Abstract: Embodiments relate to progressively validating access token. In response to intercepting an initial call for a transaction for a service from a client, a token is validated for the initial call of the transaction for the service, the validating including contacting an authentication sever and locally storing a time to live received for the token. In response to intercepting at least one successive call for the transaction for the service from the client, it is determined that the token for the at least one successive call is valid based on the time to live locally saved. The at least one successive call for the transaction for the service is permitted to pass without contacting the authentication sever.

Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems based on machine-learned user behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture behavioral parameters associated with the client computing device and may evaluate the behavioral parameters using a behavioral profile associated with the user account to determine a behavioral deviation score. Based on the behavioral deviation score, the computing platform may select an authentication action from a plurality of pre-defined authentication actions. Subsequently, the computing platform may generate commands directing an account portal computing platform to allow access, conditionally allow access, or prevent access based on the selected authentication action.

Abstract: A method and an apparatus for generating a secret key for encrypted communication using a synchronized neural network, which includes: generating initial codewords based on a bit string of weight values of the synchronized neural network and transmitting a first partial codeword of the initial codewords to a device of another party; receiving a second partial codeword generated by the device of the other party and combining final codewords based on the second partial codeword received from the device of the party and the bit string of the weight values; performing an error correction on the combined final codewords and transmitting first restoration success information according to the error correction to the device of the other party; and receiving second restoration success information from the device of the other party and generating the secret key based on the restoration success information of the device of the other party, are provided.

Abstract: A method for adaptive control of surgical network control and interaction is disclosed. The surgical network includes a surgical feedback system. The surgical feedback system includes a surgical instrument, a data source, and a surgical hub configured to communicably couple to the data source and the surgical instrument. The surgical hub includes a control circuit. The method includes receiving, by the control circuit, information related to devices communicatively coupled to the surgical network; and adaptively controlling, by the control circuit, the surgical network based on the received information.

Abstract: Systems, methods, and computer-readable media for controlling the execution of a deployed software program to a customer system are disclosed herein. A vendor may deploy a software program to the customer system. The software program may comprise an access key, the access key comprising a digital signature and access parameters. The digital signature may utilize a public key private key pair. The customer may run the software program by validating the access key on the customer system. Validating the access key may comprise verifying the digital signature and verifying the access parameters. Once the access key has been validated, the customer may execute the software program on the customer system.

Abstract: According to certain embodiments, a method comprises receiving an encrypted value from a trust anchor. The encrypted value is received by a hardware component, and the encrypted value is associated with a posture assessment in which the trust anchor determines whether the hardware component is authorized to run on a product. The method further comprises obtaining a random value (K) based on decrypting the encrypted value. The decrypting uses a long-term key associated with the hardware component. The method further comprises communicating an encrypted response to the trust anchor. The encrypted response is encrypted using the random value (K). The encrypted response enables the trust anchor to determine whether the hardware component is authorized to run on the product.

Abstract: Implementations disclosed describe techniques to allow wireless devices to initially connect with randomized MAC addresses and send an encrypted permanent MAC for differentiated services. In one method, a first wireless device connects to an access point (AP) using a randomized MAC address. The first wireless device receives a request for a permanent MAC address from the AP. The first wireless device determines whether to send the permanent MAC address. Responsive to determining to send the permanent MAC address, the first wireless device encrypts the permanent MAC address to obtain an encrypted MAC address and sends a response to the request, including the encrypted MAC address, to the AP.

Abstract: Disclosed is a quantum key distribution system using an RFI (reference frame independent) QKD (quantum key distribution) protocol, which includes a first signal processing circuit that generates transmission basis information and transmission bit information, a quantum channel transmitter that generates a single photon or coherent light, and modulates the single photon or the coherent light based on the transmission basis information and the transmission bit information to generate a quantum signal, a quantum channel receiver that receives the quantum signal through a quantum channel and detects reception bit information from the quantum signal based on reception basis information, and a second signal processing circuit that generates the reception basis information, transmits the reception basis information to the first signal processing circuit through a public channel, and receives the transmission basis information from the first signal processing circuit through the public channel.

Abstract: A method for a system includes receiving with a first transceiver of an identity reader device, an ephemeral ID from a first smart device, outputting with the first transceiver, identity reader data to the first smart device, wherein the identity reader data comprises a first identifier and a challenge, receiving with the first transceiver, responsive data from the first smart device, wherein the responsive data comprises token data and contact tracing status of the first smart device, determining in a processor of the identity reader device, whether the first smart device is authorized in response to the ephemeral ID or the token data, and the contact tracing status, and directing with the processor, a peripheral device coupled to the identity reader device to perform a user-perceptible action in response to the processor determining that the first smart device is authorized.

Abstract: The present description concerns a method of starting a first application configured to be implemented by at least one low-level operating system of a secure element, including the verification of at least a first piece of information updated after each operation of resetting of the secure element, the first piece of information being associated with the at least one low-level operating system.

