A first hash of information is generated. The first hash of the information is used to validate if the information (e.g., a software application) has changed. The first hash of the information is generated locally. The first hash of the information is sent to a trusted authority. The trusted authority is a service that is managed by an external party. A validation event associated with the information is detected. For example, a validation event may be where the software application is requesting to be loaded. In response to detecting the validation event associated with the information, a second hash of the information is generated. The second hash of the information is also generated locally. The second hash of the information is sent to the trusted authority. A message is received, from the trusted authority, indicating if the information has changed. The message is used to take an action
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
A first hash of information is generated. The first hash of the information is used to validate if the information (e.g., a software application) has changed. The first hash of the information is generated locally. The first hash of the information is sent to the trusted authority. The trusted authority is a service that is managed by an external party. A validation event associated with the information is detected. A request for the first hash of the information is sent to the trusted authority. The first hash of the information is received from the trusted authority. A second hash of the information is generated. The second hash of the information is generated locally. The received first hash of the information is compared to the generated second hash of the information to determine if the received first hash of the information is the same as the second hash of the information.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
3.
DETECTION OF MALICIOUS SOFTWARE PACKAGES USING MACHINE LEARNING ON CODE AND COMMUNITY DATA
Embodiments of the disclosure provide systems and methods for detecting malicious software packages. Detecting malicious software packages can include collecting information identifying one or more known malicious software component classifiers, collecting information identifying one or more known suspicious community behavior classifiers associated with the one or more known malicious software component classifiers and receiving a software package including software components. The method also includes identifying one or more software components of the software package as malicious based on a comparison between the software components of the software package and each of the collected one or more known malicious software component classifiers and the collected one or more known suspicious community behavior classifiers, generating a malicious probability for each of the identified one or more software components and evaluating whether the software package is malicious based on the generated malicious probability for each of the identified one or more software components.
Language used by a specific user in a specific context is gathered. The language used by the specific user in the specific context is language gathered from a plurality of previously captured electronic communication sessions. For example, the language of the specific user is captured from previous voice, video, and/or text communication sessions. A machine learning process based on the language gathered from the plurality of previously captured electronic communication sessions is trained. The trained machine learning process is used to determine if the specific user is actually participating in an electronic communication session or if a potential imposter is likely posing as the specific user in the electronic communication session. In response to determining that the potential imposter is likely posing as the specific user in the electronic communication session, an action is taken to secure the electronic communication session.
A visual media is received. For example, the received visual media may be a digital image, a video file, or a video stream. A plurality of colors in the visual media are identified. In response to identifying the plurality of colors in the visual media, one or more colors not in the visual media are identified. A watermark is placed in the visual media to produce a watermarked visual media. The watermark comprises at least one of the identified colors not in the visual media. The watermarked visual media is verified using image processing.
A current thread pattern is identified. For example, a thread pattern of a running software application is identified. Current resource information associated with the current thread pattern is identified. For example, the current resource information may include disk usage, packets sent, ports used, accounts created, etc. The current thread pattern and the current resource information associated with the current thread pattern are compared to an existing malicious thread pattern associated with a type of malware and existing malicious resource information associated with the existing thread pattern. A determination is made if the comparison meets a threshold. For example, if the current thread pattern is 90% similar to the existing malicious thread pattern and the current resource information is within 75% of the existing malicious resource information, the threshold is met. In response to the comparison meeting the threshold, an action is taken to mitigate the type of malware.
Source code for a type of malware is received. For example, the source code may be source code from a type of computer virus. An Artificial Intelligence (AI) algorithm is identified. For example, the AI algorithm may be ChatGPT. The source code of the type of malware is run through the AI algorithm to produce mutated source code for the type of malware. A prediction algorithm is used to predict a signature of the mutated source code for the type of malware. For example, the prediction algorithm is trained using existing source code of different types of malware to generate a prediction model. The signature of the mutated source code for the type of malware is then compared to a signature of a potentially new type of malware to determine if the signatures are similar.
A request is received, from a first communication device, to create a code (e.g., the request is to create a Quick Response (QR) code). The created code is for automatically creating a user account on a second communication device. For example, the second communication device may be a corporate web server. User information for automatically creating the user account on the second communication device is received. The code is created. The created code comprises at least one of: the user information for creating the user account; and a link to an account server, where the account server contains the user information. The created code is sent to the first communication device. The first communication device uses the code to create the account on the second communication device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
Documents are often generated using a customer communication management (CCM) application that utilizes rules to select and/or modify certain fragments of a document. By analyzing the rules and content that produced a certain fragment, a second CCM application may be automatically provided with the rules, such as when the first set of rules are not available for porting to a second system. Accordingly, a server may access a rule comprising a condition, a document fragment, and a rule identifier. A server may generate a first document to comprise visible content and hidden content. Generating the first document may comprise evaluating the rule and, when the rule is true, including the document fragment as a portion of the visible content and including the rule identifier as a portion of hidden content. A server may provide the first document to a destination.
Identifying and resolving weaknesses in software are common, resource-intensive tasks for many organizations. Machine-learning models are provided to automatically identify software vulnerabilities or other flaws, such as via entries in a weakness or vulnerability database, identify affected software, generate patches to resolve the vulnerabilities, and apply the patch to affected software. The patch is automatically extracted from code deltas between a software version having the weakness and a subsequent version wherein the weakness has been resolved. Other differences between the versions, not affecting the weakness, are excluded from the code deltas.
A request is received from a tenant. For example, the tenant may be a tenant of a multi-tenant cloud service. The request comprises a one or more Configuration Items (CIs). A CI is used to change data on a computer system or network. A computer resource license associated with the tenant is identified. A determination is made to identify if the request meets the computer resource license. In response to the request meeting the computer resource license, the one or more configuration items are implemented according to the computer resource license. In response to the request not meeting the computer resource license, the request is modified. For example, the request may be split into a plurality of requests.
Devices with low or no security are often added to networks. These devices have the ability to utilize the network and, accordingly, may pose a security risk. Systems and methods herein enable a device to be added to a network and, if the resulting new traffic matches a template, the device is established on an automatically created virtual local area network (VLAN) used solely for the new device. A router is automatically configured to allow traffic that matches the type of device that was newly added, but if other traffic is detected, the device may be treated as a threat and managed accordingly.
Strings of a text file representing a configuration of a target device are respectively tokenized into tokens for the configuration. The tokens for the configuration are shingled. A target device signature representing the configuration of the target device is generated by applying a min-wise independent permutations locality sensitive hashing (MinHash) technique to the tokens as have been shingled. Whether the configuration of the target device is anomalous is identified based on the target device signature.
