A method for functionally secure connection identification for data exchange via a telegram between a source data service and a sink data service, wherein whether the time stamp of an incoming telegram is older than the time stamp of a predecessor telegram is determined, upon receipt of the predecessor telegram a monitoring counter being started and whether the currently incoming telegram has arrived within a monitoring time is additionally determined, where a local time stamp of a local time basis is compared with the associated time stamp of the incoming telegram and whether a comparison difference does not exceed a period of time is determined, a telegram arriving only being accepted as valid if the time stamp of the arriving telegram is greater than the time stamp of the telegram most recently accepted as valid, and data is valid if the checks are positive, otherwise a fail-safe reaction is triggered.

There is provided a packet monitoring apparatus for monitoring packets copied from an industrial control system (ICS) network, the apparatus being configured to perform an analysis of a plurality of packets copied from the ICS network and generate a digital command signal responsive to the analysis for transmission via a digital input/output channel. There is also provided an active prove that is configured to generate and transmit at least one query packet into the ICS network responsive to a digital command signal, optionally received from the packet monitoring apparatus.

A system for distributed key storage, comprising a requesting device communicatively connected to a plurality of distributed storage nodes, the requesting device designed and configured to receive at least a confidential datum, select at least a distributed storage node of a plurality of distributed storage nodes, whereby selecting further comprises receiving a storage node authorization token from the at least a distributed storage node, querying an instance of a distributed authentication listing containing authentication information using at least a datum of the storage node authorization token, retrieving an authentication determination from the instance of the authentication listing, and selecting the at least a distributed storage node as a function of the authentication determination, generate at least a retrieval authentication datum, and transmit the at least a confidential datum and the at least a retrieval verification datum to the at least a distributed storage node.

An information processing apparatus communicably connected to an authorization server and a resource server, includes an expiration time generated based on a time of the information processing apparatus in a request for a token for usage of a service provided by the resource server, and sends the request to the authorization server; includes, when time information of the authorization server is received as a response to the request by the requesting unit, an expiration time generated based on the time information of the authorization server in the request for the token, and resends the request; requests the resource server for time information of the resource server using the token obtained as a response to the request, and corrects the time of the information processing apparatus based on the time information of the resource server.

Various systems, mediums, and methods herein describe mechanisms that enable client devices to have access to data based on various address configurations. A smart phone system may be configured to receive a request. The smart phone system may also be configured to determine an address based at least on the request received, where the address provides access to data on a website. The smart phone system may also determine the address based on a receipt of the address generated by a server system. The smart phone system may also determine a timestamp associated with a transfer of the address at a geolocation. The smart phone system may also determine one or more time periods from the timestamp associated with the transfer of the address at the geolocation. The address may provide access to the data on the website during the one or more time periods.

This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.

A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.

A method for data processing comprises: S100. if a to-be-sent email needs to be saved cryptographically or sent cryptographically, automatically converting a main body of the mail into an html file, the html file including an attachment link for linking a mail attachment; S200. compressing a filename of the html file and a filename of the mail attachment into a new html filename and a new mail attachment name using a first open source algorithm based on a first password preset between a sender and a recipient, thereby obtaining a renamed html file and a renamed mail attachment; S300. compressing the renamed html and the renamed mail attachment using a second open source algorithm based on a second password preset between the sender and the recipient, thereby obtaining a compressed file; and S400. releasing a memory space and/or a hard disk space occupied by the to-be-sent mail, encrypting the to-be-sent mail and then saving it to a draft box or sending it in a manner in which a mail has a null mail body and the compressed file is used as the mail attachment. In this way, a method and a system for data processing are implemented, which utilize open source algorithms and have a wider applicability.

First event data, indicative of a first activity on a computer network and second event data indicative of a second activity on the computer network, is received. A first machine learning anomaly detection model is applied to the first event data, by a real-time analysis engine operated by the threat indicator detection system in real time, to detect first anomaly data. A second machine learning anomaly detection model is applied to the first anomaly data and the second event data, by a batch analysis engine operated by the threat indicator detection system in a batch mode, to detect second anomaly data. A third anomaly is detected using an anomaly detection rule. The threat indictor system processes the first anomaly data, the second anomaly data, and the third anomaly data using a threat indicator model to identify a threat indicator associated with a potential security threat to the computer network.

Embodiments of the present invention provide a system for generating a real-time audio token for multi-factor audio authentication. The system is configured for determining that a user is accessing an entity resource, via a user device of the user, causing a cryptographic device associated with the user to generate and emit a dynamically varying continuous audio tone, performing authentication of the user based at least in part on the dynamically varying continuous audio tone, determining that the authentication based at least in part on the dynamically varying continuous audio tone is successful, and allowing the user to access the entity resource based on determining that the authentication based at least in part on the dynamically varying continuous audio tone is successful.