Abstract: This disclosure is directed to privacy enforcement via localized personalization. An example device may comprise at least a user interface to present content. A message may be received into a trusted execution environment (TEE) situated within the device or remotely, the message including at least metadata and content. The TEE may determine relevance of the content to a user based on the metadata and user data. Based on the relevance, the TEE may cause the content to be presented to the user via the user interface. In one embodiment, the TEE may be able to personalize the content based on the user data prior to presentation. If the content includes an offer, the TEE may also be able to present counteroffers to the user based on user interaction with the content. The TEE may also be able to cause feedback data to be transmitted to at least the content provider.

Abstract: Systems and methods for zero-footprint email and browser lifecycle, dependency, and configuration management are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for implementing zero-footprint email and browser lifecycle management may include: (1) launching a restricted sandbox with no dependencies installed; (2) executing an email client or browser session with no dependencies in the restricted sandbox; (3) receiving a request for a dependency from the email client or browser; (4) halting initialization of the request; (5) validating the request; (6) retrieving an approved configuration for the dependency; (7) resuming initialization of the request; and (8) destroying contents of the restricted sandbox when the email client or browser session is complete.

Abstract: Implementations of the present specification disclose a consensus verification method, apparatus, and device. In the implementations of the present specification, for each piece of service data, if first consensus verification on the service data fails, a first node determines whether the service data satisfies a predetermined retry condition instead of directly considering the service data to be invalid. If the predetermined retry condition is satisfied, then the service data is stored as service data to be retried. The first node can perform the first consensus verification on the service data to be retried in response to determining that a predetermined retry execution condition is triggered.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes monitoring an enveloped data structure comprising a data envelope and data encrypted based on a first set of PQC encryption attributes. The example method further includes generating an electronic indication of a change in the enveloped data structure. The example method further includes retrieving PQC cryptographic performance information associated with a set of PQC cryptographic techniques. The example method further includes generating a second set of PQC encryption attributes for encrypting the data based on the change in the enveloped data structure and the PQC cryptographic performance information. Subsequently, the example method includes encrypting the data based on the second set of PQC encryption attributes.

Abstract: A system and method are described for sharing IoT devices. For example, one embodiment of a system comprises an Internet of Things (IoT) service in communication with a plurality of IoT devices over a network; a device sharing module to receive an indication from a first user of one or more IoT devices associated with an account of the first user to be shared with a second user; the device sharing module to responsively associate the one or more IoT devices with an account of the second user and to subsequently allow the second user to access the one or more IoT devices.

Abstract: Techniques for cellular Internet of Things (IoT) battery drain prevention in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for cellular IoT battery drain prevention in mobile networks includes monitoring network traffic on a service provider network at a security platform to identify a misbehaving application based on a security policy, wherein the service provider network includes a 4G network or a 5G network; extracting subscription identifier information for network traffic associated with the misbehaving application at the security platform; and enforcing the security policy at the security platform to rate limit paging messages sent to an endpoint device using the subscription identifier information and based on the security policy.

Abstract: The present disclosure is directed to methods and apparatus that manage the flow of traffic. Methods and systems consistent with the present disclosure may allow biometric information of individuals to be collected when access privileges associated with particular individuals are validated or updated. These methods may allow a supervisor to temporarily or permanently authorize certain employees to access components that are located within a traffic control cabinet and these methods may allow changes in traffic signal light timing to be authorized according to a set of rules. Such authorization rules may require proposed signal light timing changes to be approved by a supervisor before a proposed change is implemented. Methods and systems consistent with the present disclosure may also cause components within a control cabinet to be disabled or disconnected when a signal light control cabinet is accessed by unauthorized persons.

Abstract: Determining, by a machine learning model in an isolated operating environment, whether a file is safe for processing by a primary operating environment. The file is provided, when the determining indicates the file is safe for processing, to the primary operating environment for processing by the primary operating environment. When the determining indicates the file is unsafe for processing, the file is prevented from being processed by the primary operating environment. The isolated operating environment can be maintained on an isolated computing system remote from a primary computing system maintaining the primary operating system. The isolating computing system and the primary operating system can communicate over a cloud network.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store a user key, a token relating to a resource, the token comprising the user key in encrypted form, and management data received in the apparatus from a server, and at least one processing core configured to participate in an access interaction with the resource, the access interaction being based at least partly on the token and the user key and the access interaction comprising first sending the management data to the resource and then completing the access interaction to access the resource.

Abstract: Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using known methods that exploit system vulnerabilities, including elliptic operation differentiation, dummy operation detection, lattice attacks, and first real operation detection. Various embodiments of the invention provide resistance against side-channel attacks, such as simple power analysis, caused by the detectability of scalar values from information leaked during regular operation flow that would otherwise compromise system security. In certain embodiments, system immunity is maintained by performing elliptic scalar operations that use secret-independent operation flow in a secure Elliptic Curve Cryptosystem.

