Abstract: A computer platform is disclosed. The computer platform comprises a central processing unit (CPU) including at least one socket having a plurality of tiles and control circuitry to partition the socket into a plurality of sub-sockets and assign a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources.

Abstract: A method of tunneling through a network separation device such as a firewall or a Network Address Translator comprising establishing via a custom socket factory coupled with a host device, a connection with a cloud server by tunneling through a network separation device; maintaining, via the custom socket factory, the connection with the cloud server through the network separation device; receiving, via the connection between the custom socket factory and the cloud server, connection information; and directly connecting, via the custom socket factory, to a client device using the connection information received from the cloud server.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: The present disclosure relates to an authentication method of a first device by a second device, each first, second device having a processor, at least one memory, and an authentication circuit, in which the authentication circuit is configured to prohibit the processor from reading data stored in at least part of said memory. The authenticating includes generating a first datum, and a second datum. The second device verifies that the first and second data match.

Abstract: A storage network receives data and a corresponding task, selects a storage units for the task, determines whether the data slice is locally available and when the data slice is not locally available, determines whether a redundant data slice is available from another storage unit. When the redundant data slice is not available from another storage unit, the storage network facilitates rebuilding the data slice to produce a rebuilt data slice by retrieving a decode threshold number of data slices corresponding to the data slice, decoding the decode threshold number of data slices to reproduce a data segment and re-encoding the data segment to produce a pillar width number of data slices that includes the rebuilt data slice.

Abstract: A mediator and a method for securing a mediator for coupling between one or more hosts and one or more consoles comprising one or more peripheral devices. The mediator is having at least three stages: (i) a security setup stage; (ii) a neutralization stage; and (iii) a normal operation stage. In the normal operation stage, the mediator couples between at least one of the one or more peripheral devices and at least one of the one or more peripheral devices. In the neutralization stage the mediator disable coupling between at least one of the one or more peripheral devices and at least one of the one or more peripheral devices. The securing method starts with the security setup stage after at least one of (a) a power-up; (b) a reset; (c) a device connection; and (d) an unlock command.

Abstract: Authenticating a device using processing circuitry that generates fingerprints based on states of a plurality of nodes that are coupled to a plurality of circuits. A first fingerprint is generated at a first time based on first states of the plurality of nodes. A second fingerprint is generated at a second time based on second states of the plurality of nodes, the first fingerprint influencing the second states. Electronic data is obtained from the device to be authenticated. The electronic data is compared with a fingerprint generated and a determination whether to authorize operation of the device is made based on a result of the comparison.

Abstract: Systems and methods for authenticating a peripheral device prior to allowing the peripheral device access to components and data stored on user equipment. In some examples, the user equipment may include an authorization component that is configured to physically decouple a hardware interface from other components of the user equipment until the authorization component is able to authenticate the peripheral device. Both authorized peripheral devices and the user equipment may be provisioned with authorization data and/or credentials from a system outside the control of the individual users of the user equipment.

Abstract: Methods and systems for using cloned accounts to track attacks on user accounts are described. A user login attempt is detected for a user account from a client computing device. A determination is made that the user is not a legitimate user. The user is routed to a cloned user account. An analysis of the interaction between the user and the cloned user account is performed.

Abstract: Account permissions and data accessibility can be modified based on level of confidence for a login attempt to the account. User activity observations corresponding to one or more login attempts to access a user account can be stored. A confidence score associated with a successful login attempt of the user account can be determined. The confidence score is based on the user activity observations. A level of access to an application with functions and data for the user account can be determined. The level of access is based on the confidence score. The level of access is associated with the functions and the data that are executable and accessible subsequent to the successful login attempt.

Abstract: The technology described herein discloses systems and methods for upgrading biometric authentication system. The system can receive first biometric information in connection with an authentication request from a user. The system can authenticate the user via a first authentication system by comparing the first biometric information received in connection with the authentication request with second biometric information. The user can be automatically enrolled into a second authentication system using the first biometric information received in connection with the authentication request.

