Abstract: According to one embodiment, a system receives, at a host channel manager (HCM) of a host system, a request from an application to establish a secure channel with a data processing (DP) accelerator, where the DP accelerator is coupled to the host system over a bus. In response to the request, the system generates a first session key for the secure channel based on a first private key of a first key pair associated with the HCM and a second public key of a second key pair associated with the DP accelerator. In response to a first data associated with the application to be sent to the DP accelerator, the system encrypts the first data using the first session key. The system then transmits the encrypted first data to the DP accelerator via the secure channel over the bus.

Abstract: A method for distributing data to a computing device using device level authentication includes: storing, in a memory of a computing device, a single use key encrypted with a first encryption, a server public key, and device data; generating a key pair comprising a device private key and a corresponding device public key; wrapping the device public key using the server public key; transmitting at least the device data, wrapped device public key, and the single use key encrypted with the first encryption to a server; receiving the single use key encrypted with a second encryption from the server; and executing a query on the memory to insert the received single use key encrypted with the second encryption.

Abstract: A computing system can include a plurality of clients located outside a cloud-based computing environment, where each of the clients may be configured to encode respective original data with a respective unique secret key to generate data hypervectors that encode the original data. A collaborative machine learning system can operate in the cloud-based computing environment and can be operatively coupled to the plurality of clients, where the collaborative machine learning system can be configured to operate on the data hypervectors that encode the original data to train a machine learning model operated by the collaborative machine learning system or to generate an inference from the machine learning model.

Abstract: An apparatus includes a packet encryption circuit that uses an encryption keys to encrypt each of two or more portions of a data packet. Each portion is encrypted with a different encryption key and includes one or more layers of the data packet. A first portion includes a layer of the data packet with MAC information. The apparatus includes a packet transmitter that transmits, from a source router, an encrypted data packet to an intermediate router between the source router and a destination router. The encrypted data packet includes an encrypted version of the data packet encrypted using the encryption keys. The intermediate router has encryption keys sufficient for a service level agreement of the intermediate router and lacks a portion of the encryption keys. The source and destination routers use a MAC security standard for encryption and decryption of the data packet using the encryption keys.

Abstract: To efficiently determine intermediate data for use with an aggregate function while keeping confidentiality, a bit decomposition unit generates a share of a bit string by bit decomposition and concatenation of key attributes. A group sort generation unit generates a share of a first permutation, which performs a stable sort of the bit string in ascending order. A bit string sorting unit generates a share of a sorted bit string obtained by sorting the bit string with the first permutation. A flag generation unit generates a share of a flag indicating a boundary between groups. A key aggregate sort generation unit generates a share of a second permutation, which performs a stable sort of the negation of the flag in ascending order. A de-duplication unit generates shares of de-duplicated key attributes. A key sorting unit generates shares of sorted key attributes by sorting the de-duplicated key attributes.

Abstract: Techniques are disclosed for improving user experience of multimedia streaming over computer networks. More specifically, techniques presented herein reduce (or eliminate) latency in playback start time for streaming digital media content resulting from digital rights management (DRM) authorizations. A streaming media client (e.g., a browser, set-top box, mobile telephone or tablet “app”) may request a “fast-expiring” license for titles the streaming media client predicts a user is likely to begin streaming. A fast-expiring license is a DRM license (and associated decryption key) which is valid for only a very limited time after being used for playback. During the validity period of such a license, the client device requests a “normal” or “regular” license to continue accessing the title after the fast-expiring license expires.

Abstract: Embodiments seek to prevent detection of a sandbox environment by a potential malware application. To this end, execution of the application is monitored, and provide information about the execution to a reinforcement learning machine learning model. The model generates a suggested modification to make to the executing application. The model is provided with information indicating whether the application executed successfully or not, and this information is used to train the model for additional modifications. By modifying the potential malware execution during its execution, detection of a sandbox environment is prevented, and analysis of the potential malware applications features are better understood.

Abstract: An example operation may include one or more of configuring a blockchain network comprising first and second blockchain nodes, providing, by the first blockchain node, a data reference to the second blockchain node, accessing a document, by the second blockchain node, from the first blockchain node, and providing by the second blockchain node, a proof of receipt for the document to a shared blockchain ledger.

