A method for storing time-sensitive secrets in a network is provided. The method includes receiving a first encryption key from multiple encryption keys, the multiple encryption keys associated with a first time window and accessing a data packet encoded according to the encryption keys. The method also includes writing a decrypted data packet to a block in a blockchain when the first encryption key matches a first time-sensitive value, and writing the decrypted data packet to the block in the blockchain when a second encryption key, received from the content provider, matches a second time-sensitive value after the first time-sensitive value has lapsed, wherein the first time-sensitive value and the second time-sensitive value are a non-overlapping time sequence in the first time window. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.

An example operation may include one or more of receiving, by a node, a request for a transfer of a transport to a location, passing, by the node, the request to a plurality of nodes, receiving permissions from the plurality of the nodes, responsive to the permissions, sending a request to at least one node from the plurality of the nodes based on the location, and recording, by the node, the transfer of the transport to the at least one node on a remote storage.

A system and method for providing multifactor authentication. A disclosed method includes receiving a request at a server to launch a new session for an application on a client device, generating a plurality of codes, each of the plurality of codes associated with a respective identifier, and forwarding the plurality of codes via a short messaging service (SMS) message to a user associated with the client device. The method further includes sending the respective identifier associated with a given code of the plurality of codes to the application and receiving a submitted code entered into the application from the client device. Once received, the method compares the submitted code with the given code associated with the respective identifier and authenticates the user in response to the submitted code matching the given code.

A method of providing login information may include sending, from a service web page executed on a browser, a login request to an authentication web page executed on the browser, executing, by the authentication web page, a single sign on (SSO) agent in an electronic device, sending, by the authentication web page, a request for authentication information of a user to the SSO agent, generating and transmitting, by the SSO agent, a random number to the authentication web page, generating and transmitting an encrypted eigenvalue on an authentication web server based on the random number to the SSO agent, calling, by the SSO agent, an authentication application programming interface (API) server, and transmitting the eigenvalue, validating the eigenvalue on the authentication API server, and receiving, by the SSO agent, a result of the validating from the authentication API server, and transmitting the authentication information to the authentication web server.

Techniques for detection over-the-top piracy are described. In some embodiments, a piracy detection method is performed at a server by a piracy detector. The piracy detector obtains records associated with requests for access from a plurality of client devices. The piracy detector further distributes the records to a plurality of nodes according to distribution keys extracted from the records, where each of the plurality of nodes receives a respective set of records associated with a respective distribution key and generates a set of respective watch session records based on the respective set of records. The piracy detector also generates watch session records associated with the distribution keys by aggregating the respective watch session records from the plurality of nodes. The piracy detector additionally identifies one or more pirated client devices among the plurality of client devices based on clusters established from the watch session records.

Methods and systems are described herein for detecting anomalous access to system resources. An anomaly detection system may access system events from one or more computing devices and may generate entries from the system events. Each entry may include a corresponding timestamp indicating a time when a corresponding system event occurred, a corresponding user identifier indicating a user account within a computing environment associated with the corresponding system event, a corresponding location identifier indicating a location within the computing environment, and a corresponding action identifier indicating an action that the user account performed with respect to the location or an object within the computing environment. The generated entries may be aggregated and input into an anomaly detection model to obtain anomalous activity identified by the model.

There is a need for more effective and efficient network security coordination. This need can be addressed by, for example, techniques for network asset vulnerability detection. In one example, a method includes detecting network assets within a monitored computer network; and for each network asset: determining a vulnerability profile, determining a connectivity profile, determining a vulnerability designation based on the vulnerability profile for the network asset and a network vulnerability documentation repository, determining whether the vulnerability designation for the network asset indicates a positive vulnerability designation, and in response to determining that the vulnerability designation indicates the positive vulnerability designation, decoupling the network asset from the monitored computer network using the connectivity profile for the network asset.

Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a file system.

A method for protection from cyber attacks in a CAN (Controller Area Network), of a vehicle including the steps of selecting periodic messages having a transmission periodicity, grouping the periodic messages, and performing an analysis of messages of the nodes that exchange the received periodic messages, which includes obtaining times of arrival at the respective nodes of a set of periodic messages that have the same message identifier, computing average-offset values over successive subsets, of a given number of messages, accumulating the average-offset values for each identifier to obtain accumulated-offset values, identifying linear parameters by computing an angular coefficient, of a regression, and an intercept, or identification error, computing a correlation coefficient of the average offset of pairs of messages identified as coming from the same node, determining whether the correlation coefficient is higher than a first given threshold, determining whether the angular coefficient between two consecutive messages with the same identifier is higher than a second given threshold, determining whether the intercept between two consecutive messages is higher than a third given threshold, and supplying the results of these determinations to a message-classification operation.

Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.