.

Abstract: The detection device that detects presence of an unauthorized message in an in-vehicle network, the detection device includes: a state detection unit configured to detect a transition to a state in which a periodic message is transmitted in an in-vehicle network, based on content of a message transmitted in the in-vehicle network; and a processing unit configured to perform detection processing to detect presence of the unauthorized message based on a reception status of a plurality of the periodic messages in the state detected by the state detection unit.

Abstract: A method of supporting decision-making of security control includes: (a) when an system for automatically analyzing a security threat receives a security warning from a security device, collecting security threat events generating the security warning from the security device; (b) when the collected security threat events exceed a preset event processing threshold, generating, by the system for automatically analyzing a security threat, a first request message for preferentially processing a security event; (c) when receiving the first request message generated from the system, determining, by the system for supporting priority of security control, a priority processing order of the security threat events, and notifying the system; and (d) when receiving the second request message generated from the system, determining, by the system for supporting priority of security control, a priority processing order and notifying the system for automatically analyzing a security threat of the determined priority process

Abstract: Techniques for event driven harvesting and analysis of cloud computing resources in a cloud computing environment, comprising: obtaining, from a cloud computing environment, data related to an event that occurred in the cloud computing environment; in response to obtaining the data, requesting, from the cloud computing environment, supplemental data about the event that occurred in the cloud computing environment, the supplemental data including information about the event and/or information about impact of the event on a resource; determining whether a security action is to be taken at least in part by analyzing the data and/or the supplemental data; and when it is determined a security action is to be taken, performing the security action.

Abstract: Methods and systems for blocking and detecting exploits and malicious code in an operating system and preventing malicious actions from being taken within the Windows® Kernel and within user mode applications.

Abstract: A trace information determination device includes an extraction unit that extracts a feature of malware, a classification unit that performs clustering on the basis of the feature of malware extracted by the extraction unit and classifies the malware into a predetermined cluster, an attack tendency determination unit that determines a tendency of an attack of the malware on the basis of the cluster classified by the classification unit, and a validity determination unit that determines validity of trace information generated from an activity trace of the malware on the basis of a result of determination by the attack tendency determination unit.

Abstract: A cloud-based operating-system-event and data-access monitoring method includes collecting event information from a monitored cloud-based element. One or more structured event payloads based on the event information is then generated. The structured event payloads that produce one or more validated event collections are then validated. The one or more validated event collections are then serialized and filtered to remove redundant structured event payload data. The filtered validated structured event payloads are then de-serialized to produce a time-sequenced, ordered event stream. The time-sequenced, ordered event stream is de-duplicated to remove duplicate structured event payloads. The time-sequenced ordered event stream is then processed to generate processed information security results.

Abstract: Systems and methods to scan for malware on devices based on process identification. In some implementations, a computer-implemented method includes intercepting an event initiated by a particular process that executes on a system, which pauses the event. It is determined whether to perform a security scan for the event based on a comparison of a type of the event with stored event classification information associated with the particular process. If performing the security scan, a scan of the intercepted event is performed (e.g., sent to a user mode service that executes on the system), and based on the scan, the intercepted event is allowed to proceed or a security operation is performed associated with the intercepted event. If not performing the security scan, the intercepted event is allowed to proceed.

Abstract: Described herein is a prediction engine for aiding decision support. In some examples, the prediction engine can be used in aiding cyber security applications. The prediction engine can include multiple prediction layers that each include a number of machine learning models that contribute to an overall prediction of the prediction engine in predicting whether a respective system or system user poses a cyber-threat. The prediction engine can provide prediction data that can indicate that the respective system or system user is a cyber-threat. In some examples, a decision engine can be employed to use the prediction data to mitigate or eliminate the cyber-threat.

Abstract: An activity trace extraction device executes malware to collect an analysis log including a plurality of activity traces of the malware, and executes the malware again to collect an environment change analysis log including the plurality of activity traces of the malware assumed in a case where an execution environment of a system and a device used at execution of the malware and information unique to application software are changed. The activity trace extraction device updates, based on the analysis log and the environment change analysis log, the analysis log by removing, from the analysis log, an activity trace different from an activity trace of the environment change analysis log among the plurality of activity traces included in the analysis log. The activity trace extraction device generates trace information of the malware independent of the execution environment based on the analysis log updated.

