Abstract: Exemplary embodiments can identify the toxic PI combinations and flag these combinations for evaluation. Because organization policies on toxic PI combinations can constantly evolve, the system may be continuously updated with the latest policies. Exemplary embodiments may be used as part of an automated code review for application development and for monitoring of existing applications and programs. Thus, exemplary embodiments take the guesswork out of identifying risks in applications and programs by providing an automated tool that can scan and identify toxic combinations in accordance with various policies.

Abstract: Aspects and features of the present disclosure can provide encryption to maintain data privacy while allowing deduplication of some client data by or cloud-based storage platforms. Data can be identified as public data and left unencrypted so that it can be deduplicated. Other data can be identified as personal data, which can be encrypted with a personal key, or as group data, which can be encrypted with a shared, group key. Identifying the data can include storing the data in storage regions within a closed environment. The storage regions can be established, at the client, in a storage platform, or both. Optionally, a storage platform can include multiple storage regions for multiple groups of users, wherein each group is assigned its own unique encryption key. Such data can thus automatically be subject to the same deduplication routines as unencrypted data.

Abstract: A system includes a binary tree having leaf hashes. The leaf hashes include a device privacy protected index and a set of zero-knowledge commitments relating to a computer device. The system calculates the device privacy protected index using a verifiable random function such that a device entity path in the binary tree cannot reveal any information about any other device in the binary tree, and associates the set of zero-knowledge commitments with the device privacy protected index. The system then generates a privacy-protected attestation for the computer device using the device privacy protected index and the set of zero-knowledge commitments.

Abstract: A first cryptographic communication system is disclosed. The first cryptographic communication system includes a common hardware module configured to receive local cryptographic signals and coalition cryptographic signals that includes a transmitter, a receiver, a common router, a trusted router, and a data loader. The first cryptographic communication system further includes a local cryptographic assembly and a coalition cryptographic assembly each including and end cryptographic unit communicatively coupled to the trusted router, a cross domain guard communicatively coupled to the end cryptographic unit and the trusted router, and a general purpose security module communicatively coupled to the cross domain guard. The first cryptographic communication system further includes a data recoding module communicatively coupled to the data loader that includes local and coalition data recording devices.

Abstract: Systems and methods relating to the encryption and decryption of messages to be sent through a communications link. The system and method uses a random data source at the receive and transmit sides, along with a trusted random sampler that produces correlated random samples from the random data source to be used at the send and receive sides. At the transmit side, the correlated random sample is used to generate a symmetric key as well as a ciphertext. The symmetric key is then used to encrypt the message. The ciphertext is transmitted, along with the encrypted message, to the receive side. The receive side then uses the ciphertext, along with its own correlated random sample, to recover the symmetric key. The symmetric key is then used to decrypt the encrypted message.

Abstract: A financial institution computing system associated with a financial institution includes a network interface configured to communicate data over a network, and a processing circuit comprising a memory and a processor. The memory has instructions stored thereon that cause the processor to receive, by the network interface, a content request from a user computing device associated with a user, the content request requesting content from a network destination, determine if the network destination is associated with a trusted entity, determine that the requested content prompts the user to input sensitive information, and transmit, by the network interface substitution content to the user computing device responsive to determining that the network destination is illegitimate and to determining that the requested content includes at least one field into which the user may input sensitive information, the substitution content including at least one prompt requesting the user to input sensitive information.

Abstract: Technologies are described herein for remotely configuring multi-mode dual in-line memory modules (“multi-mode DIMMs”) using a firmware or a baseboard management controller (“BMC”). Technologies are also described for simultaneously initiating multiple commands for configuring multi-mode DIMMs using a BMC and for updating inventory data regarding multi-mode DIMMs stored by a BMC.

Abstract: A method of decommissioning a key in a decryption storage system includes scanning a storage system to identify metadata associated with a current key to be decommissioned. The method further includes encrypting, with the current key, data corresponding to the metadata to generate encrypted data. The method further includes decrypting the encrypted data with a target key to generate decrypted data. The method further includes modifying, by a processing device, the metadata to identify the target key to generate modified metadata. The method further includes storing the decrypted data and the modified metadata to the storage system.

Abstract: A file sharing system and methods therefor share one or more files without requiring the files be sent to or stored on a server. The file sharing system enables files to be shared from a user device allowing users to maintain control of the files by storing and sharing files off the cloud. Sharing and file access is typically effectuated via a server and one or more links provided by the server. File access is limited to selected file access types.

Abstract: The disclosed systems and methods are directed to a method for malicious software detection comprising: recognizing and extracting an EP section in an unrecognized PE file, collecting bytes in the EP section of the unrecognized PE file, converting the bytes to an array of integers, generating one or more n-grams from the array of integers, converting the one or more n-grams into b-MinHash, converting the bytes in an EP function included in the EP section to an array of assembly-based mnemonics; generating one or more n-grams from the array of assembly-based mnemonics and converting the one or more n-grams from the array of assembly-based mnemonics into a-MinHash, generating a similarity matrices, converting, the similarity matrices into a lower dimensionality code representation, and classifying the code as a PE benign or a malware file.

