Abstract: A device may receive, at an operating system, a request for a random number from an application. The device may provide a command to generate an entropy input, based on the request for the random number and through a driver that is isolated from the operating system, to a quantum random number generator that is isolated from one or more processors hosting the operating system. Accordingly, the device may receive the entropy input, from the quantum random number generator, using the driver, and may generate the random number based at least in part on the entropy input. The device may provide the random number to the application.

Abstract: There is provided mechanisms for authenticating a first radio communication device with a network. A method is performed by the first radio communication device. The method comprises obtaining credentials for a network subscription to the network. The method comprises obtaining an upper part of a radio protocol stack, according to which radio protocol stack the first radio communication device is configured to communicate with the network. The method comprises authenticating with the network. The method comprises providing, to a second radio communication device, at least one key, as derived from the credentials during the authenticating, for use by the second radio communication device when executing the remaining part of the radio protocol stack for communication between the second radio communication device and the network.

Abstract: Systems, computer program products, and methods are described herein for secure channel selection for multi-factor authentication using non-fungible electronic resources.

Abstract: A host may use address translation to convert virtual addresses to physical addresses for endpoints, which may then submit memory access requests for physical addresses. The host may incorporate the physical address and a signature of the physical address generated using a private key into a translated address field of a response to a translation request. An endpoint may treat the combination as a translated address by storing it in an entry of a translation cache, and accessing the entry for inclusion in a memory access request. The host may generate a signature of the translated address from the request using the private key, with the result being compared to the signature from the request. The memory access request may be verified when the compared values match, and the memory access may be performed using the translated address.

Abstract: Aspects of the subject technology relate to a system configured to receive a set of network snapshot segments from an output stream of a stream processing service, compile the set of network snapshot segments from the set of messages into a first network snapshot and a second network snapshot, and compare the first network snapshot and the second network snapshot to identify a difference between the first network snapshot and the second network snapshot.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to improve anti-malware scan responsiveness, in response to a performance issue on a user computing device, determine a symptom associated with the performance issue based on a user input from the user computing device, the user input corresponding to highlighting an area of a display associated with the performance issue, a window having been rendered on the display by an operating system of the user computing device, identify a scan parameter for a targeted anti-malware scan based on positive results of malware scans from other user computing devices that experienced the symptom, and transmit the scan parameter to the user computing device to facilitate a targeted anti-malware scan of the user computing device based on the scan parameter.

Abstract: Various examples are directed to systems and methods for providing a digital fingerprint of a selected portion of a memory device to a host device. A host device executing at a host device may send a to a driver a command to produce digital fingerprint data. The command may include an output pointer indicating a memory location of the local memory. The driver may generate a modified command that does not include the output pointer. The driver may send the modified command to a memory device. The driver may receive a reply comprising the digital fingerprint data and write the digital fingerprint data to a location at the memory location of local memory of the host device indicated by the output pointer.

Abstract: An example method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits and is derived, at least in part, from the encoded pointer.

Abstract: Aspects of the invention include loading an image of a virtual server onto a boot partition of a trusted execution environment (TEE), wherein a first key is embedded in the image. A second key is received from an end customer of an application. Data is received from an independent software vendor (ISV) of the application, wherein the data includes a third key. The second key and the third key are combined inside the TEE to create a fourth key. An available memory space in an independent memory device is encrypted using the fourth key to create a secure data volume. Encrypted data is stored in the secure data volume.

Abstract: Validating code that is stored in non-volatile memory. In some instances, code that is written and/or processed by an outside entity that is brought into a local non-volatile memory setting can potentially compromise a given computer system. In order to ensure that this type of code is secure, there are methods to generate interrupt signals that can later be overridden by Otprom code in order to properly validate this outside code.

Abstract: A method comprising responsive to a first instruction requesting a memory heap operation, identifying a data block of a memory heap; accessing a tag history for the data block, the tag history comprising a plurality of tags previously assigned to the data block; assigning a tag to the data block, wherein assigning the tag comprises verification that the tag does not match any of the plurality of tags of the tag history; and providing the assigned tag and a reference to a location of the data block.