A sandbox database is created. The sandbox database is typically a temporary database. For example, the sandbox database may be a test database for evaluating a new version of software. Creating the sandbox database comprises creating a sandbox cache in the sandbox database and copying metadata from a main database to the sandbox database. The sandbox cache is used to store record(s) that are accessed during the use of the sandbox database. The metadata is used to reference the record(s). This allows for a simpler process for creating a temporary database to be used for testing software.
G06F 11/36 - Prévention d'erreurs en effectuant des tests ou par débogage de logiciel
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuées; Architectures de systèmes de bases de données distribuées à cet effet
Embodiments provide for detecting viruses and other malware in executing process threads based on thread patterns. According to one embodiment, detecting previously unknown malware associated with process threads can comprise capturing context information for each thread of a plurality of threads executing on a processor. The context information can define a thread pattern for the thread. The thread pattern for each thread can be compared to stored information defining one or more known patterns for thread execution based on previous execution of one or more threads. A thread pattern variation can be detected when the thread pattern for one or more threads does not match the stored information defining the known thread patterns. A determination can be made as to whether the detected thread pattern variation indicates presence of malware and actions can be performed based on determining the detected thread pattern variation indicates the presence of malware.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
Automated testing of an application under test (AUT) often requires providing valid responses to an authentication challenge. Many AUTs require a username and password and, increasingly, a time-based one-time password (TOTP) that complicate automated testing. By storing a shared secret on a client device, a human can train an automated testing application to select the shared secret and provide the shared secret to a shared secret provider. The shared secret provider then provides a token code as the TOTP. The shared secret may be stored as a graphical element, such as a quick response (QR) code, and may further correspond to a particular username used to test the AUT.
Software developers and security personnel routinely scan code to look for threats, such as security vulnerabilities. While such scans are useful, they are unable to determine the actual data provided to a client device executing a web application. By monitoring the web traffic to a client, the libraries utilized by the web application may be determined by name, version, and vendor. With the library identified, the libraries may be provided to one or more repositories of vulnerabilities to identify the particular vulnerabilities of the library. With the vulnerability identified, a resolution (e.g., version wherein the vulnerability was fixed) may be identified and/or other action to mitigate the vulnerability.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
18.
Efficient Length Preserving Encryption of Large Plaintexts
A plaintext is received. For example, a plaintext may be a text record that is to be encrypted and then stored in a database. A determination is made to see if a size of the plaintext is above a threshold. The threshold is based on an efficiency of a Format Preserving Encryption (FPE) algorithm. In response to the size of the plaintext being above the threshold: the plaintext is divided into a plurality of blocks based on a block size; each of the blocks are individually encrypted using the FPE algorithm; and each of the blocks are stored as a single FPE cyphertext. This makes the FPE encryption process much more effacement than has previously been achieved. For example, the FPE process may be 30% more efficient depending on the size of the plain text.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
A first hash of a record is retrieved. The first hash is tokenized by storing the first hash in a tokenization table that has a corresponding hash token. A request is received to validate the record. The request to validate the record comprises a second hash of the record and a second hash token. In response to receiving the request to validate the record, the record is validated by looking up the first hash in the tokenization table using the second hash token and comparing the looked up first hash to the second hash. In response to the looked up first hash being the same as the second hash, the record is validated. In response to the looked up first hash not being the same as the second hash, the record is not validated.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A first hash of a record is retrieved. The first hash is encrypted using an encryption key to produce an encrypted hash. The encrypted hash is stored in the record by replacing the first hash with the encrypted hash or by adding the encrypted hash to the record. A request is received to validate the record. In response to receiving the request to validate the record, the record is validated by: unencrypting the encrypted hash using the encryption key to produce a second hash; hashing the record to produce a third hash; and comparing the second hash to the third hash. In response to the second hash being the same as the third hash, the record is validated. In response to the second hash not being the same as the third hash, the record is not validated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
21.
THROTTLING TEST MODE FOR BROWSER-BASED WEB APPLICATION LOAD TESTING
For each of a number of test commands of a test script for browser-based load testing of a web application hosted by a server device communicatively connected to the test device over a network, the test command is executed within a browser instance running on the test device and simulating usage of the web application by a user. In response to determining that the test command that has been executed is a browser operation command, that the test command executes for a minimum length of time is ensured in a throttling test mode in which the web application is tested via the browser instance.
One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded.
A first execution of a test script is recorded. The recording of the first execution of the test script is of a first interaction between a communication device and an Application Under Test (AUT). First request and response data for the first execution of the test script is captured. A second execution of the test script is recorded. Second request and response data for the second execution of the test script is captured. The first execution of the test script and the second execution of the test script are isolated sessions. The first request and response data is compared to the second request and response data to find one or more varying response values. The one or more varying response values are searched to identify correlations. A second test script is automatically created based on the identified correlations.
An anomaly on a computer network is identified by processing data generated by the computer network. The anomaly is identified based on a first anomaly threshold of a plurality of anomaly thresholds associated with the anomaly. In response to determining that the anomaly has met the first anomaly threshold of the plurality of anomaly thresholds associated with the anomaly, a first authentication level associated with the first anomaly threshold is identified. The plurality of anomaly thresholds associated with the anomaly have a plurality of associated authentication levels. A user interface is displayed to an administrator that includes a prompt to authenticate the administrator at the first authentication level. Authenticating the administrator at the first authentication level allows the administrator to take an action associated with the anomaly. For example, the administrator may unload an application that may likely have been compromised.
An event profile corresponding to a data source at a target system is determined. The event profile includes, for each of a number of fields, a percentage of events that after processing by the data source include data in that event field. A reference event profile is determined that includes, for each of the event fields, a reference percentage. The event profile is compared to the reference event profile. Whether the data source properly processed the events is determined based on comparison of the event profile to the reference event profile.
Software applications often incorporate an embedded browser to perform web-based operations. Not all browsers operate the same way, for example, elements within tabs in Microsoft Edge browsers use messages to communicate through web extensions, while Microsoft Internet Explorer (IE) browsers use the original browsers helper object (BHO). A consequence of the different paradigms is that certain graphical elements may be duplicated in a resource table. A test development may fail to identify the duplication and may produce extraneous or erroneous tests. By launching on a system and monitoring the system's executing processes, a browser application may be determined to be running and, if so, a refresh operation is performed on an application under test (AUT). If the AUT refresh operation results in a browser also performing a refresh, the type of embedded browser may be identified and any duplicates of the same graphical elements identified and merged for subsequent testing.
A first load cycle of an application is determined to have been completed. A load cycle is where the application has been loaded, executed, and then unloaded. One or more of first load parameter associated with the first load cycle of the application, a first execution parameter associated with the first load cycle of the application, and a first unload parameter associated with the first load cycle of the application are retrieved and compared to one or more of a second load parameter associated with a second load cycle of the application, a second execution parameter associated with the second load cycle of the application, and a second unload parameter associated with the second load cycle of the application. The comparison can then be used to identify anomalies between load cycles of the application.