Abstract: An inventory of Internet-facing assets related to a target domain is generated using network data gathered from network data sources. Using data sources of known threats, such as malware, phishing attempts, scam pages, blacklisted sites, and so on, a network analytic system generates analytical information about domains, sub-domains, and components that are owned, managed, and/or controlled by a target entity. A confidence score of ownership is generated based on a recursive rule engine. A visual representation of the inventory of Internet-facing assets is generated in a graphical user interface.

Abstract: Methods and systems for managing the operation of data processing systems are disclosed. A data processing system may include a computing device that may enter various operating states by performing various types of startups. Performance of some startups may be restricted by use of passwords or other security information. The data processing systems may host management controllers that may bypass the restrictions on the startups. Prior to doing so, the management controllers may verify that the requests to perform the startups are from trusted entities, or should be performed for other reasons.

Abstract: An exemplary radio fingerprint-based indoor localization method and system is disclosed that is resistant to spoofing or jamming attacks (e.g., at nearby radios, e.g., access points), among other types of interference. The exemplary method and system may be applied in the configuring of a secured convolutional neural network (S-CNNLOC) or secured deep neural network configured for attack-resistant fingerprint-based indoor localization.

Abstract: A secure network device management system and method include monitoring and validating commands to network devices before such commands are executed. The security system accumulates inputs from a network device intended for display on a terminal and provided by the network device in response to inputs from the terminal and received by the network device. When a control input to execute the command is received from the terminal, the security system reproduces the command from the accumulated inputs and compares the reproduced command to a command list to determine whether the command is authorized. If so, the security system provides the control input to the network device such that the network device executes the command. Otherwise, the security system may delete the command and transmit an alert to the terminal.

Abstract: A term-based encrypted retrieval privacy (TERP) data retrieval system performs data retrieval from a data repository server. The system includes a client processor included with a data requesting client and a server processor included with the data repository server. The client processor determines a vector forest that is shared with the data repository server, which includes forest vectors assigned with a respective vector ID, and generates a query including an encrypted ciphertext table that cross-references the vector IDs with a corresponding ciphertext entry. The server processor receives the query, and selects a given document from the data repository server that has assigned thereto at least one nearest neighbor vector among the forest vectors. The server processor compares a nearest neighbor vector ID of the nearest neighbor vector to the vector IDs included in the encrypted ciphertext table, and generates an encoded search result based on the encrypted ciphertext entries.

Abstract: Systems and methods for symmetric encryption between a client and a server device include a client device having an array of physical unclonable function devices and a server device storing information sufficient to reconstruct responses of the devices to an applied stimulus such as varying levels of electrical current. The server shares a challenge with the client, which measures characteristics such as electrical resistances for a subset of the devices according to instructions extracted from the challenge. The client measures a corresponding reference device in the array for each device of the subset and assigns a value determined based on a comparison of each device with the corresponding reference device to generate a cryptographic key. The server calculates an expected response of the client to the challenge according to a model of the devices in the array, and uses the calculated response to generate the key independently.

Abstract: Embodiments described include systems and methods for securely managing browser plugins via embedded browser. The solution enables a client application or embedded browser to dynamically load the browser components into the embedded browser based on a risk or security profile and one or more policies. The policies can be centrally managed to enable only allowed browser components to be loaded within the embedded browser for a given risk profile. Based on the risk profile, a session established by the embedded browser can be transferred from the client application to a hosted browser at a secure sever. When the session is transferred to the hosted browser, the present system can also redirect the browser component configurations to the hosted browser such that the same browser components are enabled, disabled, or modified at the hosted browser.

Abstract: A computer-implemented method when executed by data processing hardware of a user device causes the data processing hardware to perform operations. The operations include obtaining, from a message server, an encrypted message encrypted by a single-use data encryption key (DEK) and an encrypted DEK including the single-use DEK encrypted by a public key (PK). The operations also include transmitting, to a key access control list server (KACLS), a decryption request requesting the KACLS decrypt the encrypted DEK with a PRK associated with the PK. The decryption request includes the encrypted DEK. The KACLS is independent from the message server. The operations also include receiving, from the KACLS, the single-use DEK and decrypting, using the single-use DEK, the encrypted message.

Abstract: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights. A search key can be generated based on the received query, and the selected index can be searched using the search query. Database entries mapped to the values of the selected index returned in response to the search can be outputted. Each index is associated with a different granularity defining the number and/or ambiguity of search results returned in response to searching an index.

Abstract: The method of constructing QAP-based Homomorphic Encryption (HE) in the semi-public setting is introduced, which comprises: encryption, computation, and decryption. The data receiver produces a semi-public key Keys-pub. The data provider can encode his k-qubit plaintext |x to a k-qubit ciphertext |?en=QP|x via a k-qubit invertible operator QP randomly generated by Keys-pub. From the provider, the message En(?p) of QP encoded by a cryptosystem Gcrypt in Keys-pub is transmitted to the receiver through a small-resource communication channel and the ciphertext |?en is conveyed to the cloud. The receiver creates the instruction of encoded computation Uen=PMQP and transports to the cloud, where M is the required k-qubit arithmetic operation, P a k-qubit permutation, and a k-qubit operator to mingle with M. According the instruction, the cloud performs the encrypted evaluation Uen|?en and transfer to the receiver.