Abstract: A method for performing privacy-preserving or secure multi-party computations enables multiple parties to collaborate to produce a shared result while preserving the privacy of input data contributed by individual parties. The method can produce a result with a specified high degree of precision or accuracy in relation to an exactly accurate plaintext (non-privacy-preserving) computation of the result, without unduly burdensome amounts of inter-party communication. The multi-party computations can include a Fourier series approximation of a continuous function or an approximation of a continuous function using trigonometric polynomials, for example, in training a machine learning classifier using secret shared input data.

Abstract: Technologies for performing security monitoring services of a network functions virtualization (NFV) security architecture that includes an NVF security services controller and one or more NFV security services agents. The NFV security services controller is configured to transmit a security monitoring policy to the NFV security services agents and enforce the security monitoring policy at the NFV security services agents. The NFV security services agents are configured to monitor telemetry data and package at least a portion of the telemetry for transmission to an NFV security monitoring analytics system of the NFV security architecture for security threat analysis. Other embodiments are described and claimed.

Abstract: Examples described herein relate to systems, apparatuses, methods, and non-transitory computer-readable medium for maintaining, by an authoritative server, a plurality of pinned certificates. The authoritative server sends a certificate pinning list (CPL) to a client system. The CPL is a list of the plurality of pinned certificates each of the plurality of pinned certificates is associated with a corresponding one of host systems different from the authoritative server. The client system uses the plurality of pinned certificates in cryptographic processes involving the host systems.

Abstract: A system receives binary data and first identification data. The binary data includes hashes of strings of bits, bytes, words or characters. The system receives vulnerability data and second identification data. The system determines a correspondence between the binary data and the vulnerability data based on matching the first identification data with the second identification data. The vulnerability data includes a country of origin for a product identified by the second identification data. The system generates a binaries-to-vulnerabilities database. The system scans target binary data from a target device to to find matches between the target binary data and the binary data using the binaries-to-vulnerabilities database. The system determines a known security vulnerability based on the results of the scanning and the correspondence between the binary data and the vulnerability data. The known security vulnerability includes the country of origin for the product in the target device.

Abstract: In a key management method performed by a terminal, a device key including a device public key and a device private key is generated in a security zone. A local device parameter and the device public key are transmitted to a certificate authentication server. A device certificate fed back by the certificate authentication server is received by the terminal. The signature data of the device certificate is generated by signing the device parameter and the device public key by using an authentication private key of the certificate authentication server. The terminal then stores the device private key and the device certificate in the security zone.

Abstract: According to one embodiment, an information processing apparatus includes one or more processors. The processors store a first public key certificate and second public key certificates in storage. The first public key certificate includes a first validity period, a signature, and a public key. Each of the second public key certificates including a signature and a second validity period that is within the first validity period and shorter than the first validity period. The second validity periods included in the second public key certificates are mutually different. The processors receive specific information of the first public key certificate. The processors transmit one of the plurality of second public key certificate including the second validity period in which a start time of the second validity period is before a current time and generated from the first public key certificate specified by the received specific information to a transmission source of the specific information.

Abstract: An internet service provider (ISP) is configured to provide notification messages such as service updates to subscribers via redirected web pages. In order for the web pages to be treated as originating from the ISP, the ISP provides a shared secret in the browser message. The shared secret may be a secret not derivable by viruses or trojans in the subscriber computer, such as a MAC address of the subscriber modem.

Abstract: An electronic device is provided. The electronic device includes at least one wireless communication circuit, a processor operatively connected with the at least one wireless communication circuit, and a memory operatively connected to the processor, wherein the memory stores instructions that, when executed, cause the processor to detect an event related to transmission of identification information through the at least one wireless communication circuit, in response to the detection of the event, perform a first authentication procedure for obtaining access right to the identification information, relay a second authentication procedure between an external electronic device and a server through the at least one wireless communication circuit, and receive the identification information that is stored in the external electronic device from the server through the at least one wireless communication circuit.

Abstract: A system and method for determining device attributes using a classifier hierarchy. The method includes: determining at least one exploitation condition for a medical device based on at least one first device attribute of the medical device and a plurality of second device attributes indicated in a vulnerabilities database, wherein the vulnerabilities database further indicates a plurality of known exploits for the plurality of second device attributes; analyzing behavior and configuration of the medical device to detect an exploitable vulnerability for the medical device, wherein the exploitable vulnerability is a behavior or configuration of the medical device which meets the at least one exploitation condition; and performing at least one mitigation action based on the exploitable vulnerability.

Abstract: A system includes a data store, memory, and hardware processor. The data store includes a dataset with first and second blocks of data. The memory stores first and second encryption algorithms. The processor receives a request to transmit the dataset to a first user's device. The processor encrypts the dataset by applying the first encryption algorithm to the first block and the second encryption algorithm to the second block, in response to determining a first level of security for the first block and a second level of security for the second block. The processor also applies an access control to the encrypted dataset, based on a characteristic of the first user, and transmits the encrypted dataset to the first user. The access control prevents a second user with a characteristic incompatible with the characteristic of the first user from accessing the encrypted dataset.

