Abstract: A receiver apparatus and method for optimized decryption and despreading of a very low frequency (VLF) bitstream is disclosed. In embodiments, the receiver includes antenna elements for receiving a transmission security (TRANSEC) encoded bitstream associated with an uncertainty window size and a spread factor. The receiver includes cryptographic processors that, when the spread factor is sufficiently large, select key section numbers A and data section numbers B based on the window size and spread factor. The cryptographic processors generate an output sequence of correlation windows, each correlation window associated with a symbol of the bitstream, via pipelined sectional mirrored-key convolution based on a key section number A and data section number B chosen to optimize performance (e.g., processor performance, memory performance).

Abstract: A computer implemented method of securing an application executing in a software container deployed in a computer system includes providing access to the application selectively in accordance with access control rules by sharing an encryption key with authorized accessors.

Abstract: A vehicular secure gateway system for a vehicle includes a central security gateway disposed at the vehicle. The vehicular secure gateway system includes a connected gateway and a secure gateway. The connected gateway receives wireless communications emanating from external of the vehicle. The vehicular secure gateway system is operable to enable a particular security measure based on determination of a need for that particular security measure. The particular security measure provides enhanced isolation of an on-board diagnostic interface at the secure gateway and enhanced protection of a data communication network of the vehicle. Wireless communications received at the connected gateway are routed through the secure gateway for communication, via a data communication network of the vehicle, to a driving assist system of the vehicle.

Abstract: Systems and methods for an interface device that is configured to locally generated encrypted data and also receive encrypted data from a host computer, locally decrypt the data, and present the decrypted data independently from the host computer.

Abstract: A method and apparatus is provided for updating certificates in a trust chain and managing versions of the trust chain. A first electronic processor determines that a first certificate in a first level of the trust chain is to be updated, updating the first certificate and each certificate in a lower level in the trust chain that is lower than the first level, creates a second version of the trust chain including an updated first certificate and an updated certificate at each lower level in the trust chain, and transmits the second version of the trust chain to one or more entities.

Abstract: Systems and methods for a machine-learning driven fine-grained file access control approach are provided. According to one embodiment, a server associated with an enterprise network can obtain and store information regarding historical user behavior of users of the enterprise network by observing file access requests initiated by the users. The server receives a file access request initiated by a user, which relates to a file stored within the enterprise network in encrypted form. In response to receipt of the file access request, the server determines a risk score for the user based on multiple factors, including information regarding historical user behavior, the file access request and observed data determined based on the file access request so that based on the risk score, access to the file is permitted by returning a decryption key for the file or denied by withholding the decryption key.

Abstract: A computer-implemented method for detecting a security status of a computer system may include: in response to satisfaction of a predetermined trigger condition associated with an electronic application installed on a memory of the computer system, performing a security check process on the computer system; in response to the security check process determining that a security status of the computer system is currently compromised, performing a first security action; and in response to the security check process determining that the security status is formerly compromised, performing a second security action.

Abstract: In a system having a plurality of servers, a method is executed to perform an encryption scheme. The method includes a server of the plurality of servers receiving a request token to compute a function on a data point, the data point being encrypted as a ciphertext and the request token being based on the ciphertext and the function. The server grants the request to compute the function on the datapoint by sending a function evaluation key, and participates in a distributed decryption protocol for determining a result of computing the function on the data point by sending a master secret key.

Abstract: A method for decrypting an encrypted message in a cluster may be provided. The method may include generating, by a first private key generator, one or more system parameters and a master key using a security parameter of the cluster and a depth of the maximum of a unit vector, the cluster including a first member and a second member. The method may also include generating, by the first private key generator, a private key of the first member; The method may further include generating, by a second private key generator, a private key of the second member based on the one or more system parameters, the identification vector of the first member, the private key of the first member, and an identification vector of the second member; The method may still further include decrypting the encrypted message the private key of the first member or the second member.

Abstract: Examples of the present disclosure are related to systems and methods for assuring integrity of operating system and software components at runtime. More specifically, embodiments are directed towards a hardware module configured to monitor a kernel start and drivers being loaded into the kernel, and to continually scan the kernel and drivers for undesired modification after load. Further embodiments extend the monitoring capability to userspace processes.

Abstract: A method of performing operations involving accessing a set of protected computing resources of a computing device includes (a) receiving, by a frontend service, an instruction via a network connection, the instruction directing the computing device to perform an operation involving accessing the set of protected resources, the set of protected computing resources being configured to refuse access to the frontend service, (b) in response to receiving the instruction, sending a request from the frontend service to a backend service, the request instructing the backend service to access the set of protected resources, the backend service being configured to not communicate via the network connection, the set of protected computing resources being configured to permit access to the backend service, and (c) in response to the backend service receiving the request from the frontend service, the backend service accessing the set of protected resources in fulfillment of the operation.