Methods, systems, and techniques are provided for displaying objects in virtual network computing (VNC). For example, a VNC connection may be established between a first device and a second device, where the VNC connection enables a synchronization of an interactive display layout from the first device to the second device. Subsequently, after the VNC connection is established, a page structure of the first device may be retrieved based on an application programming interface (API) on the second device. In some embodiments, based on the retrieved page structure, one or more non-interactive objects on the second device may be displayed, where the one or more non-interactive objects are displayed on top of at least a portion of the interactive display layout at the second device.
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
G06F 3/04886 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p.ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p.ex. des gestes en fonction de la pression exer utilisant un écran tactile ou une tablette numérique, p.ex. entrée de commandes par des tracés gestuels par partition en zones à commande indépendante de la surface d’affichage de l’écran tactile ou de la tablette numérique, p.ex. claviers virtuels ou menus
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p.ex. entités SDN ou NFV
H04L 65/1069 - Gestion de session Établissement ou terminaison d'une session
Documents are often generated using a customer communication management (CCM) application that utilizes rules to select and/or modify certain fragments of a document. By analyzing the rules and content that produced a certain fragment, a second CCM application may be automatically provided with the rules, such as when the first set of rules are not available for porting to a second system. Accordingly, a server may access a rule comprising a condition, a document fragment, and a rule identifier. A server may generate a first document to comprise visible content and hidden content. Generating the first document may comprise evaluating the rule and, when the rule is true, including the document fragment as a portion of the visible content and including the rule identifier as a portion of hidden content. A server may provide the first document to a destination.
G06F 40/284 - Analyse lexicale, p.ex. segmentation en unités ou cooccurrence
G06F 40/131 - Fragmentation de fichiers textes, p.ex. création de blocs de texte réutilisables; Liaison aux fragments, p.ex. par utilisation de XInclude; Espaces de nommage
A plurality of captured packets are received. The plurality of captured packets are from a plurality of packet flows. A packet flow is a communication session between two devices. For example, a packet flow may be a communication session between a client and a server. The plurality of captured packets are sorted into individual packet flows. The individual packet flows are converted into individual videos. For example, each packet from each packet flow is stored as a separate video frame in an individual video. A machine learning algorithm is applied to the individual videos to perform analytic tasks on the individual videos. For example, the machine learning algorithm may be used to identify anomalies within a packet flow and/or between packet flows.
H04L 43/026 - Capture des données de surveillance en utilisant l’identification du flux
G06V 20/40 - RECONNAISSANCE OU COMPRÉHENSION D’IMAGES OU DE VIDÉOS Éléments spécifiques à la scène dans le contenu vidéo
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 65/61 - Diffusion en flux de paquets multimédias pour la prise en charge des services de diffusion par flux unidirectionnel, p.ex. radio sur Internet
31.
AUTO-FIX OBJECT NOT FOUND ERROR USING IMAGE RECOGNITION
A system, device, system-on-a-chip, and method of automatically correcting an object not found error using image recognition are described. The method includes running a test script for testing and analysis of a web page as rendered by a web browser. The method further includes, responsive to detecting the object not found error, automatically locating a missing object associated with the object not found error. One method of locating a missing object includes using image recognition. The method also includes updating the test script with a located object. The method may also include replaying the test script.
Embodiments of the disclosure provide systems and methods for analyzing log files. Automated processing of log files can comprise reading a log file generated during execution of an application and comprising a plurality of log events and generating a plurality of templates based on the plurality of log events in the log file. Each template can map a log event to a candidate value for the log event. The plurality of log events can be aggregated into a plurality of groups based on the candidate value mapped to each log event in the plurality of templates and the plurality of groups of log events can be ranked. The log file can be partitioned based on the ranking of the plurality of groups of log events and one or more groups of log events can be provided to an analysis process based on the partitioning of the log file.
Management program code is executable by a management server on a management network to perform processing. The processing includes establishing a communication stream with a database control agent for a database on a database network separate from the management network, without opening any ports on the database network for access by the management program code. The processing includes receiving a database command for the database from client program code, and dispatching the database command to the database control agent over the communication stream for execution against the database. The processing includes receiving execution results of the database command from the database control agent over the communication stream, and returning the execution results to the client program code in satisfaction of the database command.
Embodiments of the disclosure provide systems and methods for accurately identifying functions in software code that represent vulnerabilities. Identifying vulnerable functions in software code can comprise collecting information identifying one or more known Common Vulnerabilities and Exposures (CVEs) and identifying one or more vulnerable functions in the software code based on relationships between the collected information identifying the one or more known CVEs and the one or more vulnerable functions in the software code. A call graph can be derived for the software code based on the identified one or more vulnerable functions. Each of the identified one or more vulnerable functions can be indicated in the call graph by a vulnerability symbol. A determination can be made as to whether each identified one or more vulnerable functions is a true vulnerability, i.e., when the vulnerable function is encountered when traversing the call graph.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A communication stream is received. For example, the communication stream may be a part of a communication session, such as, a voicemail, a videomail, a voice conference call, a video conference call, and/or the like. A determination is made if the communication stream is completely generated using a session watermark. The session watermark is associated with the communication session. In response to determining that the communication stream is completely generated using the session watermark, the communication stream is identified as a legitimate communication stream. In response to determining that the communication stream has not been completely generated using the session watermark, the communication stream is identified as potentially a vishing communication steam.
A request to grant control of a virtual resource is received. For example, a user may provide a set of authentication credentials that allow the user to execute a virtual machine. The request to grant control of the virtual resource uses an authentication level of a plurality of authentication levels associated with the virtual resource. The request to grant control of the virtual resource is validated. In response to validating the request to grant control of the virtual resource, control of the virtual resource is granted according to the authentication level of the plurality of authentication levels associated with the virtual resource. The user can then control/access the virtual resource based on privileges associated with the authentication level.
A distributed database system maintains a database including a data shard for which a primary computing node is responsible. The primary computing node identifies a data storage plan for the data shard. The plan identifies a file subset of data storage files of the shard to be merged into a larger data storage file, and a node subset of computing nodes of the system that subscribe to the data shard. The primary node identifies which computing nodes of the node subset each have sufficient computing resources to execute the plan, as candidate computing nodes. The primary node identifies which files of the file subset each candidate computing node locally caches. The primary node selects one candidate computing node to execute the plan, based on the files of the file subset that each candidate computing node locally caches. The primary node causes the selected candidate computing node to execute the plan.
A plurality of circular blockchains are created. The plurality of circular blockchains may comprise different structures. For example, the plurality of circular blockchains may include: a single genesis block where a last block in each of the plurality of circular blockchain links back to the single genesis block, a plurality of genesis blocks where a last block in each of the plurality of circular blockchain links back to individual ones of the plurality of genesis blocks, and a genesis block and one or more connection blocks that form the plurality of circular blockchains.