Abstract: Various methods and systems are provided for autonomous signing management for a key distribution service (“KDS”). In operation, a key request from a KDS client device is received at a KDS server. The key request is associated with a security token of a signing entity caller or verifying entity caller, and a signature descriptor. The signature descriptor supports signing data with an encryption key and verifying a signature with a decryption key. The signing entity caller or the verifying entity caller is authenticated based on the corresponding security token and signature descriptor. The encryption key or the decryption key associated with the key request is generated. The encryption key or the decryption key is generated based on authenticating using the security token and the signature descriptor. The encryption key or the decryption key is communicated to a KDS client device the KDS client to sign data or decrypt a signature.

Abstract: A network function virtualization system, comprises a request receiving unit that receives a request to a certificate of at least one of data exchanging parties; a private key generator that generates a first private key information using a second private key information stored in a hardware-based isolated secure execution environment, in response to the request; a public key extractor that extracts a public key information of the first private key information; a public key information storage unit that stores the public key information; and a verifying unit that is accessible from the request receiving unit and verifies the certificate using the public key information corresponding to the certificate.

Abstract: Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

Abstract: A method for safeguarding confidential information during a screen share between two computing devices each having a screen. The method includes receiving, from a first computer, a request to share content of one or more applications displayable on a screen of a second computer. The method further includes summarizing the content to be displayed by the one or more applications, and transmitting, by the first computer, the summarized content to be shared by the one or more applications with the second computer. In exemplary embodiments, the summarized content may be password protected. The method may further include prompting, by the second computer, a password entry and displaying, by the second computer, the summarized content based on a password match.

Abstract: Secure, semi-classical authentication schemes are presented. An authentication token is generated by applying a pre-determined measurement to a plurality of random quantum states to obtain a sequence of classical measurement outcomes. The token is validated by receiving the classical measurement outcomes and verifying whether the sequence corresponds to a statistically plausible result for the pre-determined measurement of the plurality of quantum states.

Abstract: A method and system for explaining a decision process of a machine learning model that includes inputting into a machine learning model a first input data file; receiving a first output data file from the machine learning model based on the first input data file; executing an adversarial attack on the machine learning model, creating a mapping of the one or more units of data of the first input data file with changes by the adversarial attack exceeding a first threshold to one or more segments of the first input data file; determining a density of the changes to the one or more units of data in each of the one or more segments; and displaying the one or more segments of the first input data file having a density of changes to the one or more units of data exceeding a second threshold via a graphical user interface.

Abstract: In some examples, an apparatus includes a management controller for use in a computer system having a processing resource for executing an operating system (OS) of the computer system, the management controller being separate from the processing resource and to perform, based on operation of the management controller within a cryptographic boundary, management of components of the computer system, the management of components comprising power control of the computer system. The management controller is to receive sensor data, perform facial recognition based on the sensor data, and determine whether to initiate a security action responsive to the facial recognition.

Abstract: A system and method for recording, authenticating and verifying transactions of physical items between transacting parties. The system may include memory storing a digital ledger comprising a list of identifiers for a plurality of physical items, each physical item corresponding to a different respective identifier, each identifier being linked in the digital ledger to a public key of an owner of the corresponding physical item, and the list of identifiers and linked public keys being distributed among a plurality of blocks sequentially connected to one another in the digital ledger. The system may also include one or more processors configured to receive a cryptographically signed message including information regarding a transaction of a physical item, including the corresponding identifier of the physical item derived from scanning a label affixed to the physical. The system may verify the message and incorporate the information regarding the transaction into the digital ledger.

Abstract: Systems, methods, and storage media, for enforcing transaction permissions delegation in a computing environment are disclosed. Exemplary implementations may: receive a permissions request, from a requesting computing system for a permissions certificate; transmit a login request to a user computing system associated with a user; receive an acceptance from the user in response to the login request; generate a permissions certificate data structure in response to the acceptance; and return the permissions certificate to the requesting computing system whereby the requesting computing system will be permitted to accomplish the transaction with a transacting party in place of the issuer computing system based on possession of the permissions certificate paired with a cryptographic signature based on a private cryptographic key associated with the requesting computing system.

Abstract: One variation of a method for end-to-end encryption of electronic mail includes: receiving an email encrypted according to a first encryption protocol and designating a recipient within an external domain; verifying encryption protocol supported by the recipient's mail client; in response to a recipient exclusion database identifying the recipient, encrypting the email to a less-robust encryption protocol supported by the recipient mail client and transmitting the email to the !recipient; in response to the recipient exclusion database excluding the recipient and the recipient mail client supporting the first encryption protocol, transmitting the email encrypted according to the first encryption protocol to the recipient; and, in response to the recipient exclusion database excluding the recipient and the recipient mail client not supporting the first encryption protocol, generating a notification email including a hyperlink to a secure webpage containing content of the email and transmitting the notification