Abstract: Embodiments of the present disclosure provide for improved SSD implementations and methods of using the same. Example embodiments utilize any of a myriad of wireless networking mechanisms for enabling access to a solid state storage drive. Some example embodiments include security mechanisms, such as biometric security, software-based authentication, and/or the like, for ensuring accurate user authentication before providing access to the storage. Some example embodiments provide indicators regarding executing functionality to further improve overall device security. Some example embodiments include a touch-adaptive display that provides various renderings associated with accessing the storage, performing storage functionality, configuring one or more aspects of the embodiment, and/or otherwise operating the storage in a manner desired by the user.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: Techniques for securing containerized applications are disclosed. In some embodiments, a system, process, and/or computer program product for securing containerized applications includes detecting a new application container (e.g., an application pod); deploying a security entity (e.g., a firewall) to the application container; and monitoring all traffic to and from the application container (e.g., all layer-7 ingress, egress, and east-west traffic associated with the application container) using the security entity to enforce a policy.

Abstract: A device configured to provide access to a digital document to a user device and to receive an access request for a first masked data element within the digital document. The device is further configured to generate a first blockchain transaction that identifies a machine learning model that is stored in a blockchain. The device is further configured to publish the first blockchain transaction in a blockchain ledger for the blockchain and to receive a second blockchain transaction from the machine learning model in response to publishing the blockchain transaction in the blockchain ledger. The second transaction indicates whether the user is approved for accessing the masked data element. The device is further configured to provide access to the first masked data element on the user device for the user in response to determining that the user is approved for accessing the masked data element.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: An apparatus for implementing a physically unclonable function via a network of interferometers implemented as a reconfigurable integrated optical circuit. The uncontrollable and non repeating fabrication variation in the manufacturing processes of integrated optics, combined with the sensitivity of interferometers creates inherently unique devices that can be used as reprogrammable physically unclonable function.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

Abstract: Systems and methods for managing data are disclosed. One method can comprise receiving a first request for a service, wherein the first request is associated with a first rights package. The first rights package can be processed to determine access to the service. An evaluation key can be generated, wherein the evaluation key represents the determination of access relating to the processing of the first rights package. A second request for a service can be received, wherein the second request is associated with a second rights package. The second rights package can be processed using the evaluation key.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: The invention is a system based on decentralized ledgers to enable compliance with privacy regulations. A consumer identifier (consumer ID) allows consent provenance to be saved in a shared decentralized ledger. The consent ID also empowers consumers to query as to how their data has been moved through the data supply chain. The consumer data itself is not stored in the blockchain, only consents and data transfer events. A consent API allows companies to enter the original consumer consent in a consent ledger; a data transfer API allows companies to record transfers from one to another; and a subscription API allows companies to be notified of changes to a given consent.

Abstract: Systems and methods are provided for use in responding to attribute queries related to identifying information for a user. One exemplary method includes receiving a request for an identity code for a user associated with identifying information, where the identifying information includes multiple attributes of the user, and generating the identity code and transmitting it to a computing device associated with the user. The method then includes receiving an identity request for the user from a requesting party including the identity code and at least one query related to at least one of the multiple attributes of the user, identifying the user based on the identity code, compiling a response to the at least one query based on the identifying information of the multiple attributes of the user, and transmitting the response to the requesting party.

Abstract: An agent device for assisting one or more users is provided. The agent device supports a first operation mode in which the agent device is configured to identify individual users. Further, the agent device supports a second operation mode in which the agent device is configured to not identify individual users. The agent device includes a receiver circuit configured to receive, from an external device, a signal indicating that a person in the vicinity of the agent device does not want to be identified. Additionally, the agent device includes a control circuit configured to set an operation mode of the agent device to the second operation mode in response to receiving the signal.

Abstract: Systems, methods, and computer programming products leveraging the use of machine learning, cryptographic keys and blockchain technology for validating blockchain transactions. The disclosed systems, methods and products improve detection of malicious cyberattacks and fraud, while reducing occurrences of falsely invalidated transactions and improving overall blockchain security in both permissioned and permissionless blockchain networks. Classifiers are trained using machine learning and other classification techniques by building a transaction history to learn how to identify suspicious transactions on the blockchain. In permissionless and order-execute models of permissioned blockchains, cryptographic keys are publicly registered to guardians residing out of band, who may co-sign requests and override or resubmit transactions marked as suspicious by the classifiers.

