Abstract: Embodiments of systems and methods for indicating a type of secure boot to endpoint devices by a security processor are described. In some embodiments, a security processor may include: a core and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: identify a type of secure boot last performed to bootstrap an Information Handling System (IHS); and make an indication of the type of secure boot available to a host processor or Baseboard Management Controller (BMC) of the IHS.

Abstract: A large-scale Ethernet mesh network including a plurality of dual-mode peer devices in signal communication with one another so as to establish a group connectivity association (CA). Each dual-mode peer device simultaneously operates in a supplicant mode and authenticator mode. Each of dual-mode peer device encrypts data using a shared group encryption key (SAK), and exchanges the encrypted data with peer devices in the group CA.

Abstract: A computer-implemented method can include encrypting a data file as a multiplicity of independent segments that are each a multiple of a block encryption's block size, encrypting the application data on a segment-by-segment basis using the multiplicity of selected encryption methods and associated information, and creating a programming shared object “shim” Interposer module.

Abstract: A method for storing application program information including segmenting the application program information into program sub-information, with an information segmentation algorithm of the application program information having undergone algorithm obfuscation processing; and storing the program sub-information. The present disclosure significantly reduces the possibility of application program information being acquired by hackers and the like, and improves the security of application program information and electronic devices.

Abstract: A method for generating a random number comprises selecting a group of at least two servers within a network; receiving a server specific string from at least two servers of the group; and using the server specific strings to generate the random number.

Abstract: Computer-readable media, methods, and systems are disclosed for encrypting and decrypting data pages in connection with a database employing group-level encryption. A request to load a group-level encrypted logical data page into main memory is received, the data page being identified by a logical page number. A block of group-level encrypted data is loaded into the main memory of the database system from an address corresponding to the physical block number. A block of group-level encrypted data is loaded into the main memory of the database system. A header associated with the block of group-level encrypted data is decrypted using a data-volume encryption key, and an encryption-group identifier is accessed from the decrypted header. A group-level encryption key is retrieved from a key manager, and the remainder of the block of group-level encrypted data is decrypted using the group-level encryption key.

Abstract: A query string for an encrypted database storing a plurality of encrypted data records is received from a requestor. The query string is segmented to obtain at least one word. The at least one word is encrypted with the irreversible encryption algorithm to obtain at least one encrypted word. At least one first encrypted item with a co-occurrence weight higher than a preset threshold based on the at least one encrypted word and a co-occurrence statistics model is acquired. The co-occurrence statistics model is built to provide co-occurrence weights, each indicating a probability that the at least one encrypted word appears in a first encrypted data item of the plurality of encrypted data records. At least one second encrypted data item corresponding to the at least one first encrypted data item is acquired from the plurality of encrypted data records.

Abstract: Some embodiments may facilitate boot-specific key access to perform cryptographic operations. A first boot record and a second boot record may be generated independently in response to a request to boot a virtual device. The first and second boot records may be compared and in response to a match between the first boot record and the second boot record, an identify certificate may be obtained. Authorization to access and use a key for cryptographic operations may be obtained in response to a verification of the identity certificate by a cryptographic processor.

Abstract: In exemplary aspects, a golden data structure can be used to validate the stability of machine learning (ML) models and weights. The golden data structure includes golden input data and corresponding golden output data. The golden output data represents the known correct results that should be output by a ML model when it is run with the golden input data as inputs. The golden data structure can be stored in a secure memory and retrieved for validation separately or together with the deployment of the ML model for a requested ML operation. If the golden data structure is used to validate the model and/or weights concurrently with the performance of the requested operation, the golden input data is combined with the input data for the requested operation and run through the model. Relevant outputs are compared with the golden output data to validate the stability of the model and weights.

Abstract: A unified data fabric for controlling data lifecycles and data flows between trusted data sources and data clients is described herein. A system can include a data ingestion engine and a data delivery engine. The data ingestion engine and the data delivery engine are connected to a data lifecycle engine that maintains data control policies and access control policies. The data ingestion engine is configured to control ingestion of data elements into the unified data fabric based on the data control policies, and the data delivery engine is configured to control access to data elements in the unified data fabric based on access control policies. Each data element from one or more trusted data sources is associated with a global identifier to provide a comprehensive view of information about a constituent from a variety of disparate data sources.

Abstract: An information using device 300 adds an encryption public key held to a blockchain, an information holding device 200 transmits encrypted information as a result of acquiring the encryption public key from the blockchain 400 and encrypting the target information, the information management device 100 stores the encrypted information received, and transmits a storage destination address, the information holding device 100 adds the storage destination address of the encrypted information received to the blockchain 400, the information using device 300 acquires the storage destination address of the encrypted information, and accesses the storage address, the information management device 100 transmits the encrypted information at the storage destination address, in response to the access from the information using device 300, and the information using device 300 decrypts the encrypted information received, using an encryption secret key held.