A method includes parsing a data object model associated with a webpage to change an original color scheme for each node of the data object model. Each node corresponds to a display feature of a layout of the webpage. The method also includes generating a modified data object model by replacing the original color scheme for each node with a calculated color scheme, displaying the layout of the webpage using the modified data object model, capturing an image of the layout of the webpage as displayed and detecting any errors in the layout of the webpage. The calculated color scheme assigns a unique color code to each feature of the node based on a position of each feature within the node and based on a position of each node within the data object model.
Input data is received from an analysis of an application running in a real-world environment. The input data identifies one or more parameters that are associated with one or more test scripts that are used to test a new version of the application running in the real-world environment. One or more inputs are received that map the received input data to the one or more test scripts. The one or more test scripts are used to test the new version of the application. The one or more tests scripts are executed against the new version of the application based on the one or more parameters.
A current a version of an external component (e.g., an open-source component or a third-party component) that is used in a software application is identified. A new version of the current version of the external component is identified (supply chain components). For example, the new version may have been just released by an open-source community. In response to identifying the new version of the current version of the of the external component, a series of actions are implemented that include: identifying changes to Application Programming Interfaces (APIs) in the new version of the current version of the external component; identifying new vulnerabilities in the new version of the current version of the external component; and determining a quality history associated with the new version of the current version of the external component. Based on the actions, a composite score is generated and displayed to a developer.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 8/71 - Gestion de versions ; Gestion de configuration
A request is received to deploy a configuration on a computing resource. A compliance check on the configuration is performed according to a policy to determine whether deployment of the configuration on the computing resource is permitted. In response to determining that the deployment of the configuration on the computing resource is permitted, a deployer for the computing resource is controlled to deploy the configuration on the computing resource.
A request to authenticate to a Blockchain as a Service (BaaS) is received from a tenant (e.g., a user that is acting on behalf of a corporation). An authentication credential of the tenant associated with the request to authenticate to the BaaS is determined to be valid. In response to determining that the authentication credential of the tenant associated with the request to authenticate to the BaaS is valid, a level of access is granted to the BaaS. A request is received, from the tenant, to add a transaction block to a blockchain in the BaaS. The blockchain in the BaaS is interspersed with transaction blocks from a plurality of tenants of the BaaS. The transaction block is then added to the blockchain in the BaaS. This addition to the BaaS represents both an Escrow and an Audit capability.
A database stores, for each of a number of software packages, a software package embedding representing the software package. The database stores, for each software package, code block embeddings respectively representing code blocks of the software package. The database stores, for each software package, functionality embeddings respectively representing functionality clusters into which the code block embeddings representing the code blocks of the software package have been clustered. A query embedding representing a query is generated, and used to query the database to identify a relevant code block within a relevant software package for the query.
One or more iterations are performed. Each iteration includes calculating, for each of a number of data points that each have a label probability distribution, a label quality measure based on the label probability distribution of the data point. Each iteration includes updating the label probability distribution of each of at least one of the data points using either or both of a classification technique and a constrained clustering technique based on the data points and the label quality measure of each data point.
A request is received by a network management server, from a managed node, to get cluster information. The cluster information identifies a coordinator node and a leader node (a node hierarchy) that are used to track liveness of the managed node. The coordinator node and the leader node may be identified based on being in the same location as the managed node. The cluster information is sent to the managed node to make the managed node aware of the hierarchy. The coordinator node consolidates liveness of the nodes in its grouping in the cluster. The coordinator node sends a first liveness message of the managed node to the leader node. The leader consolidates a group of coordinator nodes by sending a second liveness message of the managed node to the network management server. This gives the network management server a status of all the managed nodes in the cluster.
H04L 43/0817 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant le fonctionnement
H04L 41/0663 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau en réalisant des actions prédéfinies par la planification du basculement, p.ex. en passant à des éléments de réseau de secours
H04L 43/10 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route
A snapshot event is received. The snapshot event is a snapshot of data that was sampled based on a snapshot metric. For example, the snapshot event may be a number of user logins (the data) over a specific time period (the snapshot metric). A destination analytical database is determined for the snapshot event. The snapshot event may then be sent to a queue. The snapshot event is then sent to the destination analytical database and stored in the destination analytical database.
G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
G06F 16/11 - Administration des systèmes de fichiers, p.ex. détails de l’archivage ou d’instantanés
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuées; Architectures de systèmes de bases de données distribuées à cet effet
An indication of a user being authenticated is received. For example, the user authenticates with a valid username/password. In response to receiving the indication of the user being authenticated, a watermark is associated with the user. The watermark is sent to a communication device of the user. For example, the watermark is sent to the user's personal computer. The communication device of the user embeds the watermark into a communication. For example, the watermark may be embedded into a communication session with a web server. The watermark is sent to a routing device on a network (e.g., a router and/or firewall). The routing device uses the watermark embedded in the communication to determine how to route the communication on the network.
An input regarding security characteristics of a project is received. For example, a security characteristic of a project may be insecure storage of data related to confidentiality. The project is scanned for one or more security requirements based on the received security characteristics. A list of security requirements is built for the project based on the received first input. A machine learning process is used to identify addition of one or more security requirements and/or removal of one or more security requirements from the list of security requirements. A first security vulnerability scan is run using the list of security requirements with the one or more additional security requirements and/or the removed one or more security requirements. Results for the first security vulnerability scan are generated and displayed to a user.
A first node in a distributed blockchain ledger validates all remaining nodes in the distributed blockchain ledger to secure the distributed blockchain ledger. The remaining nodes in the distributed blockchain ledger can be validated in various ways. For example, an encrypted package can be exchanged to obtain a unique session key for each of the remaining nodes in the distributed blockchain ledger. Another alternative is to receive split-key fragments from all the nodes in the distributed blockchain ledger. The received split-key fragments are used to generate a common key for validating all the remaining nodes in the distributed blockchain ledger.
Thread information generated by one or more computing systems is captured. A thread pattern is identified from the captured thread information. The thread pattern is compared to a learned thread pattern. An anomaly is identified in the thread pattern based on a variance from the learned thread pattern. In response to identifying the anomaly in the thread pattern, an action is taken based on the anomalous thread pattern. For example, a user may be notified. The thread patterns may be extended to compare between operating systems, hypervisors, containers, and/or virtual machines.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
A multi-factor authentication request of a user is received. For example, the multi-factor authentication request may include a valid username/password and a valid fingerprint scan. A first authentication factor of the multi-factor authentication request is an access authentication factor (e.g., the valid username/password) and a second authentication factor (e.g., the valid fingerprint scan) of the multi-factor authentication request is one of: a time-only authentication factor; a multi-session authentication factor; and a location-only authentication factor. The user is authenticated based on the first authentication factor and the second authentication factor. Access is granted to one or more resources according to one or more rules associated with the first authentication factor and second authentication factor.