Abstract: An encrypted database system includes a memory storing a database comprising a plurality of logical structural elements each respectively including an unencrypted fuzzed value and encrypted sensitive data formed by encrypting a sensitive data value. The system also includes a processor in communication with the memory and configured to form the plurality of logical structural elements and store the plurality of logical structural elements in the memory. Forming a logical structural element comprises generating the unencrypted fuzzed value for the sensitive data value, encrypting the sensitive data value, and storing the encrypted sensitive data value and the unencrypted fuzzed value in the same logical structural element in the database. The unencrypted fuzzed value is within a predetermined value range and is different from the sensitive data value.

Abstract: Described are examples for curating threat intelligence data including receiving threat intelligence data comprising a list of entities, one or more associations between entities, a reputation score for each entity, and/or a confidence value corresponding to the one or more associations. An updated reputation score for at least one of a first type of entities can be determined based at least in part on the confidence value and/or on determining a reputation score of at least one of a second type of entities to which the at least one of the first type of entities is associated in the one or more associations. The reputation score of the at least one of the first type of entities can be updated, in the threat intelligence data, to the updated reputation score.

Abstract: Leakage of secure content (e.g., unauthorized dissemination of secure content) is prevented even after a user has downloaded a copy of the secure content. In a content management system, the secure content object is accessible by users who access the secure content by downloading copies. While the downloading of a copy to a user device is permitted, further dissemination is not allowed. To enforce this degree of security, the user downloads a virtual file system that is configured to store a local instance of the secure content object in a secure container of the user device. During ongoing operation of the user device, every data movement operation request associated with the local instance of the secure content object is intercepted. Logic implemented in the downloaded a virtual file system will deny any data movement operation request when a target storage location associated with the data movement operation request is other than a location in the secure container.

Abstract: Disclosed is a method of inspecting sensitive information stored in a file system. The method includes storing file inspection result information including a file path field, a field of whether file writing is changed, a file size field, a final file modification date field, and a field of a number of detection per pattern, with respect to files in the file system, monitoring a file change event generated in the file system, detecting a type of the file change event sensed according to the monitoring the file change event, modifying the file inspection result information with respect to the file system according to the type of the file change event, detecting whether sensitive information is included, with respect to modified files in the file inspection result information, and modifying the file inspection result information by reflecting sensitive detection information according to the detection of the sensitive information.

Abstract: Protecting usage of key store content at a given user device of an end user includes receiving the key store content at the given user device. The key store content includes key materials encrypted using encryption credentials compatible with the given user device. The key store content is in a format compatible with the given user device. The encrypted key materials of the key store content are imported to a protected key store of the given user device, wherein all the key materials of the key store content are imported at one go. The key materials are stored at the protected key store in the encrypted form, and are non-exportable from the key store. Internally within the protected key store, one or more key store integrated services of the given user device are allowed to access the non-exportable key materials for use, via key references only.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: An operation method of a security device which includes a plurality of physical unclonable function (PUF) cells includes selecting a target PUF cell of the plurality of PUF cells, selecting at least two reference PUF cells of the plurality of PUF cells based on a sorted list, reading a plurality of sensing data from the target PUF cell and the at least two reference PUF cells, and determining a target bit corresponding to the target PUF cell based on the plurality of sensing data to output the determined target bit.

Abstract: A device includes a substrate, an array of metal pads on a first surface of the substrate, a carbon polymer composite covering the array of metal pads, the composite having variations that result in random resistance values between the metal pads usable as a random code. A method of manufacturing a secure device, including forming an array of metal pads on a dielet substrate, the dielet substrate containing at least one memory in which is stored an encryption key, and an RF communication section, covering the array of metal pads with a carbon polymer composite such that variations in the carbon concentration in the polymer forms a unique pattern of resistance, attaching the dielet substrate to a host component, receiving a request from a security server for a unique code determined by the unique pattern of resistance, and using the encryption key, encrypting and providing the unique code to the security server.

Abstract: Biometric module configured to perform processing as part of a device configured to perform contactless or contact communication with a terminal, the module comprising: a biometric sensor; a display screen; and a control unit configured to: cause the biometric sensor to capture biometric data of a user which can be used to biometrically authenticate the user; obtain biometric authentication information indicating whether the user was biometrically authenticated based on the captured biometric data; and in response to the biometric authentication information indicating the user was biometrically authenticated, cause the display screen to display authenticated information.