Abstract: Some embodiments include a method of providing security and privacy for a message sender. The method can include a messaging application determining that a messaging interface of the computing device is active and is revealing or about to reveal the electronic message. The messaging application can identify a recipient account of a messaging server system that is associated with the electronic message according to the electronic message or the messaging server system. The messaging application can then monitor a data feed from a sensor of the computing device to detect a biometric pattern that matches against a biometric profile model associated with the recipient account utilizing a biometric recognition process. In response to determining that the detected biometric pattern does not match the biometric profile model associated with the recipient account, the messaging application can activate a privacy shield to prevent content of the electronic message from being revealed.

Abstract: A system with methods to be integrated as a quantum-communication firewall solution. The system is implemented with technology in combination of background-noise analysis, phase-shifting operation, phase-combination operations, and a proprietary data-synchronization mechanism. Thereby, through an optical communication channel with such a quantum-communication firewall solution, a conventional quantum communication system is not only capable of resisting specific spectrum attacks within a quantum communication channel, but also capable of countering a malicious optical source.

Abstract: Technologies for securely providing one or more remote accelerators hosted on edge resources to a client compute device includes a device that further includes an accelerator and one or more processors. The one or more processors are to determine whether to enable acceleration of an encrypted workload, receive, via an edge network, encrypted data from a client compute device, and transfer the encrypted data to the accelerator without exposing content of the encrypted data to the one or more processors. The accelerator is to receive, in response to a determination to enable the acceleration of the encrypted workload, an accelerator key from a secure server via a secured channel, and process, in response to a transfer of the encrypted data from the one or more processors, the encrypted data using the accelerator key.

Abstract: A system is provided for transfer of digital resources using an integrated resource platform. In particular, the system may comprise a networked platform that may be accessible by one or more users to access digital resources (e.g., non-fungible tokens stored on a distributed register). The platform may further display a graphical user interface through which the user may take various actions with respect to such digital resources, including the ability to view metadata associated with the resources or to transfer the resources. In this regard, the platform may integrate multiple different types of distributed registers and/or legacy computing systems such that the user may access the digital resources along with the functions associated therewith.

Abstract: A secure start system for an autonomous vehicle can include a communications router comprising an input interface to receive a boot-loader to enable network communications with a backend system. The secure start system utilizes a tunnel key from the backend system to establish a private communications session with a backend data vault. The secure start system then retrieves a set of decryption keys from the backend data vault, via the private communications session, to decrypt a plurality of encrypted drives of the autonomous vehicle, which enables one or more functions of the autonomous vehicle.

Abstract: At least one proof transaction for recording on a blockchain comprises at least an s-part for an Elliptic Curve Digital Signature Algorithm, ECDSA, signature. The s-part is computed from a set of signature components, each provided by a participant of a signing subset of a set of keyshare participants. Each of keyshare participant holds an ephemeral keyshare of an unknown ephemeral key, and each of the signing components is provided by the participant of the signing subset based on their ephemeral keyshare. The at least one proof transaction indicates an r-challenge of at least one challenge transaction, and a node of a blockchain network applies signature verification to: (i) the s-part of the at least one proof transaction, and (ii) one of: (iia) an r-part of the r-challenge, (iib) an r-part of the at least one proof transaction, and in that event checks that that r-part satisfies the r-challenge.

Abstract: A method is provided for determining command-to-process correspondence. The method includes identifying, by the hardware processor, initial processes resulting from executions of container immutability change events for each of multiple initially mutable containers in a cluster, based on an execution time, a process identifier and a process group identifier for each of the container immutability change events. The method also includes designating, by the hardware processor, a particular external command, from among external container commands stored in a database, as having a correspondence to an initial process, responsive to the initial process matching at least one respective process resulting from executing the particular external command.

Abstract: A data communication system for transferring data from a hardware unit to a blockchain or other distributed ledger. The system includes a hardware interface to connect to the hardware unit, and a device having a microcontroller, a secure element connected to the microcontroller, first communication module, and a communication protocol for enabling the microcontroller to communicate with the hardware interface through the first communication module. The microcontroller is configured to: read data from the hardware unit through the hardware interface; generate a transaction corresponding to the data; securely generate a blockchain private key (dB); digitally sign the transaction by a blockchain private key (dB); deliver the signed transaction, and then delete the blockchain private key (dB) from volatile memory of the hardware unit. The microcontroller is adapted to generate a blockchain private key (dB) from parameters contained in part from the device itself and in part from the hardware interface.