Abstract: A credential accessing system includes an interface and a processor. The interface is configured to receive a request to access a credential using a credential access application. The processor is configured to execute the credential access application in response to a request from a user application, wherein the request from the user application comprises an indication of a target application. Executing the credential access application comprises:1) receiving an indication of interactive control, wherein interactive control is redirected from the user application, and wherein the indication of interactive control comprises the indication to access the credential; 2) determine whether to allow access to the credential; and 3) in response to determining to allow access to the credential, access the credential and provide the credential to the target application; and 4) indicate to redirect interactive control to the target application.

Abstract: A malware detection method and system using a memory map. A malware detection method may include collecting, by processing circuitry, a plurality of memory maps from a plurality of client devices, a client program being installed in each of the plurality of client devices, analyzing, by the processing circuitry, a plurality of memory addresses of the plurality of memory maps to obtain an analysis result, and determining, by the processing circuitry, whether malware is present in one of the plurality of client devices based on the analysis result.

Abstract: A method at a network element for processing a first message destined for an intelligent transportation system station, the method including receiving from a sending entity, or generating, the first message at the network element; based on a source or contents of the first message, performing one of: discarding the first message; or modifying the first message to provide an indication to the intelligent transportation system station of checks the intelligent transportation system does not need to perform, thereby creating a second message; and forwarding the second message to the intelligent transportation system station.

Abstract: A method, system and apparatus for requesting a plurality of credentials from a trusted entity. A local validation device (LVD) receives a credential request or an identifier from each of a plurality of user devices. The LVD generates or compiles a bundle of credential requests corresponding to the plurality of user devices. The LVD transmits the bundle of credentials requests to the MVD. The MVD receives the bundle of request and performs a validation for each request in the bundle and then communicates the credentials and/or the results of the validations to the LVD. The LVD communicates credentials to each of the plurality of user devices. In some cases, the LVD performs the validation for each credential request. For instance, the LVD can receive a local enforcement policy from the MVD, which can provide instructions or guidance to the LVD as to how to perform the validations.

Abstract: A proxy revocation service provides a reliable service for performing revocation checks. The proxy revocation service queries public certificate authorities for the revocation status of a set of digital certificates and maintains a database of the revocation statuses. The proxy revocation service provides a singular endpoint that is Application Protocol Interface (API) accessible to web clients. Web clients communicate with the proxy revocation service through use of API message to perform revocation checks, rather than communicating with the public certificate authorities using an online certificate status protocol (OCSP). Use of the proxy revocation service provides both a reliable service for performing revocation checks as well as shifts the complexity away from the web clients.

Abstract: A method for testing circuit elements at one or more manufacturing stages comprising receiving, at a circuit verifier a fingerprint of at least a circuit element to be manufactured, wherein the fingerprint further comprises at least an expected output corresponding to at least a test input, transmitting, from the circuit verifier the at least a test input to the at least a circuit element, receiving, at the circuit verifier at least a test output from the at least a circuit element, and comparing, by the circuit verifier the at least a test output to the at least an expected output of the fingerprint of the at least a circuit element.

Abstract: Systems and methods are provided for consolidation of IHS (Information Handling System) authentication resources utilized by workspaces operating on the IHS, where the workspaces operate in isolation from the operating system of the IHS. A remote workspace orchestration service manages deployment of workspaces on the IHS. The workspaces are instantiated and operate according to a workspace definition provided by the workspace orchestration service. An embedded controller of the IHS registers authentication functions of the IHS with the workspace orchestration service, which notifies the workspaces of the consolidated authentication functions. An authentication agent is instantiated that supports operating system authentications for applications operating within the workspaces. The respective workspace definitions of the workspaces are updated to route credential requests to the authentication agent.

Abstract: Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

Abstract: Systems and procedures are provided for transferring a service identifier for use by an IHS (Information Handling System), where technical support is provided to the IHS based on the service identifier. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory identifying factory installed components of the IHS. Upon deployment of the IHS, a hardware component is removed, where the service identifier of the IHS is associated to the removed component. Upon installing a replacement hardware component, a request is initiated to transfer the association of the service identifier from the removed hardware component to the replacement hardware component.