Abstract: A system for an artificial intelligence synchronized distributed ledger. The system includes a computing device containing a receiving module, the receiving module designed and configured to receive an input from a remote device, parse the input to identify protected and non-protected data contained within the input, transform the protected data into a digitally signed assertion and convert the non-protected into an encrypted datastore. The computing device containing a processing module, the processing module designed and configured to receive the digitally signed assertion from the receiving module, insert the digitally signed assertion into an immutable sequential data structure, receive the encrypted datastore, retrieve at least an input, generate a record utilizing the at least a retrieved input, and perform a first machine-learning process utilizing the at least a retrieved input.

Abstract: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

Abstract: A first-transceiver for communicating with a second-transceiver is disclosed. The first and second-transceivers are vehicle-access-system transceivers. The transceivers include a cipher-module configured to generate a cipher-code using a cipher key and an input value, an encryption-module configured to generate encrypted-payload-data from payload-data using the cipher-code, a hashing-module configured to hash the payload-data to generate hashed-payload-data using the cipher-code, and a transmitter configured to transmit the encrypted-payload-data and the hashed-payload-data to the second-transceiver. A vehicle including the first-transceiver is also disclosed. Access to one or more systems of the vehicle are controlled in accordance with a validation state.

Abstract: Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.

Abstract: Aspects of the present disclosure involves receiving an input message, generating a first random value that is used to blind the input message input message to prevent a side-channel analysis (SCA) attack, computing a second random value using the first random value and a factor used to compute the Montgomery form of a blinded input message without performing an explicit Montgomery conversion of the input message, and computing a signature using Montgomery multiplication, of the first random value and the second random value, wherein the signature is resistant to the SCA attack.

Abstract: Techniques for database query information protection using skeletons are described. An agent installed on a host computing device with a database instance obtains queries executed by the database instance and skeletonizes the queries to remove sensitive data from them. The agent identifies references within the queries, obtains structural definitions for the references, and inserts placeholders into the queries in place of the references and relates the placeholders to the definitions. The query skeletons and/or similarly-constructed execution plan skeletons may be analyzed to identify modifications to queries and/or the database instance to improve query processing.

Abstract: According to examples, an apparatus may include a processor and a non-transitory computer readable medium on which is stored machine readable instructions that may cause the processor to access a hashed credential associated with a user or a device, access hashed versions of a plurality of commonly used credentials, determine whether the hashed credential matches a hashed version of a commonly used credential of the plurality of commonly used credentials, and based on a determination that the hashed credential matches a hashed version of a commonly used credential, perform at least one of a reporting or a blocking operation.

Abstract: Embodiments described herein enable data associated with a large plurality of users to be analyzed without compromising the privacy of the user data. In one embodiment, a user can opt-in to allow analysis of clear text of the user's emails. An analysis process can then be performed in which an analysis service receives clear text of an email of a client device; processes the clear text of the email into one or more tokens having one or more tags; enriches one or more tokens in the processed email using data associated with a user of the client device and the one or more tags; and processes the clear text and one or more enriched tokens to generate a data set of one or more feature vectors.

Abstract: Systems, methods, and non-transitory computer readable media are configured to determine a likelihood of a user choosing to reveal a given content item when contents of the content item are obscured. The likelihood can be determined based at least in part on a trained machine learning model. An extent by which to obscure the content item based at least in part on the likelihood can be determined. Subsequently, an obscured version of the content item can be provided for display. The content item can be obscured based at least in part on the determined extent.

Abstract: A computer-implemented method according to one embodiment includes identifying a creation of a container within a system, selecting a security policy for the container, based on one or more attributes, identifying a key label associated with the security policy for the container, retrieving a data encryption key, utilizing the key label, and encrypting the container, utilizing the data encryption key. This may enable a highly granular level of automatic container-level security within the system that may be transparently implemented within the system, which may streamline container security and reduce an amount of stored data and processing necessary for implementing container security, and may thereby improve the performance of the system.

Abstract: In one example of federated mobile device management, a first management service federates with a second management service based on an exchange of one or more identity authentication certificates. After the management services have federated or affiliated, the first service can enroll a client device for management based on federated management data, where the federated management data includes first device management data of the first management service and second device management data of the second management service. The first service can also identify a change in affiliation associated with at least one of the client device or the second management service and cause the client device to check in for a device management update based on the change in affiliation.

Abstract: An embedded processing system includes processing circuitry, a memory system, and a reprogramming control. The reprogramming control is configured to authenticate a user associated with a reprogramming operation of the embedded processing system and receive an encrypted configuration item. The reprogramming control is further configured to decrypt and authenticate the encrypted configuration item either for storage of the configuration item in the embedded processing system or for transmission externally as an encrypted and signed entity. These operations are performed only after the user requesting such an operation has been authenticated to have the permission to perform the requested operation.