Abstract: A method may include, in an information handling system comprising a basic input/output system (BIOS) embodied in non-transitory computer-readable media and configured to be the first code executed by a processor when the information handling system is booted and configured to initialize components of the information handling system into a known state: receiving an indication of installation of a protocol by a producer driver of a plurality of protocol drivers integral to the BIOS, storing metadata regarding the protocol in a protocol database of the BIOS, receiving a request to consume the protocol by a consumer driver of the plurality of protocol drivers, and obfuscating the metadata stored in the protocol database from the consumer driver to prevent the consumer driver from uninstalling the protocol.

Abstract: A system and method for collecting, processing, storing, or transmitting traffic data. A localized data collection module may retrieve, receive, or intercept traffic data through or from hardware installed in a traffic control cabinet adjacent an intersection or other roadway feature of interest. Data which may have previously been confined to a closed loop traffic control system may be remotely accessible for traffic operations control or monitoring via a network connected server and/or cloud architecture.

Abstract: Embodiments disclosed herein generally relate to a system and method for detecting fraudulent computer activity. A computing system generates a plurality of synthetic identities. Each of the plurality of synthetic identities mimics information associated with a verified identity. The computing system receives, from a user, an input attempt. The input attempt includes a synthetic identity of the plurality of synthetic identities. The computing system compares input information in the input attempt to the plurality of synthetic identities. The computing system determines that the input information in the input attempt includes information from the plurality of synthetic identities, if it does, the computing system rejects the input attempt.

Abstract: A computing system is configured to access a plurality of remote databases in order to identify data inconsistencies between the remote databases and provide user interfaces to a user in order to initiate communication via one or more APIs to certain remote databases indicating updates that reconcile said data inconsistencies.

Abstract: Methods and systems are configured to store user data and control access to the user data, wherein the data is stored remotely from the user (such as external to a user's computing device) and the user's data is maintained anonymously. Content is stored in association with a user identifier and access by third parties is controlled by linked third party identifiers.

Abstract: A trusted node, for quantum key distribution, has a quantum key engine, a quantum key controller and a trusted node controller. The quantum key engine exchanges quantum keys. The quantum key controller directs encryption and decryption. The trusted node controller directs the quantum key controller and the quantum key engine, and has no direct access to keys and data protected by the system, including unencrypted quantum keys.

Abstract: A medical treatment machine, such as a dialysis machine (e.g., a home dialysis machine, such as a home hemodialysis machine or a home peritoneal dialysis machine) can receive a digital prescription file that defines parameters of a medical treatment to be administered to a patient. The digital prescription file can be prepared and delivered in such a way that the medical treatment machine can confirm that the issuer (e.g., provider) of the digital prescription file is an authorized issuer without having any a priori knowledge of the particular issuer. The digital prescription file can be delivered irrespective of the inherent security (or lack thereof) of the transmission medium in a tamper-evident format using minimal resources necessary to verify the validity of the digital prescription file and its issuer. The digital prescription file may be delivered to the dialysis machine using a network cloud-based connected health system.

Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.

Abstract: A method may include determining a configuration of one or more basic input/output system (BIOS) settings identified as influencing security at an information handling system. The method may further include determining a security risk score based on the configuration, and generating a security gauge image that provides a visual indication of the security risk score. The security gauge image may be displayed during BIOS initialization at the information handling system.

Abstract: Aspects of the present disclosure relate to threat detection of executable files. A plurality of static data points may be extracted from an executable file without decrypting or unpacking the executable file. The executable file may then be analyzed without decrypting or unpacking the executable file. Analysis of the executable file may comprise applying a classifier to the plurality of extracted static data points. The classifier may be trained from data comprising known malicious executable files, known benign executable files and known unwanted executable files. Based upon analysis of the executable file, a determination can be made as to whether the executable file is harmful.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, to provide digital identification. One of these methods includes receiving a request for a digital document from a digital wallet executing on a mobile device. The method includes identifying a digital document provider capable of providing the requested document. The method includes sending the request for the digital document to the identified digital document provider. The method includes receiving, from the digital document provider, information that enables the mobile device to view the digital document and does not enable the computer system to view the digital document.