Software is commonly built from a package of software packages, such as open-source packages. A package may require a number of interdependent packages, any one of which may have a security vulnerability. However, the dependencies between packages are often version specific and merely upgrading a package to the newest, or newest non-vulnerable, version may break a dependency and cause the software to be unbuildable (e.g., fail to compile or link) or, if built, faulty. By mapping dependencies to non-vulnerable versions a graphical representation may be built having one or more root-to-leaf paths identifying all the required packages by compatible version but exclude any vulnerable versions. The package may then be built to ensure the resulting software is both internally compatible between packages and absent known security vulnerabilities.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
A request to add a new block to a blockchain is received. Data associated with the new block is scanned to identify malware and/or an anomaly. In response to identifying the malware and/or the anomaly in the data associated with the new block, an action is taken. The action includes: rejecting the request to add the new block to the blockchain, or removing the malware/anomaly from the new block and adding the new block to the blockchain. In a second embodiment, a malware event is identified that identifies malware/an anomaly in a block in a blockchain. In response to the malware event, an action is taken. The action includes: consolidating the blockchain, bypassing the block in the blockchain, consolidating the blockchain and bypassing the block in the blockchain, and deleting an encryption key that was used to encrypt the associated data that comprises the malware and/or the anomaly.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A pointer is set to a first code unit of an original string that encodes characters via code units within an encoding scheme. Whether the code unit of the original string referenced by the pointer is valid within the encoding scheme is determined. If the code unit referenced by the pointer is valid, one or more code units of the original string that encode a single character within the encoding scheme are processed, starting at the code unit referenced by the pointer. The one or more code units as have been processed are appended to a processed string. A single shadow unit indicating that the one or more code units that have been processed are valid is appended to a shadow array. The pointer is advanced to the code unit of the original string following the one or more code units.
Command line inputs to a system by a user or automated script can comprise a number of legitimate commands but, as a series, reveal a reconnaissance attack, such as to gain knowledge of a system without a legitimate reason to do so. A trained artificial intelligence monitors the command line inputs to the system, as a series, and determines therefrom whether a match exists to a reconnaissance attack. The match may be a non-exact match, such as a match determined by a long short-term memory (LSTM) machine learning model. A reconnaissance attack response may then be initiated upon determining a match is present.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
57.
PROVIDING SINGLE-SIGN-ON FOR MULTIFACTOR AUTHENTICATION
A request to authenticate is received. For example, the request to authenticate may be to authenticate to a software application or a device. The request to authenticate is for a first authentication level for a user. The first authentication level is one of a plurality of authentication levels for the user. The request to authenticate is authorized based on a provided one or more authentication factors (e.g., a valid username/password). A plurality of authentication tokens are retrieved. The plurality of authentication tokens are associated with the first authentication level. In addition, each authentication token of the plurality of authentication tokens is associated with an individual application of a plurality of applications. Access to information in the plurality of applications is granted based on the plurality of authentication tokens.
Examples relate to detecting an abnormality. The examples disclosed herein enable receiving, from a first user, a first request to perform a first transaction on at least one data record. A plurality of transactions originated from the first request may be organized in a first hierarchical tree-based data structure having multiple depth levels. The data structure may comprise a root node representing the first transaction and a leaf node representing a second transaction. The examples further enable detecting the abnormality based on at least one parameter where the at least one parameter comprises a size of the data structure and a depth level associated with the leaf node.
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 11/08 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p.ex. en utilisant des codes de contrôle
G06F 17/00 - TRAITEMENT ÉLECTRIQUE DE DONNÉES NUMÉRIQUES Équipement ou méthodes de traitement de données ou de calcul numérique, spécialement adaptés à des fonctions spécifiques
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p.ex. des interruptions ou des opérations d'entrée–sortie
G06F 11/00 - Détection d'erreurs; Correction d'erreurs; Contrôle de fonctionnement
59.
INSTALLATION AND AUTHENTICATION OF APPLICATIONS USING BLOCKCHAIN
A request to install a first version of a software application is received. The first version of the software application is stored in a first blockchain in a first distributed blockchain ledger. In response to receiving the request to install the first version of the software application, the first version of the software application is validated by running a hash of the first blockchain. In response to validating the first version of the software application, the first version of the software application is installed from the blockchain to a device. The software application may also be validated after being installed to the device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
Examples herein involve authorization of use of cryptographic keys based on cryptocurrency payments. An example method includes analyzing a request for a cryptographic key of a key server where the request may be received from a requesting device and the cryptographic key is used to decrypt or encrypt a message of the request, and authorizing use of the cryptographic key to decrypt or encrypt the message based on a balance in a cryptocurrency wallet associated with the request.
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06Q 20/06 - Circuits privés de paiement, p.ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/12 - Architectures de paiement spécialement adaptées aux systèmes de commerce électronique
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
Network traffic is monitored over a period of time (e.g., network traffic of a corporate network). Based on the monitored network traffic: an abstract temporal graph of the network traffic is generated; graph-based node embeddings of the abstract temporal graph are learned; edge tabular embeddings for edges of the abstract temporal graph are learned; and hybrid embeddings are computed. The computed hybrid embeddings are based on the learned graph-based node embeddings for the abstract temporal graph and the learned edge tabular embedding for the edges of the abstract temporal graph. This process is then repeated over multiple time periods and temporal trajectories are computed using the computed hybrid embeddings for each time period. The temporal trajectories are then used for analysis of the network. For example, the temporal trajectories are used to identify anomalies for prevention of security breaches of the network.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
62.
SYSTEM AND METHOD FOR MANAGING FRAGMENTED ENCRYPTION KEYS FOR GRANTING ACCESS
A secondary fragment of an encryption key is received. The secondary fragment is associated with an authentication process of a user. The secondary fragment is one of a plurality of secondary fragments of the encryption key. The user is authenticated (e.g., by validating a username/password). The encryption key is regenerated using the secondary fragment and a primary fragment of the encryption key. In response to regenerating the encryption key using the secondary fragment and the primary fragment, and authenticating the user: access is granted, to the user, by unencrypting an encrypted data record using the regenerated encryption key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Prior to initiating discovery of computing resources of an information technology (IT) infrastructure, an input query and a discovery job are received, and one or more trigger configuration items (CIs) are calculated. The input query specifies how the computing resources are discovered, and has a filter parameter. The discovery job is for the input query, has a job parameter, and is associated with a trigger query that is a subset of the input query. The trigger CIs are calculated based on the trigger query, such that the filter parameter of the input query is replaced with the job parameter in the trigger CIs. Discovery of the computing resources is initiated by dispatching each trigger CI. As discovery of the computing resources occurs, CIs representing the computing resources matching the trigger CIs are received, and the CIs are populated within a configuration management database (CMDB).