Abstract: A system and method for contaminant control, often infection control, with multiple time and space domains that integrate active and passive infection control devices and processes that preferably feature infection control active additives with controllable dis-passivation to limit post-consumption environmental impact. Additionally, the system executes the infection control devices and process transactions by controlling the dispatch of infection control tasks centered around a potential infection control incidence and/or cross-contamination locations from assets or personnel having probabilistic infection rates to increase compliance of infection control preventative measures.

Abstract: Example embodiments provide methods, apparatuses, systems, computing devices, and/or the like for vetting USB device firmware via a USB-specific firmware analysis framework. In one example, a method is provided for analyzing firmware of a Universal Serial Bus (USB) device. The example method includes steps of receiving a firmware image extracted from the USB device, identifying signatures from the firmware image relating to USB operation, and building an expected model of operation of the USB device using the identified signatures and a database of operational information regarding USB devices. The example method further includes the steps of generating a recovered model of operation of the USB device based on the firmware image and the identified signatures, and comparing the recovered model of operation with the expected model of operation to identify unexpected or unknown behaviors. The example method may further include generating a report comprising the identified unexpected or unknown behaviors.

Abstract: Aspects of the disclosure describe methods and systems for performing an antivirus scan using file level deduplication. In an exemplary aspect, prior to performing an antivirus scan on files stored on at least two storage devices, a deduplication module calculates a respective hash for each respective file stored on the storage devices. The deduplication module identifies a first file stored the storage devices and determines whether at least one other copy of the first file exists on the storage devices. In response to determining that another copy exists, the deduplication module stores the first file in a shared database, replaces all copies of the first file on the storage devices with a link to the first file in the shared database, and performs the antivirus scan on (1) the first file in the shared database and (2) the files stored on the storage devices.

Abstract: A method for updating firmware includes receiving, at a device, an updated installation package. The updated installation package includes an updated version of an installation package, which belongs to a set of installation packages stored on the device for installation of firmware on the device. The method further includes updating the set of installation packages by replacing the installation package with the updated installation package. The method further includes installing updated firmware in volatile memory of the device based on the updated set of installation packages. The method further includes storing an image of the updated firmware in nonvolatile storage of the device. Additionally, the method includes, during a boot process, loading the image from the nonvolatile memory of the device onto the volatile memory of the device, to enable running the updated firmware from the volatile memory, and verifying the authenticity of the updated firmware.

Abstract: A method of operating a Master gNodeB (MgNB) in a radio access network RAN is disclosed. An indication of a user plane security policy is received from a core network node, wherein the user plane security policy requires user plane integrity protection for a protocol data unit PDU session. Responsive to the user plane security policy requiring user plane integrity protection for the PDU session and responsive to determining that a secondary base station supporting the user plane security policy requiring user plane integrity protection is unavailable, a data radio bearer DRB of the PDU session is established directly between the MgNB and a user equipment UE. Related MgNBs are also discussed.

Abstract: An image archiving facility creates an image and other data archive relating to an event at a location when prompted by a downloaded application for a host user. The host user may approve guest users to upload to the archive. Approval may come from an image of a person uploaded to the data archive and recognized from biometric data as an approved user. The host may control viewing of images in the archive either individually or generically.

Abstract: Generally discussed herein are systems, devices, and methods for device verification. A method can include providing, by test equipment (TE), electrical stimulus consistent with a challenge of a challenge response pair (CRP) to a physical unclonable function (PUF) of a device under test (DUT), receiving, by the TE and from the DUT, a response to the electrical stimulus, comparing, by the TE, the provided response to responses to CRPs in a database including PUF CRPs associated with a device identification and a device type, and validating the identity of the DUT when the response of the PUF to the electrical stimulus matches the response of the CRP or invalidating the identity of the electrical device when the response of the PUF does not match the response of the CRP.

Abstract: Provided are an electronic device for sorting homomorphic ciphertext by using shell sorting and an operating method thereof to sort ciphertext generated by using homomorphic encryption according to a size of an original number corresponding thereto.

Abstract: An integrated circuit including an electronic fuse for supporting a secure bootstrap process, in which the fuse is queried. The circuit includes a protection against electromagnetic fault injection. The circuit is configured in such a way that the protection extends to the bootstrap process.

Abstract: Embodiments of the invention relate to symmetric encryption that converts plain text to Diophantine equations, i.e. cipher text, and creates a symmetric key which is held by a sender (or encryption apparatus) and a recipient (or decryption apparatus). The key is used by the decryption apparatus to decrypt the Diophantine equations, and convert them to original plain text. Particularly, undecidable encryption and artificial intelligence (AI) are employed in combination. More particularly, the AI would exclude any class of Diophantine equations which has been solved or deciphered without key, or known to be solvable. In the event certain classes of Diophantine equations are solved in the future, the AI will exclude the use of these solved or solvable classes of Diophantine equation in encryption.