Abstract: Methods, systems, and techniques for producing and using enhanced machine learning models and computer-implemented tools to investigate cybersecurity related data and threat intelligence data are provided. Example embodiments provide an Enhanced Predictive Security System, for building, deploying, and managing applications for evaluating threat intelligence data that can predict malicious domains associated with bad actors before the domains are known to be malicious. In one example, the EPSS comprises one or more components that work together to provide an architecture and a framework for building and deploying cybersecurity threat analysis application, including machine learning algorithms, feature class engines, tuning systems, ensemble classifier engines, and validation and testing engines.

Abstract: Embodiments are directed to generating and training a distributed machine learning model using data received from a plurality of third parties using a distributed ledger system, such as a blockchain. As each third party submits data suitable for model training, the data submissions are recorded onto the distributed ledger. By traversing the ledger, the learning platform identifies what data has been submitted and by which parties, and trains a model using the submitted data. Each party is also able to remove their data from the learning platform, which is also reflected in the distributed ledger. The distributed ledger thus maintains a record of which parties submitted data, and which parties removed their data from the learning platform, allowing for different third parties to contribute data for model training, while retaining control over their submitted data by being able to remove their data from the learning platform.

Abstract: A system can include, for example, a secure data module(s) configured to store sensitive data regarding the user(s), a synthetic dataset generating module(s) configured to generate the synthetic dataset based on the sensitive data, and a control module configured to receive a request from an application for a dataset related to the user(s), provide the request to the synthetic dataset generating module(s), receive the synthetic dataset from the synthetic dataset generating module(s), and provide the synthetic dataset to the application. The synthetic dataset generating module(s) can be configured to generate the synthetic dataset based on the dataset.

Abstract: A centralized platform for validation of machine learning (ML) models for robotic process automation (RPA) before deployment is provided. The validation platform may support multiple programming languages and build platforms in a single centralized platform. The platform may allow the user to upload the model in a predefined package structure. The platform may then validate the package for deployment.

Abstract: A high assurance kernel executed by a safety certified hypervised system using a separation kernel. The high assurance kernel includes a first level of the separation kernel configured to perform first security features associated with a hypervisor, the first level configured to run on a primary core and a second level of the separation kernel configured to augment the first security features with second security features, the second level implemented on a separate protected component from the primary core, the first level and the second level communicating with one another through a physical separation between the first and second levels. The high assurance kernel may further include a third level of the separation kernel configured as a virtual machine to perform third security features associated with the hypervisor.

Abstract: A method of relay-attack resistant communications in a wireless communications system that includes a master wireless device (Master) sending a synchronization signal to a slave wireless device (Slave). The synchronization signal includes timing information including a common time reference and a timeslot duration for interlocking Master communication timeslots for Master and Slave communication timeslots so that an alternating TX and RX role pattern is provided. The Master analyzes Slave packet data received from the Slave to identify overlaps of a transmission from the Master and the slave packet data, and in a case of detecting overlap, suspends communications from Master to Slave to prevent a relay-attack.

Abstract: A microprocessor that mitigates side channel attacks. The microprocessor includes a data cache memory and a load unit that receive a load operation that specifies a load address. The processor performs speculative execution of instructions and executes instructions out of program order. The load unit detects that the load operation does not have permission to access the load address or that the load address specifies a location for which a valid address translation does not currently exist and provides random load data as a result of the execution of the load operation.

Abstract: In an image forming device, an image forming engine is configured to form an image. A memory stores configuration information and a device password. In a case where a storage medium is connected to the input output interface, the controller determines whether an authentication skipping condition is satisfied. The authentication skipping condition including a condition that the device password is maintained to an initial value. The controller imports the setting configuration information from the storage medium to the memory without performing authentication using the device password in a case where the authentication skipping condition is satisfied. The controller imports the setting configuration information from the storage medium to the memory after performing authentication using the device password in a case where the authentication skipping condition is not satisfied. After the import configuration information is imported, the controller operates according to the import configuration information.

Abstract: Devices and methods for preventing unauthorized access to memory devices are disclosed. A one-time programmable (OTP) memory is included in both a memory device and a processing device. The OTP memories store encryption keys and the encryption and decryption of messages between the two devices are used as a heartbeat to determine that the memory device has not been separated from the processing device and, in some instances, connected to a malicious processing device.