Abstract: An electronic device is provided. The electronic device includes a user interface, a location sensor configured to sense a location of the electronic device, a processor electrically connected with the user interface and the location sensor, and a memory electrically connected with the processor and configured to store a first application program and a second application program. The memory is further configured to store instructions that, when executed, enable the processor to receive first location data with a first degree of accuracy regarding the location of the electronic device from the location sensor, process at least part of the first location data to generate second location data with a second degree of accuracy lower than the first degree of accuracy regarding the location of the electronic device, provide the at least part of the first location data to execute the first application program, and provide at least part of the second location data to execute the second application program.

Abstract: A network can operate a WiFi access point with credentials. An unconfigured device can (i) support a Device Provisioning Protocol (DPP), (ii) record responder bootstrap public and private keys, and (iii) be marked with a tag. The network can record initiator bootstrap public and private keys, as well as derived initiator ephemeral public and private keys. An initiator can (i) operate a DPP application, (ii) read the tag, (iii) establish a secure and mutually authenticated connection with the network, and (iv) send the network data within the tag. The network can record the responder bootstrap public key and derive an encryption key with the (i) recorded responder bootstrap public key and (ii) derived initiator ephemeral private key. The network can encrypt credentials using the derived encryption key and send the encrypted credentials to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.

Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for deep learning based API traffic analysis and network security. The invention provides an automated approach to threat and/or attack detection by machine learning based accumulation and/or interpretation of various API/application traffic patterns, identifying and mapping characteristics of normal traffic for each API, and thereafter identifying any deviations from the normal traffic parameter baselines, which deviations may be classified as anomalies or attacks.

Abstract: Systems and methods for verifying credentials to perform a secured operation in a connected system are provided. Such systems and methods may include a cloud server determining whether a face in an image and an activation code valid or invalid. When the cloud server determines that both the face in the image and the activation code are valid, systems and methods may include the cloud server transmitting an instructional signal to the connected system to execute the secured operation. However, when the cloud server determines that the face in the image is invalid, the activation code is invalid, or the image fails to include the face, systems and methods can include the cloud server refraining from transmitting the instructional signal to the connected system to execute the secured operation.

Abstract: Measurement methods, devices and systems based on a trusted high-speed encryption card are disclosed. One of the methods includes: a BIOS actively measuring at least one firmware in a device if an integrity measurement result made by a trusted security chip for the BIOS indicates that the integrity thereof is not corrupted; loading one or more firmware if the integrity of the one or more firmware in the device actively measured by the BIOS is not corrupted; and forbidding a system of the device from being started or controlling the system to enter into a non-secure mode if the integrity of one or more firmware in the device actively measured by the BIOS is corrupted.

Abstract: A data transmission method, a related device, and a related system. The method includes: receiving, by a first access network device, a data packet (for example, small data) sent by user equipment (for example, an IoT device), where the data packet includes a first cookie and raw data; verifying, by the first access network device, the first cookie, to obtain a verification result; and processing, by the first access network device, the raw data based on the verification result. Implementation of embodiments can reduce load on a network side when a large quantity of user equipments need to perform communication, thereby increasing data transmission efficiency.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.

Abstract: A security device includes at least one non-volatile memory element and a key memory having at least one non-volatile memory element including at least one data field. The security device provides a physical interface for the data exchange with a key memory, the range of the physical interface being spatially restricted, and the key memory being location-bound. The security device includes at least one calculation unit, which dynamically ascertains in particular the check-sum information from the parameter data record.

Abstract: A method for secret sharing utilizing multiple features of an input includes: receiving a registration input; obtaining features from the registration input; generating a secret key and a plurality of shared keys according to a shared secret scheme; associating each of the plurality of shared keys with a respective feature of the registration input; generating a plurality of additional features associated with additional keys having a similar format as a shared key associated with a respective feature; storing the plurality of shared keys associated with respective features together with the plurality of additional keys associated with additional features; and encrypting an element to be protected by the secret key using the secret key.