Abstract: One or more embodiments described herein disclose methods and systems that are directed at providing enhanced privacy and security to distributed ledger-based networks (DLNs) via the implementation of zero-knowledge proofs (ZKPs) in the DLNs. ZKPs allow participants of DLNs to prove ownership of accounts on the DLNs without having to necessarily reveal private information such as the private key of the account publicly. As such, the disclosed methods and systems directed at the ZKP-enabled DLNs provide privacy to participants of the DLNs while still allowing the DLNs to remain as consensus-based networks.

Abstract: In some examples, for process-to-process communication, such as in function linking, a virtual channel can be provisioned to provide virtual machine to virtual machine communications. In response to a transmit request from a source virtual machine, the virtual channel can cause a data copy from a source buffer associated with the source virtual machine without decryption or encryption. The virtual channel provisions a key identifier for the copied data. The destination virtual machine can receive an indication data is available and can cause the data to be decrypted using a key accessed using the key identifier and source address of the copied data. In addition, the data can be encrypted using a second, different key for storage in a destination buffer associated with the destination virtual machine. In some examples, the key identifier and source address is managed by the virtual channel and is not visible to virtual machine or hypervisor.

Abstract: Methods, systems, apparatuses, and computer program products are provided for reconstructing network activity. A network activity monitor is configured to monitor network activity for various network entities. Based on the monitoring, a set of features may be obtained for each network entity. A determination may be made for a number of vertices suitable for describing the sets of features in a multidimensional space. In some implementations, the vertices may define a convex hull in the multidimensional space. Each of the vertices may be assigned a different usage pattern that represents a certain type of network usage types. Reconstructed network activity for a particular network entity may be represented as a weighted combination of the usage patterns. Based on the reconstruction, a network anomaly may be detected, a network may be modified, and/or an alert may be generated.

Abstract: A system and method for automatic identification of photocopied documents is disclosed wherein the method is performed by capturing an image of a marked printed document; decoding a digital watermark embedded in the image, obtaining a mark identifier; recovering, by searching a database, at least one calibration parameter associated with the mark identifier; applying a discrete Fourier transform to the image, obtaining a frequency matrix; obtaining at least one maximum frequency value in the frequency matrix; comparing the at least one maximum frequency value with at least one calibration parameter; determining, on the basis of the comparison, if the marked printed document is an original document or a photocopied document.

Abstract: Embodiments described herein relate to apparatuses and methods for registering and storing a local key associated with a local application of a communication device, including, but not limited to, receiving a request from the communication device to register and store the local key, evaluating the request based on at least one first policy, and sending the request to register and store the local key to a secure key storage.

Abstract: Provided herein are systems and methods for identity resolution and data enrichment. An example method performed by at least one hardware processor includes detecting at an account of a data provider, an update to personally identifiable information (PII). The PII is stored in a source table managed by an account of a data consumer. An identity resolution process is performed based on detecting the update. The identity resolution process includes generating a secure identifier of a user associated with the PII. The method further includes generating at the account of the data provider, a result table including the secure identifier. The result table is shared with the account of the data consumer.

Abstract: Methods, apparatuses, and computer program products are disclosed for securely migrating data between devices. An example method includes receiving a request at a first time for data migration between a first user device and a second user device each associated with a first user. The method further includes retrieving a baseline attribute dataset associated with the first user generated before the first time and generating a first attribute dataset associated with the first user. The method includes authenticating a session between the first user device and the second user device at the first time and causing data transfer between the first user device and the second user device. The method further includes generating a second attribute dataset associated with the first user at a second time after the first time and authenticating the session at the second time based on the first attribute dataset and the second attribute dataset.

Abstract: A pair of virtualized security device initialization data sets are received at a first virtualization server from respective sources prior to a launch of a compute instance at the server. A first virtualized security device is initialized using the data sets, and used to generate cryptographic artifacts used by the compute instance. A data item which was included in one of the data sets is modified after the cryptographic artifacts are generated. Additional cryptographic artifacts are generated by a second virtualized security device at a second virtualization server to which the compute instance has been migrated. The second virtualized security device is initialized using at least the modified data item.

Abstract: An information handling system includes a virtual interface configured to provide communication between an agent and an embedded controller, wherein the virtual interface is located below a kernel space of the information handling system. The agent may be configured to transmit telemetry data published by the embedded controller to a data repository, wherein the agent is located at a user space of the information handling system. The embedded controller publishes telemetry data to the data repository via the virtual interface through the agent.

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

Abstract: An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.

Abstract: An apparatus that includes a substrate and a first plurality of circuit components mounted on the substrate, which is associated with a protected area. The apparatus includes a connector formed on the substrate to at least partially circumscribe the protected area and a second plurality of circuit components mounted on the substrate to at least partially circumscribe the connector to form a security barrier to physically inhibit a penetration attack into the protected area.