Abstract: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.

Abstract: A sender device includes: a first sequence generator configured to generate a first sequence of bits having a bit pattern that incudes first bit values and second bit values; a first parsing processor configured to receive a first plurality of data blocks and the first sequence of bits, and select a first subset of data blocks and a second subset of data blocks from the first plurality of data blocks based on the bit pattern; an encryption processor configured to encrypt the selected first subset of data blocks received from the first parsing processor to generate encrypted data blocks and output the encrypted data blocks to an output terminal that is configured to output the encrypted data blocks and the selected second subset of data blocks as unencrypted data blocks from the sender device.

Abstract: A chip includes a security core module. The security core module includes a security core and a memory. The security core module prevents access of an external module that is inside the chip and that is other than the security core module, and the security core module prevents access of an external device outside the chip. The security core is configured to generate a layer 1 public key and a layer 1 private key based on a hash of a first root public key and a UDS of the chip stored in the memory; and the memory is configured to store the layer 1 private key.

Abstract: In an aspect of the present disclosure is a system for encrypted flight plan communications, the system including a first computing device communicatively connected to a peer-to-peer network including a second computing device, the first computing device configured to receive a verified flight plan from the second computing device, wherein the verified flight plan is encrypted, wherein the verified flight plan comprises battery datum, and decrypt the verified flight plan.

Abstract: Embodiments of the present invention include a computer program product, a computer-implemented method, and a system, where program code executing on one or more processors (on a client) obtains, from a host within a secure environment, data stored on the host. To obtain the data, the processor(s) establishes a communications connection to a computing resource in the secure environment and authenticates to the computing resource to obtain a key. The processor(s) intercepts the data, encrypts the data, with the key, and stores the encrypted data on a buffer accessible to the client.

Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Abstract: Systems and methods of determining file-access patterns in at least one computer network, the network comprising a file-access server, including training a first machine learning (ML) algorithm with a first training dataset comprising vectors representing network traffic such that the first ML algorithm learns to determine network characteristics associated with file-access traffic, determining, using the first ML algorithm, network characteristics based on highest interaction of traffic with the file-access server compared to other interactions in the at least one computer network, and determining file-access patterns in the at least one computer network based on the network characteristics associated with file-access traffic.

Abstract: A method includes receiving, in a data storage device, a request from a client computer for a portion of ciphertext stored in the data storage device, and providing, by a controller of the data storage device, the portion of the ciphertext to the client computer. The method also includes receiving, in the data storage device, an update token generated by the client computer from the portion of the ciphertext. The method further includes performing, by the controller of the data storage device, re-encryption of the ciphertext using the update token.

Abstract: An intelligent-adversary simulator can construct a graph of a virtualized instance of a network including devices connecting to the virtualized instance of the network as well as connections and pathways through the virtualized instance of the network. Running a simulated cyber-attack scenario on the virtualized instance of the network in order to identify one or more critical devices connecting to the virtualized instance of the network from a security standpoint, and then put this information into a generated report to help prioritize which devices should have a priority. During a simulation, the intelligent-adversary simulator calculates paths of least resistance for a cyber threat in the cyber-attack scenario to compromise a source device through to other components until reaching an end goal of the cyber-attack scenario in the virtualized network, all based on historic knowledge of connectivity and behaviour patterns of users and devices within the actual network under analysis.

Abstract: Briefly, systems and methods for managing Internet of Things (IoT) devices provide platforms featuring an architecture for user and device authentication as well as IoT system self-healing.

Abstract: An end-user computing device can include a theft detector that maintains a registered host device list containing identifiers of at least one registered host device. The theft detector can have root access to operations of the end-user device and the theft detector can provides a secure reboot request in response to detecting a possible theft condition. The end-user computing device can also include a boot loader that executes a secure reboot of the end-user device in response to a secure reboot request from the theft detector. The secure reboot of the end-user device resets the end-user device to prevent access to the end-user device.

Abstract: Systems and methods are provided for a media provider to allow a user to access media objects with a third-party partner that authenticates the user and authorizes the user to access certain media objects. The media provider offers access to media objects, such as video content or audio content. The partner, through a relationship with the media provider, similarly offers access to the media provider's media objects, for example, as a service or benefit to the partner's customers or users. In particular, a partner integration server mediates user authentication and authorization by the partner. The partner integration server also allows the media provider to easily and flexibly to add and integrate additional partners.