Results of an authentication process are received. The authentication process allows for a graded level of authentication using a plurality of authentication types (e.g., a username/password and a fingerprint scan). Encrypted data is then accessed. The encrypted data has been encrypted using a plurality of encryption levels. The data is unencrypted based on the graded level of authentication.
In a second embodiment, a system and method are provided that establish a communication session (e.g., a voice or email communication session). The communication session is between a plurality of users. During the communication session, an indication is received to change an encryption level for the communication session. In response to receiving the indication to change the encryption level for the communication session, an encryption level of the first communication session is dynamically changed from a first level of encryption to a second level of encryption.
Systems and methods include determining a target date; detecting a calendar in a graphical user interface; recognizing a month name in the detected calendar; recognizing one or more date numbers in the detected calendar; identifying a week start day for the detected calendar; identifying a position in the detected calendar associated with the target date based on the identified week start day for the detected calendar and the recognized one or more date numbers in the detected calendar; and automatically selecting the position in the detected calendar associated with the target date.
A request to authenticate is received (e.g., a request to login with a username/password). The request to authenticate comprises an address associated with the request to authenticate (e.g., an IP address). The request to authenticate is validated. In response to validating the request to authenticate, a message is sent to a routing device that identifies the address as authenticated for routing packets. In a second embodiment, a DHCP discover message is received. The DHCP discover message is a request to get an IP address. A determination is made to determine if the DHCP discover message comprises a watermark. In response to determining that the DHCP discover message comprises the watermark: a DHCP offer message is sent with an IP address and a third message is sent to a routing device that identifies the IP address as valid for routing packets.
H04L 61/5014 - Adresses de protocole Internet [IP] en utilisant le protocole de configuration dynamique de l'hôte [DHCP] ou le protocole d'amorçage [BOOTP]
A transaction block in a blockchain is generated. The transaction block in the blockchain comprises a token that points to blockchain data in a tokenization table. An event is detected (e.g., an administrative event). The event is to forget the blockchain data in the tokenization table. In response to detecting the event, the blockchain data in the tokenization table is forgotten. For example, forgetting the blockchain data may comprise permanently deleting the blockchain data in the tokenization table and/or permanently deleting an encryption key for the blockchain data in the tokenization table.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuées; Architectures de systèmes de bases de données distribuées à cet effet
An event is identified. The event is associated with device content (e.g., one or more files) and a network location (e.g., a branch location of a corporation). One or more rules are retrieved. The one or more rules are associated with the device content, the network location, and a number of communication devices at the network location. A number of shards (e.g., erasure encoding shards) are determined based on the rules. The number of shards are generated. The number of shards are sent to a plurality of communication devices at the network location according to the rules. The plurality of communication devices at the network location are equal to or less than the number of communication devices at the network location.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p.ex. pour le traitement simultané de plusieurs programmes
H04L 65/61 - Diffusion en flux de paquets multimédias pour la prise en charge des services de diffusion par flux unidirectionnel, p.ex. radio sur Internet
H04L 65/75 - Gestion des paquets du réseau multimédia
69.
Training a system to recognize scroll bars in an application under test
The design for modern graphical interfaces generated by an application under test (AUT) can take many forms. A codeless testing system reads the output generated by the AUT to identify components, however, scroll bars may be present but in a form that is not reliably identified. As a result, an AUT may comprise scrollable graphical elements that are not identified as such resulting in the performance of tests that are incomplete. By applying a middle button click event, an associated pointer changes form and reveals an associated graphical element to comprise a scrollable element. When the pointer change occurs, testing directed to the scrollable element is then included to perform a more complete testing of the features of the AUT.
A self-contained validation process is initiated. For example, an application may contain code to initiate the self-contained validation process. The self-contained validation process comprises at least one of: a self-contained application validation process, a self-contained container validation process, a self-contained virtual machine validation process, and a self-contained hypervisor validation process. In response to initiating the self-contained validation process, the self-contained validation process requests a list of vulnerabilities associated with the self-contained validation process. The list of vulnerabilities associated with the self-contained validation process is received. For example, the received list of vulnerabilities may identify a security vulnerability in the application. An action taken based on the received list of vulnerabilities associated with the computer process. For example, the application may self-quarantine itself based on the received list of vulnerabilities.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
71.
Method and apparatus for efficient file/folder synchronization
A synchronization structure that indicates changes to files that are to be synchronized is created. The synchronization structure is stored as a series of synchronization blocks. A first synchronization message is received from a communication device. The first synchronization message includes a next block number. A second synchronization message is sent to the communication device. The second synchronization message comprises one or more synchronization blocks that are identified based on the next block number. A third synchronization message is received from the communication device. The third synchronization message requests a number of files to be synchronized. The number of files to be synchronized are sent to the communication device.
A controller system receives from a deployer for a computing resource and into which the controller system has been hooked, a state of the computing resource resulting from deployment of a configuration on the computing resource by a deployment user using the deployer. In response to receiving the state of the computing resource from the deployer, the controller system persists the state within a database. In response to receiving the state of the computing resource from the deployer, the controller system automatically invokes a process previously defined by a process user and maintained by a process system into which the controller system has been hooked, based on the state.
For each item represented within log events that have a power law-oriented distribution, first and second metrics for the item are computed based on the log events which pertain to the item. The items are organized over bins according to the first metric. The bins correspond to different ranges of the first metric. For each bin, the items in the bin are ordered according to the second metric. A plot of the bins over which the items have been organized according to the first metric, is graphically displayed, which includes displaying, for each bin, the items in the bin as have been ordered according to the second metric.
A system includes a processor and a memory coupled with and readable by the processor and storing therein a set of instructions. When executed by the processor, the processor is caused to receive application events associated with an application and create data records based on the application events. The processor is further caused to compute an interestingness value for each of the data records based on a goal of the application, assign the computed interestingness value to each of the data records and store each of the data records with the assigned interestingness value.
A primary blockchain for a software application is created that comprises a first block associated with a software component of the software application. An event is received that is associated with the software component. In response to receiving the event, a component blockchain is created that is associated with the software component. The component blockchain comprises a second block associated with the event. The component blockchain links to the primary blockchain. This provides a structure for managing supply chains of software components. As new software components are received, the new software components can be managed and tracked for quality/security.
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuées; Architectures de systèmes de bases de données distribuées à cet effet
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
76.
USING AUTHENTICATION CREDENTIALS TO VALIDATE BLOCKCHAIN ADDITIONS
A request is received, by a plurality of nodes that are part of a distributed blockchain ledger, to add a transaction block to a plurality of blockchains in the distributed blockchain ledger. The transaction block comprises a transaction block authentication credential(s). The plurality of nodes that are part of the distributed blockchain ledger determine if the transaction block authentication credential(s) are valid. An indication is received from at least a majority of the plurality of nodes that are part of the distributed blockchain ledger that the transaction block authentication credential(s) are valid. In response to receiving the indication from the at least a majority of the plurality of nodes that are part of the distributed blockchain ledger that the transaction block authentication credential(s) are valid, the transaction block is added to the plurality of blockchains in the distributed blockchain ledger.
