A cognitive security analytics platform is enhanced by providing a technique for automatically inferring temporal relationship data for cybersecurity events. In operation, a description of a security event is received, typically as unstructured security content or data. Information such as temporal data or cues, are extracted from the description, along with security entity and relationship data. Extracted temporal information is processing according to a set of temporal markers (heuristics) to determine a time value marker (i.e., an established time) of the security event. This processing typically involves retrieval of information from one or more structured data sources. The established time is linked to the security entities and relationships. The resulting security event, as augmented with the identified temporal data, is then subjected to a management operation.

A method for storing time-sensitive secrets in a network is provided. The method includes receiving a first encryption key from multiple encryption keys, the multiple encryption keys associated with a first time window and accessing a data packet encoded according to the encryption keys. The method also includes writing a decrypted data packet to a block in a blockchain when the first encryption key matches a first time-sensitive value, and writing the decrypted data packet to the block in the blockchain when a second encryption key, received from the content provider, matches a second time-sensitive value after the first time-sensitive value has lapsed, wherein the first time-sensitive value and the second time-sensitive value are a non-overlapping time sequence in the first time window. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.

An apparatus in one embodiment comprises a processing platform that includes a plurality of processing devices. The processing platform is configured to implement a master control plane and a plurality of messaging interfaces. Each messaging interface corresponds to one of a plurality of infrastructure controllers residing on an infrastructure under management by the processing platform. The master control plane is configured to communicate with each of the plurality of infrastructure controllers via the corresponding messaging interface. The plurality of infrastructure controllers are each configured to manage a corresponding one of a plurality of infrastructure components of the infrastructure under management. The master control plane is configured to communicate an instruction to a given infrastructure controller of the plurality of infrastructure controllers via the corresponding messaging interface and the given infrastructure controller is configured to modify the corresponding infrastructure component based at least in part on the communicated instruction.

Methods and systems for managing user privacy information in a distributed fashion are provided. In one embodiment, a method is provided that may include receiving an identity with device information that is less sensitive and user information that is more sensitive. The user information may then be encrypted and stored on a repository, and indications of the encrypted device information and the encrypted user information may be stored on a distributed ledger. The method may further include enforcing a first access policy on the encrypted device information and a second access policy on encrypted user information.

A method of secure communication between a computer server and users each having a connected computer system, comprising recording of a unique identifier of the server in the memory of a trusted server, the connected system having first and second digital communication modes, the method further comprising: the transmission of an ASC application to the connected system, the application being installed on the connected system, its execution controlling the automatic opening of a computer session with the trusted server according to the second digital communication mode, the opening of a communication session by the connected system with a server, the opening of a secured communication session by the server with the trusted server, the transmission by the server of an identifier of the connected system, the calculation by the trusted server of a time-stamped code associated with the key, the transmission of the time-stamped code by the trusted server to the connected system corresponding to the identifier transmitted by the server, via a first communication protocol, the acquisition of the time-stamped code by the connected system according to the first protocol, the opening of a communication session by the connected system according to a second protocol, with the trusted server through the application previously loaded and transmission of the acquired code, the verification of the conformity of the code transmitted by the connected system, the transmission to the system connected by the trusted server of a digital validation message including a code conformity indicator and information relating to the server associated with the validated code.

One embodiment provides a method, including: receiving, at a remote device and from a user, a request to generate a one-time password for accessing a default account of a device, wherein the remote device comprises a device public key corresponding to the device and an account public/private key pair corresponding to the default account; generating, at the remote device, the one-time password utilizing the account private key and the device public key; and providing, from the remote device, the one-time password to the user. Other aspects are described and claimed.

An anomaly detection system that includes a database and a server. The server is connected to the database. The server is configured to identify anomalous web traffic for a certain time period based on one or more client keys from the certain time period. The client key(s) includes at least two characteristics related to web traffic data. The server includes a processing unit and a memory. The server is configured to receive the web traffic data from the database, calculate a z-score metric for the client key, calculate a change rate metric for the client key, calculate a failure metric for the client key, determine an anomaly score based on the z-score metric, the change rate metric, and the failure metric, and determine that the certain time period is an anomalous time period based on the anomaly score.

Embodiments of the present invention provide a system for resource distribution within an offline environment. A merchant device internally stores a repository of reference codes and managing entity public keys that are paired with managing entity private keys. The user requests an amount of resources for offline exchange from the managing entity system. The managing entity system transmits certain authorization and encryption information to a user device. When the user device receives an exchange prompt from the computing device of the merchant through near field communication, it generates a digital token incorporating layers of content encryption ending with a managing entity's private key. The encrypted token and reference code are transmitted via near field communication to the merchant device. The merchant device matches the reference code to the managing entity public key and decrypts portions of the token with the managing entity public key to acquire the usable exchange information.

The methods and system allow for the generation of a signcrypted biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The signcrypted biometric electronic signature token involves simultaneous encryption and digital signature to protect the confidentiality. The system as described herein provides data integrity, origin authentication, and efficiency by performing encryption and digital signature simultaneously. The process allows a signcrypting party to enroll in a biometric service, sign a piece of data or content using a public key, that may be tied to a trusted anchor certificate authority, and submit a biometric sample. Subsequently, the relying party may validate the information on that piece of data or content to confirm the identity of the signcrypting party.

Systems, apparatuses, methods, and computer program products are disclosed for generating behavioral attribute data structures. An example method includes generating a video data structure comprising a video stream captured over a duration of time. The example method further includes generating a sensor data structure comprising a set of sensor data captured over the duration of time and stored in temporal relation to the video stream. The example method further includes generating, based on the video data structure, a biometric attribute data structure comprising a set of biometric attributes of the user derived from the video stream. Subsequently, the example method includes generating, based on the sensor data structure and the biometric attribute data structure, a behavioral attribute data structure comprising a set of behavioral attributes of the user derived from the set of sensor data.