Abstract: A method, in particular a computer-implemented method, for processing data of a technical system. The method includes the following steps: ascertaining first pieces of information which are associated with a data traffic of the system, and ascertaining metadata associated with the data traffic of the system based on the first pieces of information.

Abstract: Cyberattacks are rampant and can play a major role in modern warfare, particularly on a widely adopted platforms such as the MIL-STD-1553 standard. To protect a 1553 communication bus system from attacks, a trained statistical or machine learning model can be used to monitor commands from a bus controller of the 1553 communication bus system. The statistical and/or machine learning model can be trained to recognize communication anomalies based at least on the probability distribution of patterns of one or more commands. The statistical model can be stochastic model such as a Markov chain that describes a sequence of possible commands in which the probability of each command depends on the occurrence of a group of one or more commands.

Abstract: Systems and methods for dynamic, hyper context-based microsegmentation are described. In one aspect, a computing device is detected on a network. A network hyper context is assigned to the computing device based on network properties and computing device properties associated with the computing device. A policy defining a segment identifier identifying a network segment and corresponding to the network hyper context is accessed. The segment identifier is assigned to the computing device. The computing device is segmented onto the network responsive to detecting the computing device.

Abstract: A method for an access network of a telecommunications network includes: in a first step, a first authentication, authorization and accounting (AAA)-related message is sent by an authentication server entity and received by an access orchestrator entity, the first AAA-related message comprising: at least one standardized message attribute according to an access protocol; and at least one vendor-specific message attribute; in a second step, subsequent to the first step, the access orchestrator entity sends a second AAA-related message to a service edge entity, the second AAA-related message solely comprising the at least one standardized message attribute according to the access protocol; and in a third step, subsequent to the first step and prior to, during or after the second step, the access orchestrator entity sends at least one third AAA-related message to the service edge entity, the at least one third AAA-related message corresponding to a message according to an application programming interface (API)

Abstract: There is provided a method of communication among at least two processes miming on the same computer. The method comprises: generating, by at least one process of the at least two processes, a group key usable for encrypting/decrypting a data unit retrieved from/stored to shared access memory, wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function, wherein each process executes in a protected container, the processes are signed by a single signing authority, and the protected container infrastructure enables use of encrypted, integrity-protected data according to a platform-provided hiding function and a platform-provided revealing function; and verifying, by at least one process of the at least two processes, that a data unit read from shared access memory is successfully decrypted using the group key.

Abstract: Integrated controls frameworks are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for using an integrated control framework for an application comprising a plurality of application modules may include: (1) defining an application profile, an application model, and a target cloud environment for an application; (2) identifying a plurality of security, resiliency, and controls requirements for the target cloud environment; (3) configuring a plurality of security controls for the application based on the plurality of security, resiliency, and controls requirements; and (4) deploying the security controls to the target cloud environment.

Abstract: A method includes storing first authentication information and second authentication information, the first authentication information being information for a user to access a first information processing device, the second authentication information including third authentication information and forth authentication information, the third authentication information being information for the user to access a second information processing device, and the fourth authentication information being information for the user to access a third information processing device; acquiring first index information from the second information processing device based on the third authentication information; acquiring second index information from the third information processing device based on the fourth authentication information; and generating a list including the first index information with a first indication, and the second index information with a second indication different from the first indication.

Abstract: This patent disclosure provides various verification techniques to ensure that anonymized surgical procedure videos are indeed free of any personally-identifiable information (PII). In a particular aspect, a process for verifying that an anonymized surgical procedure video is free of PII is disclosed. This process can begin by receiving a surgical video corresponding to a surgery. The process next removes personally-identifiable information (PII) from the surgical video to generate an anonymized surgical video. Next, the process selects a set of verification video segments from the anonymized surgical procedure video. The process subsequently determines whether each segment in the set of verification video segments is free of PII. If so, the process replaces the surgical video with the anonymized surgical video for storage. If not, the process performs additional PII removal steps on the anonymized surgical video to generate an updated anonymized surgical procedure video.