Testing software applications is routinely limited by time or testing iterations rather than exhaustively testing ever possible permutation of inputs or execution paths. By configuring a testing device to only perform relevant tests, the test results are more meaningful (e.g., few false-positives) and relevant to the application. Additional effects include reduced processing times and storage requirements. As described herein, source code is analyzed to determine elements that indicate a particular environment for the source code's corresponding machine code. When the source code indicates that a particular environment is not a candidate for execution of the machine code, tests associated with that particular environment are excluded. The testing device is then configured to perform those tests, either statically or dynamically, that are relevant for those environments that actually apply.
Embodiments of the present disclosure provide a system for generating risk scores in near real-time. The system includes a processor and a memory coupled with and readable by the processor and storing therein a set of instructions. When executed by the processor, the processor is caused to generate risk scores in near real-time by receiving near real-time application events associated with an application in near real-time and identifying anomalies from the near real-time application events. The processor is further caused to generate risk scores in near real-time by generating an intermediate near real-time risk score for the identified anomalies and combining the intermediate near real-time risk score with a batch risk score generated from a batch process executed prior to receiving the near real-time application events to generate a near real-time risk score.
According to an example, a model is selected from models including an augmented buyer model based on probabilities of conceivable transitions, and each conceivable transition includes a multi-step transition between a first URL and a second URL via at least one intermediate URL of the website. A user is determined to likely be a buyer or a non-buyer based on interaction data and the selected model. The user is presented with an offer that encourages the user to buy from the website upon the determination that the user is a buyer.
A sub-archive is initiated. The sub-archive saves changes that have occurred since a previous final archive. Changes to an operational database (i.e., the operational database that is being archived) are allowed during the first sub-archive. A final archive is initiated in series after the sub-archive has completed. The final archive does not allow changes to the operational database when the final archive is active. In one embodiment, the sub-archive may comprise a plurality of sub-archives that depend on an amount of outstanding changes that exist in the operational database.
Testing software applications often requires a balancing of thoroughness versus the time and computing resources available to perform such tests. Certain data handling operations may potentially expose data to unauthorized parties. However, not all data is equal; some data requires a greater degree of protection than other data, which may be based on a security context (e.g., rule, law, policy, etc.). By generating rules determined by a particular context, extraneous tests on data outside of the context, may be omitted. Unnecessary tests may be omitted and the results of each analysis process correlated to identify actual vulnerabilities and omit false positives, such as vulnerabilities to data that does not require the same degree of care to avoid unauthorized exposure.
A request to retroactively add one or more of an encryption level, an encryption type, a security level, and an authentication level to an existing blockchain is received. An authentication/encryption block is added to the existing blockchain. The authentication/encryption block comprises the one or more of the encryption level, the encryption type, the security level, and the authentication level. Based on the added authentication/encryption block in the existing blockchain, the one or more of the encryption level, the encryption type, the security level, and the authentication level are retroactively applied to at least a portion of blockchain data in the existing blockchain. In one embodiment, a data structure is used in place of the authentication/encryption block.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/38 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité le chiffrement étant effectué par un appareil mécanique, p.ex. cames rotatives, interrupteurs, perforatrices de bande à clavier de clé
83.
APPLICATION TUNING BASED ON PERFORMANCE CHARACTERISTICS
According to examples, an apparatus may include a processor and a memory on which are stored machine-readable instructions that when executed by the processor, may cause the processor to receive information regarding a performance characteristic of an application during predetermined time periods. The processor may calculate a rate of change in the performance characteristic over the predetermined time periods. Based on a determination that the performance characteristic of the application has changed over the predetermined time periods, the processor may tune values of a set of parameters for the application based on the calculated rate of change in the performance characteristic.
Software applications may be installed on a variety of platforms and/or process a variety of data or data in a variety of structures. As a result, optimizing a system to maximize performance often depends on a specific utilization and the specific data being processed. Systems and methods are provided herein to compare the performance of one processing logic, often a live or production environment to a test environment that varies the performance parameters. The variations may be provided by a machine learning algorithm, such as neural network, and produce an improved set of parameters that may then be applied to the production environment.
A request to authenticate a user is received. A random authentication pattern is generated. For example, the random authentication pattern may be for the user to provide a series of biometric scans and/or gesture scans. Instructions for the random authentication pattern are sent to a communication device (e.g., to a smartphone or smartwatch). A generated authentication pattern is received from the communication device. The generated authentication pattern is compared to a stored set of biometric scans and/or gestures scans that are based on the random authentication pattern. The user is authenticated based on the generated authentication pattern meeting a threshold by comparing the generated authentication pattern to the stored set of biometric scans and/or gestures scans.
A copy of a blockchain is stored. The stored copy of the blockchain is copied from a blockchain in a distributed blockchain ledger. An event associated with the blockchain in the distributed ledger is identified. In response identifying the event associated with the blockchain in the distributed ledger, a compromise of the blockchain in the distributed ledger is identified, such as, identifying one or more blocks of the blockchain that have been compromised. In a second embodiment, a request to add a new block to a blockchain is identified. In response identifying the request to add the new block to the blockchain, a consensus vote to add the new block to the blockchain is monitored. A determination is made to determine if the consensus vote is below a threshold. In response to the consensus vote being below the threshold, an audit of the blockchain is completed.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
An event is identified. For example, the event is that the an original blockchain has reached a threshold number of blocks. In response to identifying the event: the original blockchain is completed and a second blockchain is created. The second blockchain comprises a first consolidation genesis block. The first consolidation genesis block comprises a complete hash of the original blockchain and a first consolidation pointer that points to the original blockchain. This allows the blockchain to be divided into smaller pieces that can be verified using less processing resources. In addition, this allows for more efficient searching of blockchains.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
88.
Using a trusted authority to enforce encryption levels/authentication levels in a blockchain
A request to create a blockchain is received. In response to receiving the request to create a blockchain, an authentication/encryption block is added to the blockchain. For example, the authentication/encryption block may be part of a genesis block of the blockchain. The authentication/encryption block comprises metadata that indicates at least one of: 1) an encryption level for blockchain data that will be part of the blockchain, 2) an encryption type for the blockchain data that will be part the blockchain, 3) an authentication level required to access the blockchain data that will be part of the blockchain, and a security level for the blockchain data that will be part of the blockchain. The metadata is used to define encryption and/or authentication requirements for accessing the blockchain data.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
89.