Abstract: The present invention relates to a computer program product, a computing device and a method of detecting a file encrypted by ransomware by identifying a file write operation for a file on the computing device and determining if a predetermined number of bytes of the file is stored in a memory buffer on the computing device. An entropy value of the predetermined number of bytes in the memory buffer is determined and compared to a first predetermined threshold, wherein if the determined entropy value exceeds the first predetermined threshold the file associated with the file write operation is flagged as being potentially encrypted by ransomware.

Abstract: In some embodiments, a processor can receive an input string associated with a potentially malicious artifact and convert each character in the input string into a vector of values to define a character matrix. The processor can apply a convolution matrix to a first window of the character matrix to define a first subscore, apply the convolution matrix to a second window of the character matrix to define a second subscore and combine the first subscore and the second subscore to define a score for the convolution matrix. The processor can provide the score for the convolution matrix as an input to a machine learning threat model, identify the potentially malicious artifact as malicious based on an output of the machine learning threat model, and perform a remedial action on the potentially malicious artifact based on identifying the potentially malicious artifact as malicious.

Abstract: There is provided a system and a computerized method of remediating one or more operations linked to a given program running in an operating system, the method comprising: querying a stateful model to retrieve a group of entities related to the given program; terminating at least a sub set of the group of entities related to the given program; generating a remediation plan including one or more operations linked to the given program, the one or more operations being retrieved based on the group in the stateful model; and executing the remediation plan by undoing at least part of the one or more operations linked to the given program thereby restoring state of the operating system to a state prior to the given program being executed. There is further provided a computerized method of detecting malicious code related to a program in an operating system in a live environment.

Abstract: An apparatus to facilitate permissions at a computing system platform is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent and attestation hardware to detect an update at the computing system platform, generate a cryptographic key associated with each of the plurality of agents, perform an attestation with a relying party using the generated cryptographic keys and receive a tuple associated with each of the plurality of agents, wherein a tuple includes one or more permissions indicating platform resources an agent is permitted to access.

Abstract: A device having a processor and a boot code, the processor may create a plurality of revocation emulation containers corresponding to a plurality of owners of the electronic device over time, wherein respective revocation emulation containers may comprise asset revocation information associated with respective owners of the electronic device. The processor may program the asset revocation information of the plurality of revocation emulation containers in a one-time-programmable manner. The processor may use the asset revocation information of the plurality of revocation emulation containers to determine whether to revoke use of respective assets of a plurality of assets associated with the plurality of owners of the electronic device over time. The processor may revoke the subsequent use of respective assets of the plurality of assets associated with the plurality of owners of the electronic device over time based on a determination the respective asset should be revoked.

Abstract: Disclosed are a control method and apparatus for safety boot of a chip, an electronic device and a storage medium. The method includes: determining, at a preset stage of a chip boot process, first mirror data to be checked at the preset stage and first check code corresponding to the first mirror data, from a decryption result obtained by a hardware security module; determining second check code based on the first mirror data; comparing the second check code with the first check code to obtain a comparison result; determining an integrity check result of the first mirror data based on the comparison result; and executing, based on the integrity check result, a safety boot program corresponding to the first mirror data at the preset stage.

Abstract: A method of scoring alerts generated by a plurality of endpoints includes the steps of: in response to a new alert generated by a first endpoint of the plurality of endpoints, generating an anomaly score of the new alert; identifying a rule that triggered the new alert and determining a threat score associated with the rule; and generating a security risk score for the new alert based on the anomaly score and the threat score and transmitting the security risk score to a security analytics platform of the endpoints.

Abstract: A system and method for evaluating penetration testing tools. In one embodiment, a method includes generating a plurality of instructions, wherein the instructions comprise one or more security vulnerabilities for testing a web server, generating the web server, wherein the web server comprises the plurality of instructions with the one or more security vulnerabilities, receiving a penetration test result from a penetration testing tool executing on the web server, and computing a precision of the penetration testing tool for detecting the one or more security vulnerabilities.

