Abstract: There are provided systems and methods for a dynamic pixel display in electronic communications to enhance data security. Electronic network communications by a service provider, such as an electronic transaction processor for digital transactions, may be compromised by malicious computing attacks or other actions that compromise the security of the communications and corresponding data within the communications. To increase security of the data within a communication, such as text or images in an email, the service provider may utilize a pixel arrangement within a field of the communication that has corresponding identifiers and weblinks to backend pixel data that have randomized so that each pixel's location is variable between different communications. When the email is opened, code for the email may request the backend pixel data using the weblinks. A malicious party listening to the communication does not receive the data without having to reconstruct the randomized layout.

Abstract: The disclosed technologies include methods for generating a calibration model using data that is selected to match the conditions of a particular trial that involves an automated comparison of data samples, such as a comparison-based trial performed by an audio-based recognition, identification, or detection system. The disclosed technologies also include improved methods for selecting candidate data used to build the calibration model. The disclosed technologies further include methods for evaluating the performance of the calibration model and for rejecting a trial when not enough matched candidate data is available to build the calibration model. The disclosed technologies additionally include the use of regularization and automated data generation techniques to further improve the robustness of the calibration model.

Abstract: Embodiments are directed to a phased boot process to dynamically initialize devices in a verified environment. An embodiment of a system includes a memory device to store platform initialization firmware to cause the processing system to: initialize, during a boot process, a portion of the one or more memory modules as system management random access memory (SMRAM) for system management mode (SMM) usage; generate an SMM component in the SMRAM, the SMM component comprising an SMM handler routine to handle dynamic intellectual property (IP) management operations corresponding to the plurality of hardware components; register the SMM handler routine with an SMM interrupt (SMI) for identification of SMM events from an operating system (OS); and generate an SMM dispatcher in the SMRAM, the SMM dispatcher to create an instance of the SMM handler routine in the SMRAM in response to receiving an SMI from the OS during runtime of the processing system.

Abstract: Some methods in a wireless communication network may include providing a first authentication key, and deriving a second authentication key based on the first authentication key, with the second authentication key being associated with the wireless terminal. Responsive to deriving the second authentication key, a key response message may be transmitted including the second authentication key and/or an EAP-Finish/Re-auth message. Some other methods in a wireless communication network may include receiving a key response message including a core network mobility management authentication key and an EAP-Finish/Re-auth message. Responsive to receiving the key response message, the network may initiate transmission of an EAP-Finish/Re-auth message and/or a freshness parameter used to derive the core network mobility management authentication key from the wireless communication network to the wireless terminal responsive to the key response message. Related wireless terminal methods are also discussed.

Abstract: A public key generated by each user of a plurality of users is used to encrypt the contacts for that user. The results are sent to a server by each user. The key generated by each user is then distributed to every other user in the system, and each recipient encrypts their contacts with the keys. The result of these encryptions for all contacts for all recipients is then received by the server, and the server computes an encrypted computation of equality of two contacts and sends all computations back to the original user. The user can use the homomorphic property of the crypto protocol (e.g., a private key) to determine a set of users that are matched as contacts with the other users. The binary results are returned to the server, and the server computes a graph using the results.

Abstract: In order to mitigate side channel attacks that exploit speculative store-to-load forwarding, a store dependence predictor is used to prevent store-to-load forwarding if the load and store instructions do not have a matching translation context (TC). In one design, a store queue (SQ) stores the TC—a function of the privilege mode (PM), address space identifier (ASID), and/or virtual machine identifier (VMID)—of each store and conditions store-to-load forwarding on matching store and load TCs. In another design, a memory dependence predictor (MDP) disambiguates predictions of store-to-load forwarding based on the load instruction's TC. In each design, the MDP or SQ does not predict or allow store-to-load forwarding for loads whose addresses, but not their TCs, match an MDP entry.

Abstract: A processor and a method are disclosed that mitigate side channel attacks (SCAs) that exploit store-to-load forwarding operations. In one embodiment, the processor detects a translation context change from a first translation context (TC) to a second TC and responsively disallows store-to-load forwarding until all store instructions older than the TC change are committed. The TC comprises an address space identifier (ASID), a virtual machine identifier (VMID), a privilege mode (PM) or a combination of two or more of the ASID, VMID and PM, or a derivative thereof, such as a TC hash, TC generation value, or a RobID associated with the last TC-updating instruction. In other embodiments, TC generation values of load and store instructions are compared or RobIDs of the load and store instructions are compared with the RobID associated with the last TC-updating instruction. If the instructions' RobIDs straddle the TC boundary, store-to-load forwarding is not allowed.

Abstract: Systems and methods include receiving a list of web sites; anonymously browsing to each web site in the list; receiving a response based on the browsing; and analyzing the response to classify each web site as malicious or not based on a plurality of techniques including JavaScript (JS) obfuscation detection based on de-obfuscation. The systems and methods can further include providing a blacklist of web sites classified as malicious. The systems and methods can further include determining the list of web sites periodically based on a plurality of factors. The JS obfuscation detection can be performed by de-obfuscating JS content and utilizing heuristics to determine if the de-obfuscated JS content is malicious, and the heuristics can include a presence of any of a new JS function and a domain in the de-obfuscated JS content.

Abstract: An electronic circuit includes a driving cell, one or more driven cells and one or more inverters. The driving cell has two or more inputs and at least one output and is configured to toggle the output between first and second logic states in response to the inputs. Each driven cell has two or more inputs, of which at least one input is configured to be driven by the output of the driving cell. The one or more inverters are placed in a signal network that connects the driving cell to the driven cells. The inverters are configured to balance, over the signal network, (i) a first capacitive load charged by electrical currents caused by transitions from the first logic state to the second logic state and (ii) a second capacitive load charged by electrical currents caused by transitions from the second logic state to the first logic state.