TYPO SQUATTING, DEPENDENCY CONFUSION, AND BRANDJACKING DETECTION
A software build environment is scanned for one or more potentially malicious code paths. In response to scanning the software build environment for the one or more potentially malicious code paths, one or more potentially malicious code paths are identified. The identified one or more potentially malicious code paths comprise at least one of: a typo squat code path, a dependency confusion code path, and a brandjack code path. In response to identifying the one or more potentially malicious code paths a microprocessor does at least one of: generate a notification identifying the one or more potentially malicious code paths, automatically change and/or remove the one or more potentially malicious code paths and deny the start of a build process.
A copy of a blockchain is stored. The stored copy of the blockchain is copied from a blockchain in a distributed blockchain ledger. An event associated with the blockchain in the distributed ledger is identified. In response identifying the event associated with the blockchain in the distributed ledger, a compromise of the blockchain in the distributed ledger is identified, such as, identifying one or more blocks of the blockchain that have been compromised. In a second embodiment, a request to add a new block to a blockchain is identified. In response identifying the request to add the new block to the blockchain, a consensus vote to add the new block to the blockchain is monitored. A determination is made to determine if the consensus vote is below a threshold. In response to the consensus vote being below the threshold, an audit of the blockchain is completed.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
91.
CONTAINER BASED GENERATION OF INPUTS FOR GENERIC FUNCTIONS
According to examples, an apparatus may include a processor and a memory on which are stored machine-readable instructions that when executed by the processor cause the processor to create a container in a container runtime environment. The container may include a plurality of generic functions for installation of an application on a computing device. The processor may receive configuration information correlated to the installation of the application. The configuration information may be correlated to a function among the plurality of generic functions. The processor may generate an input for the correlated function based on the configuration information. The correlated function may execute at the computing device based on the generated input. Based on results of an execution of the correlated function at the computing device, the processor may output a log of the correlated function.
A distributed database system maintains a database including a data shard for which a primary computing node is responsible. The primary computing node identifies a data storage plan for the data shard. The plan identifies a file subset of data storage files of the shard to be merged into a larger data storage file, and a node subset of computing nodes of the system that subscribe to the data shard. The primary node identifies which computing nodes of the node subset each have sufficient computing resources to execute the plan, as candidate computing nodes. The primary node identifies which files of the file subset each candidate computing node locally caches. The primary node selects one candidate computing node to execute the plan, based on the files of the file subset that each candidate computing node locally caches. The primary node causes the selected candidate computing node to execute the plan.
A query plan includes steps to implement a query and debug steps interleaved among the steps. An execution engine of a database system executes each step of the query plan to realize the query. The execution engine executes each debug step of the query plan to generate debugging information for the step preceding the debug step within the query plan. The debugging information is queryable.
A computing device includes a processor and a machine-readable storage storing instructions. The instructions are executable by the processor to: receive an input string including sensitive data to be encrypted; identify a first portion and a second portion of the input string, the first portion comprising the sensitive data; select, from a plurality of hash functions, a hash function based on the second portion; and generate a hash value of the first portion using the selected hash function.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
A first sub-blockchain and a second sub-blockchain are retrieved. The sub-blockchains are predefined fragments of a blockchain that are intended to be used to build a larger blockchain. At least one of the first sub-blockchain and the second sub-blockchain was originally stored in a read-only computer memory or was originally stored in a barcode/RFID tag. A blockchain that comprises the first sub-blockchain and the second sub-blockchain is created. The blockchain is used to track inventory of a product.
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06K 7/10 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire
G06Q 10/087 - Gestion d’inventaires ou de stocks, p.ex. exécution des commandes, approvisionnement ou régularisation par rapport aux commandes
Testing software applications often requires a balancing of thoroughness versus the time and computing resources available to perform such tests. By performing a static analysis on candidate software source code and, from the static analysis, configuring a dynamic analysis component to execute the tests, allows for extraneous tests to be omitted. For example, performing certain vulnerability attacks on a function may be futile if the attack requires a string input but the function only accepts integers. By combining static and dynamic analysis, unnecessary tests may be omitted and the results of each analysis process correlated to identify actual vulnerabilities or falsely indicted vulnerabilities reported by one of the static or dynamic analysis component.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
G06F 8/71 - Gestion de versions ; Gestion de configuration
G06F 11/36 - Prévention d'erreurs en effectuant des tests ou par débogage de logiciel
G06F 8/75 - Analyse structurelle pour la compréhension des programmes
97.
Using capstone blocks in a blockchain with a trusted authority
An event is detected. The event is a designated event for capturing a snapshot of a blockchain where the blockchain is not replicated in a distributed ledger. For example, the event may be where a specific number of new blocks have been added to the blockchain. In response to detecting the event, a capstone block or a lock block is created. The capstone block or the lock block is added to the blockchain. A copy of the capstone block or the copy of the lock block sent to a trusted authority. The copy of the capstone block or the copy of the lock block is used to validate some or all the blockchain to detect if the blockchain has been changed. For example, validating the blockchain may be to detect if the blockchain has been tampered with or has become corrupted.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
98.
INTELLIGENT BOT FOR IMPROVING CYBERSECURITY OPERATIONS AND EDUCATION
A security rule associated with an application is identified. This may be done continuously and verified using machine learning models to ensure that the environment characterized by the data has not changed. For example, a security rule may be which ports are open/closed on a firewall. In response to identifying the security rule associated with the application, a security test based on the security rule is generated. For example, the security test may be to test all the ports on the firewall to see which ports are open/closed. The security test against the application is executed to determine if the security rule has been implemented properly by the application.
A nonce is sent to a user communication device. Obfuscated biometric data is received from the user communication device. The obfuscated biometric data is generated by an obfuscation process that uses the nonce and first biometric data. The first biometric data is generated from a biometric of a user at the user communication device. For example, the first biometric data may be biometric data from a fingerprint scan. The obfuscation process is reversed by using the first nonce to produce the first biometric data. The first biometric data is compared to known biometric data of the user. In response to the first biometric data being within a threshold of the known biometric data, the user is authenticated.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06V 40/16 - Visages humains, p.ex. parties du visage, croquis ou expressions
100.
PROTECTING SENSITIVE INFORMATION BASED ON AUTHENTICATION FACTORS
Sensitive information is identified. For example, the sensitive information may be a set of medical records. A request is received to send the sensitive information from a first domain to a second domain. For example, the request may be to send the sensitive information from a first corporation to a second corporation. The sensitive information is encrypted. The encrypted sensitive information comprises an authentication field. The authentication field identifies one or more authentication factors that are required to unencrypt the sensitive information. For example, the authentication field may indicate that a user is required to provide a username/password and a fingerprint scan to access the sensitive information. The encrypted sensitive information is sent to the second domain. The user in the second domain is required to authenticate using the one or more authentication factors to access the sensitive information.