Abstract: A hydrocarbon control system includes a base device, a field device, and a mobile device. The base device includes a key generator configured to generate a temporary key. The field device is configured to restrict or allow access based on verification of a received key. The mobile device is configured to communicate with the base device to receive the temporary key when in proximity of the base device, communicate with the field device to provide the temporary key to the field device when in proximity of the field device, and exchange data with the field device in response to the field device verifying the temporary key.

Abstract: Multiple authenticated identities for a single wireless association may be provided. First, an Access Point (AP) may provide an association with a client device. The AP may then establish, on the association, a first authenticated session for the client device based on a first media access control (MAC) address and a first identity. Next, the AP may establish, on same the association, a second authenticated session for the client device based on a second MAC address and a second identity.

Abstract: This invention pertains to protecting communications between multiple sensors and emitters or securing data transmission between multiple computers or multiple vehicles. This invention provides a secure method for two or more parties to communicate privately, even when the processor has malicious malware or there is a backdoor in the main processor. In some embodiments, the energy received by the sensor is encrypted before it undergoes an analog to digital conversion. In some embodiments, the encryption occurs inside the sensor. In some embodiments, the encryption hardware is a part of the sensor and creates unpredictable energy changes that interact with the sensor. In some embodiments, there are less than 40 sensors in a communication system and in other embodiments there are more than 1 billion sensors. In some embodiments, the invention provides a method for the sensors of a network of self-driving cars to communicate securely.

Abstract: Mechanisms are provided to detect phishing exfiltration communications. The mechanisms receive an input electronic communication from a data network and process the input electronic communication to extract a structure token that represents the content structure of the input electronic communication. The structure token is input to a machine learning model that is trained to identify phishing exfiltration communication grammars, and relationships between phishing exfiltration communication grammars, in structure tokens. The machine learning model processes the structure token to generate a vector output indicating computed values for processing by classification logic. The classification logic processes the vector output from the machine learning model to classify the input electronic communication as either a phishing exfiltration communication or a non-phishing exfiltration communication, and outputs a corresponding classification output.

Abstract: An apparatus for security management of a plurality of interactions comprises a processor operable to receive a plurality of interactions, where each interaction comprises interaction information associated with one of one or more users and a first entity. The processor is operable to determine a threshold value of the plurality of interactions and a threshold volume of the plurality of interactions, determine that a value of each of the plurality of interactions has not exceeded the threshold value of the plurality of interactions, and determine that the plurality of interactions has not exceeded the threshold volume of the plurality of interactions. The processor is operable to determine a number of instances of the plurality of interactions that were invalid, determine that the number of instances of the plurality of interactions that were invalid exceeds a threshold, and determine that the first entity is associated with suspicious indicators.

Abstract: An embodiment includes executing, by a hypervisor, a bootloader with access to a first logical partition of a non-volatile memory, the first logical partition storing a keystore. The embodiment also includes loading, by the bootloader, a kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes receiving, by the bootloader, an encryption key from the keystore. The embodiment also includes performing, by the bootloader, a cryptographic algorithm using the encryption key on the kernel. The embodiment also includes executing, by the bootloader in an event that the performing of the cryptographic algorithm produces a first result, the kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes halting, by the bootloader in an event that the performing of the cryptographic algorithm fails to produce the first result, booting of the kernel and generating an error message.

Abstract: Computer systems and methods for verifying a route taken by a communication are disclosed. In one implementation, a device for verifying a route taken by a communication may include one or more processors configured to obtain a communication transmitted by a source entity. The communication may include data and digital signatures, and each of the digital signatures may be generated based on at least the data. Further, the digital signatures may include a digital signature associated with the source entity, and a set of digital signatures associated with at least a subset of intermediate entities on a route taken by the communication. The one or more processors may be further configured to verify the digital signatures included in the communication, verify whether the entities associated with the digital signatures form an expected route for the communication, and process the data.