Abstract: Generator of physically unclonable cryptographic keys (PUF) has two adjustable speed ring oscillators (GPRS, GPRS?), which outputs (o-GPRS, o-GPRS?) are connected to inputs (i1-DF, i2-DF) of a phase detector (DF), which output (o-DF) is connected to control inputs of the adjustable speed ring oscillators (s-GPRS, s-GPRS?) through a control system (US) and is also connected to a output (o-PUF) of the generator of physically unclonable cryptographic keys (PUF) through a sample and compare circuit (URP). Generator has a initializing input (i-UCH) connected to both initializing inputs of the adjustable speed ring oscillators (i-GPRS, GPRS?) and to the first input of the sample and compare circuit (i-URP), which second input (z-URP) is connected to the output (o-GPRS?) of one of adjustable speed ring oscillators (GPRS?).

Abstract: A device comprising a cluster engine implemented by a processor. The cluster engine is configured to obtain a reference correlithm object and compute a set of Anti-Hamming distances between the reference correlithm object and the set of correlithm objects. The cluster engine is further configured to identify a subset of correlithm objects from the set of correlithm objects that are associated with an Anti-Hamming distance that is greater than a first bit threshold value. The cluster engine is further configured to compute a set of Hamming distances between the reference correlithm object and the subset of correlithm objects and to identify correlithm objects associated with a Hamming distance that exceeds a second bit threshold value. The cluster engine is further configured to remove the identified correlithm objects that are associated with a Hamming distance that exceeds the second bit threshold value and generate the cluster.

Abstract: In a system for determining vulnerabilities associated with a web property, requests are communicated to network accessible servers associated with a set of one or more domains. Software components indicated in responses from the network accessible servers are identified. Vulnerability information is obtained for the software components. An aggregate vulnerability is determined for each network accessible server based on at least one of a ratio of software components of the network accessible server indicated as vulnerable by the vulnerability information to total software components used by the network accessible server and a frequency of use of those of the plurality of software components of the network accessible server indicated as vulnerable by the vulnerability information. Vulnerability of the network accessible servers is indicated based on the aggregate vulnerabilities.

Abstract: An adversarial reinforcement learning system is used to simulate a security checkpoint. The system includes a simulation engine configured to simulate a security checkpoint and various threat objects and threat-mitigation objects therein. The system further includes an attack model configured to control threat objects in the simulation and a defense model configured to control threat-mitigation objects in the simulation. A first portion of the simulation is executed by the simulation engine in order to generate an outcome of the first portion of the simulation. The defense model then generates a threat-mitigation input to control threat-mitigation objects in a subsequent portion of the simulation, and the attack model then generates a threat input to control threat objects in the subsequent portion of the simulation, wherein the inputs are based in part on the outcome of the first portion of the simulation.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Abstract: Solution management systems and methods are presently disclosed that enable receiving, compiling, and analyzing vendor solutions, determining the vendor solutions that address a target vulnerability of a client network and/or client devices, determining additional vulnerabilities of the client network and/or client devices that the vendor solutions address, and selecting a vendor solution to remediate the target vulnerability. The presently disclosed systems and methods also enable scoring, risk evaluation, and additional metrics to facilitate determining the vendor solution(s) that have the largest impact and/or benefit to the various vulnerabilities of the client network and/or client devices.

Abstract: Embodiments of the invention are directed to the utilization of trust tokens to perform secure message transactions between two devices. A trust token transmitted in a message from one device may include first data that is digitally signed by a trust provider computer, and second data that is digitally signed by the device itself. Upon receipt of a message containing a trust token, the recipient may utilize the first data to verify with the trust provider computer that the sender of the message is a trusted party. The trust provider computer may provide the recipient device the public key of the sender. The recipient may utilize the second data and the provided public key to verify that the sender signed the message and that the message is unaltered. These techniques may increase detection of relay, replay, or other man-in-the-middle attacks, decreasing the likelihood that such attacks will be successful.

Abstract: Systems and methods of the invention are directed to provisioning a token by a secure authentication system. A user may initiate a transaction that causes a resource provider computer to transmit an authentication request message to a directory server computer. The directory server computer may transmit the authentication request message to an access control server computer for authentication. Subsequent to receiving the authentication request message, the directory server computer may request a token for the transaction from a token provider computer. If authentication is successful, the token may be included in an authentication response message transmitted by the directory server computer to the resource provider computer. The token may then be utilized by the resource provider computer in lieu of sensitive user information for any suitable purpose. In some embodiments, user-specific-data provided by the access control server computer may be included in the authentication response message.

Abstract: A system deletes and sanitizes files in a distributed file system. The system also randomizes rotation of data in a distributed file system.

Abstract: To provide an authentication technique having higher security between IoT devices and server devices or between IoT devices. The server device provides, to the terminal device, a parameter file including a predetermined identifier for uniquely identifying a relationship between the terminal device and the server device, and connection destination information regarding a connection destination of the server device, the terminal device accesses the server device specified by the connection destination information in the parameter file, requests issuance of a timed identification number, and transmits the identifier and the timed identification number to the server device when connecting to the server device specified by the connection destination information in the parameter file, and the server device authenticates the terminal device using the identifier, and confirms an authenticity of the terminal device using the timed identification number.