Abstract: An integrated circuit for a physically unclonable function (PUF) includes a controller configured to generate a control signal with reference to an address table, the address table representing a first mapping relationship between a first PUF cell group and a second PUF cell group having a first predetermined mismatch distance in relation to a PUF cell characteristic, and representing a second mapping relationship between a third PUF cell group and a fourth PUF cell group having a second predetermined mismatch distance in relation to the PUF cell characteristic; and a PUF block configured to provide PUF cell data groups in accordance with the first and second mapping relationships to the controller, in response to the control signal. The controller may be configured to generate an authentication key by respectively comparing the PUF cell data groups with reference data groups.

Abstract: A system for producing and transmitting encrypted data from data encoded on a storage medium comprises an apparatus configured to receive the storage medium and an encryption chip communicatively coupled to the apparatus. The apparatus comprises a processor, a memory, and a network interface. The processor is configured to receive data encoded into the storage medium, and to decode the received data as the storage medium is at least partially inserted into the apparatus. The processor is further configured to transmit the received data to the memory for storage. The encryption chip comprises an encryption processor configured to access the received data stored in the memory of the apparatus and encrypt the received data with an algorithm to produce the encrypted data. The processor then transmits the encrypted data to an external server communicatively connected to a communication network.

Abstract: An embodiment includes activating, responsive to receiving an update notification, an update mode of a mobile device, wherein the activating of the update mode includes disabling a primary communication interface and enabling a secondary communication interface, and wherein the update notification includes notification of a software update available for the mobile device. The embodiment also includes initiating execution of the software update on the mobile device while the mobile device remains in the update mode. The embodiment also includes deactivating, responsive to completing the software update, the update mode of the mobile device, wherein the deactivating of the update mode includes enabling the primary communication interface and disabling the secondary communication interface.

Abstract: A data storage device includes a memory device, an always on (AON) application specific integrated circuit (ASIC), and a controller coupled to the memory device and the AON ASIC. When the data storage device enters a low power state, the controller generates and stores security data associated with context data in a power management integrated circuit (PMIC). The context data is stored in both the memory device and a host memory buffer (HMB). A location of the context data in the HMB is stored in the PMIC with the security data. When the data storage device exits the low power state, the address stored in the PMIC is utilized to retrieve the context data from the HMB. The retrieved context data is verified against the security data by the controller.

Abstract: A request to generate one or more random values can be received. In response to receiving the request to generate the one or more random values, a first read operation can be performed on a memory cell of the memory component to retrieve first data and a second read operation can be performed on the same memory cell of the memory component to retrieve second data. The first data can be compared with the second data to identify a difference between the first data and the second data. The difference can be associated with a noise characteristic of the memory cell. The one or more random values can be generated based on the difference between the first data and the second data that is associated with the noise characteristic of the memory cell.

Abstract: An example system on a chip (SoC) includes a security processor configured to store a plurality of key-pairs associated with subsystems of the SoC to a key vault; and an encryption engine configured to: determine a first tweak value based on a first sector address of a storage device; encrypt the first tweak value according to the second key of the key-pair associated with a subsystem; encrypt a first portion of the source data according to a first key of the key-pair and the encrypted first tweak value; determine a second tweak value based on a second sector address of the storage device and encrypt the second tweak value according to the second key prior to completing the encryption of the first portion of the source data; and encrypt a second portion of the source data according to the first key and the encrypted second tweak value.

Abstract: A method includes storing a golden copy of a device tree binary of a system in a trusted execution environment, identifying whether one or more parameters of a running copy of a device tree binary of the system are different from corresponding parameters of the golden copy by comparing the running copy with the golden copy, and performing a corrective action responsive to an indication that at least one of the one or more parameters of the running copy are different from the corresponding parameters of the golden copy.

Abstract: An information handling system may include at least one processor; and a memory coupled to the at least one processor. The information handling system may be configured to: execute an application on the at least one processor, wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory; and securely transfer execution of the application to a second information handling system by: transmitting platform configuration register (PCR) measurement data to the second information handling system; and transmitting the data of the application to the second information handling system; wherein the PCR measurement data is usable by the second information handling system to perform a remote attestation, the remote attestation including verification of the PCR measurement data to confirm that the data of the application has not been changed.

Abstract: A method, computer program, and computer system is provided for encrypting data or information represented by bits, numbers, used to encode images, text, or audio. For the case of an RGB image encryption applications, the data may be separated into its constituent channels before encryption. In addition to the standard encryption keys, another encryption isokey is generated based on an isounit using an algebraic isofield having a multiplicative identity value different than the number one. On the sender side, each of the channels is encrypted using the standard keys and the generated isokey. On the receiver side, each encrypted channel is decrypted before combining them to obtain the recovered RGB image. In addition to images, the cryptographic algorithm can also be used the encrypt data related to text, audio, and other file types.