Abstract: Example solutions performing software code vulnerability reduction. An input code portion is extracted from input software code. The input code passage may be syntactically incomplete and/or syntactically incorrect. A code vulnerability is detected in the input code portion. A correction of the code vulnerability is made, and an output code portion is generated including the correction. In some examples, a code vulnerability detection tool take, as input, the output from a code completion tool. The output is thus annotated or corrected in real-time, as a user is developing the code.

Abstract: Disclosed is an SBOM-reporting software program product that generates dynamic software bill of materials (SBOM) data for a software application during execution of the software application. Dynamic SBOM data identifies currently loaded dependencies of the software application. The program instructions for generating dynamic SBOM data are included in the software application. Also disclosed is a computer system for locating potentially-exploitable software dependencies comprising one or more computers comprising one or more SBOM-reporting software applications programmed to generate dynamic SBOM data. The computer system includes an SBOM server that can request of receive dynamic SBOM data from the SBOM-reporting software applications and may also include an SBOM collector that collects dynamic SBOM data from the SBOM-reporting applications.

Abstract: A system for testing a security object is disclosed. The system comprises processors and memory storing a plurality of security engines and instructions that, when executed by the processors, causes the system to: access a decision tree comprising a first node and a plurality of second nodes; link a first leaf node of the decision tree with a first security engine; link a second leaf node of the decision tree with a second security engine; receive a security object comprising a digital asset that is attackable using one or more attack execution operations; and test the security object using the decision tree to determine a security threat parameter for the security object. The security threat parameter may be used to prioritize one or more remediation steps for mitigating against the one or more attack execution operations associated with the digital asset.

Abstract: Various embodiments of the teachings herein include a method for determining the integrity of data processing of operative data using a trusted execution environment. The method may include: presenting the trusted execution environment with input data including the operative data and test data; processing the input data to produce output data; subjecting that portion of the output data formed by the processed test data to a comparison with reference data; and using the comparison as a basis for determining the integrity of the data processing.

Abstract: A permission based media system to perform operations that include: presenting a first media object at a client device associated with a user account, the first media object including a reference that identifies the user account; receiving an input that selects the first media object from the client device; determining a permission of the user account based on the reference that identifies the user account; presenting a set of options based on the permission associated with the user account; receiving a selection of an option from among the set of options; and generating a second media object based on the first media object and the selection of the option, according to certain embodiments.

Abstract: A system and method for data processing and storage using quantum and deoxyribonucleic acid (DNA) computing. The method includes receiving a request for a search data item. The request includes a first information represented by classical binary bits. The request is converted into a converted request. The converted request includes the first information represented by quantum bits. One or more servers are searched based on the converted request using a quantum search algorithm. Search results are generated. The search results are ranked according to ranking rules. A highest-ranked result includes a second information represented by quantum bits. The highest-ranked result is converted to a converted highest-ranked result. The converted highest-ranked result includes the second information represented by DNA bits. The converted highest-ranked result is encrypted to generate an encrypted and converted highest-ranked result. The encrypted and converted highest-ranked result is stored in one or more DNA strands.

Abstract: A real-time data encryption or decryption security system using a key management server may comprise: a service interface configured to request an encryption-decryption key from the key management server according to a predetermined operation procedure in response to access to a specific file of an application program and receiving the encryption-decryption key and a first algorithm from the key management server; an access controller acquiring a file path of the specific file based on access information for the specific file, checking whether the specific file exists in an encryption directory, and performing access control of the specific file based on the first algorithm; and an encryption-decryption unit identifying whether the specific file is an encryption or decryption target file, and encrypting or decrypting the encryption or decryption target file using the encryption-decryption key.

Abstract: A device configured to provide access to a digital document to a user device and to receive an access request for a first masked data element within the digital document. The device is further configured to generate a first blockchain transaction that identifies a machine learning model that is stored in a blockchain. The device is further configured to publish the first blockchain transaction in a blockchain ledger for the blockchain and to receive a second blockchain transaction from the machine learning model in response to publishing the blockchain transaction in the blockchain ledger. The second transaction indicates whether the user is approved for accessing the masked data element. The device is further configured to provide access to the first masked data element on the user device for the user in response to determining that the user is approved for accessing the masked data element.