Abstract: Systems and methods for detecting IHS attacks by monitoring chains of configuration changes made to Basic Input/Output System (BIOS) or Unified Extensible Firmware Interface (UEFI) attributes are described. In some embodiments, an IHS may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: monitor a chain of BIOS/UEFI configuration changes; compare the chain of BIOS/UEFI configuration changes against an Indication of Attack (IoA); and report an alert in response to the chain of BIOS/UEFI configuration changes matching the IoA.

Abstract: Aspects of the present invention disclose a method for securely storing data. The method includes one or more computer processors receiving, by one or more computer processors, a request to store data, wherein the data includes a plurality of elements. The method further includes generating a plurality of elements of encoded data by on applying one or more encoding algorithms to the data, wherein a quantity of the plurality of elements of the encoded data is equal to a quantity of the plurality of elements of the data. The method further includes distributing the plurality of elements of the encoded data into two or more subsets of the encoded data, without duplication. The method further includes transmitting the two or more subsets of the encoded data to a corresponding quantity of two or more storage systems.

Abstract: According to an embodiment of the present disclosure, an event interface system, hereinafter the system, provides a record storage system and facilitates a proof of custody, proof of chain of custody and proof against tampering for a record by deploying a hash of the record on the blockchain and storing the record on an off-chain storage.

Abstract: A data processing method comprises: in response to data to be encrypted or decrypted, determining, at a blockchain node, whether an adapter coupled to the node has been initialized; in response to determining that the adapter has not been initialized, determining an access address of the adapter; initializing the adapter based on the access address; and enabling the initialized adapter to encrypt or decrypt the data. As such, data encryption or decryption at the blockchain node is accelerated via the adapter.

Abstract: There is provided a new IWF SMC procedure for establishing security association between an MTC UE (10) and an MTC-IWF (20). The MTC-IWF (20) sends to the UE (10) at least an algorithm identifier which instructs the UE (10) to select one of algorithms for deriving a root key (K_iwf). The UE (10) derives the root key (K_iwf) in accordance with the selected algorithm, and derives at least a subkey for checking the integrity of messages transferred between the UE (10) and the MTC-IWF (20) by using the derived root key (K_iwf). The UE (10) protects uplink messages transmitted to the MTC-IWF (20) with the derived subkey. The MTC-IWF (20) protects downlink messages transmitted to the UE (10) with the same subkey derived at a core network.

Abstract: A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications. The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.

Abstract: A blockchain database employs cryptography and other methods to implement and protect a distributed, publicly-amendable ledger. Transactions in a blockchain ledger are intentionally anonymous; however, there are cases where it would be useful to be able to verify or disprove a claim of identity of a contributor of a blockchain transaction. Biometrics can be used to link a human being to digital information using their unique physical traits in a way that is analogous to a handwritten or digital signature. An exemplary embodiment disclosed herein describes methods to create and store data in a blockchain transaction such that it can be used in the future to biometrically verify the identity of the contributor of the transaction, and use encoded biometric data to determine whether the blockchain transaction was created or not created by a particular individual.

Abstract: A method is provided for protecting a trained machine learning model that provides prediction results with confidence levels. The confidence level is a measure of the likelihood that a prediction is correct. The method includes determining if a query input to the model is an attempted attack on the model. If the query is determined to be an attempted attack, a first prediction result having a highest confidence level is swapped with a second prediction result having a relatively lower confidence level so that the first and second prediction results and confidence levels are re-paired. Then, the second prediction result is output from the model with the highest confidence level. By swapping the confidence levels and outputting the prediction results with the swapped confidence levels, the machine learning model is more difficult for an attacker to extract.

Abstract: The present invention concerns an electronic system and a method for managing digital content relating to works of art adapted for preventing the uncontrolled diffusion thereof. The electronic system (10) for managing digital content relating to works of art is characterised in that it comprises at least one importing unit (11) of files comprising digital content relating to works of art associated with at least one display unit (12) of digital content relating to works of art, wherein the importing unit (11) comprises encrypting/decrypting means (11a) of the files comprising digital content relating to works of art, the encrypting/decrypting means comprising means for generating a unique encryption key based on at least one identification code associated in a unique manner with the display unit (12,12?) and/or with at least one electronic part (12a,14a;12a?,14a?) comprised in the same (12,12?).

Abstract: Embodiments of the present application provide a blockchain-based data evidence storage method, a blockchain-based data check method, and relevant apparatuses. The data evidence storage method comprises: performing irreversible encryption on data content of a target file to obtain irreversibly encrypted data of the target file; storing the irreversibly encrypted data in a blockchain and obtaining on-chain evidence storage information of the irreversibly encrypted data; generating a digital watermark of the on-chain evidence storage information; embedding the digital watermark into the target file; and storing the target file embedded with the digital watermark of the on-chain evidence storage information.