Abstract: A redundant processing system with profile-based monitoring is disclosed. In embodiments, the redundant system includes two or more redundant lanes, each lane having equivalent processing components. In a testing state, template processors and hardware monitoring sensors are connected to a selected trusted lane and input vectors submitted thereto; the hardware sensors characterize the response of the selected lane and the resulting testing data compiled into system templates. In an operational environment, the template processors send challenges based on the input vectors to each of the redundant lanes in real time, collecting response data from each lane via identical sets of monitoring sensors. The template processors correlate the response data with the corresponding system templates, identifying anomalous lanes and system anomalies based on discorrelations between the response data and the system templates.

Abstract: Systems and methods for providing a middleware application for user-interface-driven applications include receiving, at the middleware application, queries from different dynamic user interface modules associated with respective front-end applications. The front-end applications are authenticated using authentication data included in the query and verification data external to the middleware application. In response to each query, the middleware application receives data from different external data sources, each being a separate instance of the same back-end service. The data is used to generate objects declaring instances of user interface elements, which are sent by the middleware application to the requesting dynamic user interface module for rendering at the associated front-end application.

Abstract: A method for providing access to a communication includes generating a timed key table in device nonvolatile memory, storing archival copies of the timed key table within enterprise environments, encrypting a master secret with the currently applicable key of the timed key table, generating an encrypted timed key table by encrypting the timed key table with a public key, sending data on an encrypted session from a communication device to a server over a network, sending the encrypted master secret and encrypted timed key table from the communication device over the network, decrypting the encrypted timed key table with a private key, decrypting the encrypted master secret sent from the communication device using at least a subset of an unencrypted timed key table to obtain the master secret, and decrypting the encrypted data sent from the communication device using the unencrypted master secret.

Abstract: A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the independent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans.

Abstract: This disclosure describes embodiments of an improvement to the static group solution because all the administrator needs to do is specify the criteria they care about. Unlike static groups, where the administrator needs to keep track of the status of individual users and move them between static groups as their status changes, smart groups allows for automatic identification of the relevant users at the moment that action needs to be taken. This feature automates user management for the purposes of enrollment in either phishing and training campaigns. Because the smart group membership is determined as the group is about to be used for something, the smart group membership is always accurate and never outdated. The query that determines the smart group membership gets run at the time when you are about to do a campaign or perform some other action that needs to know the membership of the smart group.

Abstract: A computing device includes a processor and a machine-readable storage medium storing instructions. The instructions are executable by the processor to: cause a file management sub-system to detect a request to access a particular file belonging to a specific user entity, and to send an authorization request to a security sub-system; cause the security sub-system to check user metadata for the specific user entity in response to the authorization request, to determine whether the file is expired based on the user metadata for the specific user entity, and to, in response to a determination that the file is expired based on the metadata, send a denial of the authorization request to the file management sub-system; and cause the file management sub-system to, in response to the denial, block access to the particular file.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace, an isolated computing environment, and a host-based firewall. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to determine, using one or more environmental indicators, a relative location of the host computer system. The processor may be configured to select a firewall policy based on the relative location of the host computer system. The firewall policy may include a configuration to apply to one or more of the internal isolation firewall or the host-based firewall.

Abstract: Various embodiments of the disclosure provide an apparatus for protecting information. According to various embodiments of the disclosure, an apparatus for monitoring a database includes a transceiver, and a processor operatively coupled to the transceiver. The processor may be configured to acquire a query used in access of the database from the database through the transceiver, replace a first code, included in the acquired query, for query checking to a predefined text, convert the text to a second code for query checking, and output information on validity of the acquired query on the basis of a comparison result of the first code and the second code.

Abstract: An example method for the remote authorization of a gateway to communicate with a device includes accessing time interval data, specified by an owner of the device, the time interval data specifying an access authorization time interval. A calculation is performed, using at least one processor, to generate authorization data that is specific to the device and valid for the access authorization time interval. The authorization data is accessed using the gateway. A scanning function is performed using the gateway, the scanning function to locate the device. A control request is sent to device to control the device.

Abstract: An example intermediary system allows an owner computer system to securely identify and communicate with an end device. The end device uses master secret and time data shared with the owner computer system to generate and advertise a time-dependent device identifier and potentially an encrypted device message. The intermediary system augments the received device data with a message (e.g., an estimate of the device's location) encrypted using the time-dependent device identifier as an encryption key. Furthermore, it hashes the time-dependent device identifier for additional security. The augmented data is forwarded to a server for retrieval and processing by the owner computer system. The owner uses the shared master secret, time data and hash function to generate a hashed time-dependent device identifier used to retrieve matching augmented data from the server. The retrieved message data is decrypted using the reverse of the encryption operations.