Abstract: This document relates to a process for autopilot re-enrollment of managed devices in a network following a reset of the managed devices. Upon determining that the managed devices lack a hardware authenticator, a one-time password can be issued to the managed devices that may be stored in a persistent memory, and upon reset of the managed devices, the one-time password can be returned for validation and the managed devices can be automatically re-enrolled in the network upon validation of the one-time password.

Abstract: A security assessment system is configured to provide a duplicated environment which duplicates an assessment target system comprising a plurality of physical components. The security assessment system includes a duplicated environment design circuitry and a duplicated environment construction circuitry. The duplicated environment design circuitry is configured to select a duplication level based on constraints specified by a user and effects associated with the physical components in order to design the duplicated environment to produce a designed result indicative of a duplicated environment design. The duplication level is indicative of any one of a simulation sub-module, an emulation sub-module, and a physical sub-module which are for reproducing the physical components of the assessment target system. The duplicated environment construction circuitry is configured to construct the duplicated environment based on the designed result.

Abstract: A system and method for responding to incidents in an enterprise network is disclosed. The system tracks incidents by creating, in an incident Manager, incident objects for each incident. Each incident object includes details for the incidents, also known as incident characteristics. The system also creates one or more indicators of compromise (IOCs) associated with the incident characteristics for each incident. When processing a new incident or an update to an incident, the system compares IOCs associated with the incident object for the incident being processed to stored IOCs for other incidents to determine if other incidents are related to the incident being processed. In embodiments, the system can then generate tasks for responding to new incidents based on incident characteristics of and IOCs associated with the new incidents, and can regenerate tasks for responding to incidents based on updates to incident characteristics of and IOCs associated with the incidents.

Abstract: Systems and methods for determining an extent of a vulnerability on a computer and remediating the vulnerability. An installed resource set comprising shared software resources installed on the computer is enumerated. A vulnerable resource is identified in the installed resource set. A vulnerable process set including at least one vulnerable process that uses the vulnerable resource is enumerated. And, the vulnerable process is remediated.

Abstract: Customizing an application on a mobile device includes storing at least a portion of customization data in a customization server that is independent of the mobile device, a user of the mobile device accessing the customization server independently of the mobile device, receiving authorization data from the customization server that enables the mobile device to securely receive customization data from the customization server, and the mobile device using the authorization data to cause the customization server to provide the customization data to the mobile device. The authorization data may be provided by postal message, email message, an SMS text message, and/or a visual code provided on a screen of a computer used to access the customization server. The user may use a computer to provide credential information to access the customization server. Customizing the application may allow the mobile device to access a user service on behalf of the user.

Abstract: The present invention discloses a computer implemented method for developing an anomaly detector which is adapted to detect/predict anomaly in one or more network terminals and optimize the behavior of the network terminals. The said method is adapted to collect and monitor the behavior of the network terminals and compare it with the behavior profile of the network terminals in order to detect the anomaly parameter. The behavior profile is the normal interaction of the software and hardware components of the network terminals. A system for implementation and execution of such anomaly detector is also disclosed.

Abstract: A method of automated filtering includes receiving a network traffic snapshot having packets with data stored in respective fields, generating a statistical data structure storing each potential unique combination of data stored in respective fields with an associated counter that is incremented for each occurrence that the combination matches one of the packets of the network traffic snapshot and one or more observation timestamps. Determining an observed vector from the statistical data structure, wherein the observed vector has associated attribute/value pairs and counters that satisfy a predetermined criterion. The observed vector's attribute/value pairs are compared to known attribute/value pairs associated with known DDoS attack vectors of an attack vector database.

Abstract: A system and a method of prevention and/or detection of adversarial attacks against a classifier may include for example: using a classifier adapted to classify data elements of a specific category; receiving a first data element; applying the classifier on the first data element, to produce a first classification of the data element; using an autoencoder to generate a reconstructed, second data element based on the first data element; applying the classifier on the second data element, to produce a second classification of the data element; and analyzing the first and second classifications to detect and/or prevent an adversarial attack on the classifier.

Abstract: Systems and methods may generally be used to securely store an executable file or to compile a securely stored executable file. An example method may include receiving an executable file for long-term storage, segmenting the executable file into a plurality of file segments, encrypting a file segment of the plurality of file segments, storing the plurality of file segments, and retrieving the file segment based on a segment identity for the file segment. The file segment may be output, for example to a requesting device.

Abstract: A method for securing data by embedding the data in a data structure and utilizing a sensor device to detect transfer of the data structure. The data is embedded such that the data is only accessible by first executing an executable program. If the executable program determines that the device attempting to access the data (the accessing device) does not have permission to access the data, then the executable program destroys all or a portion of the data. If the data structure is transferred to another device, a sensor device positioned to detect the data structure when transferred will identify the data. If the sensor device determines that the data structure is not permitted to be transferred, then the sensor device destroys all or a portion of the data.

Abstract: Disclosed are methods and systems to encrypt data with SomeWhat Homomorphic Encryption (SWHE) properties for submission to a distributed ledger/blockchain that allows further open operations retained in the distributed ledger/blockchain on the encrypted data that will be properly reflected when the encrypted result is decrypted by the data owner. The somewhat homomorphic properties include addition and scalar division. Also disclosed is an ability to update a secret key applied for a ciphertext such that a single piece of data may be provided on the distributed ledger/blockchain by a data owner to a new data owner without also exposing other data encrypted with the original secret key of the original data owner.