Abstract: A method, system, and computer program product to provide a synthetic device ID for a device is provided herein. The method includes receiving a request from the device to obtain a service from a vendor, where the device is associated with an internal device ID. The method further includes generating the synthetic device ID for the device and associating the device, the internal device ID, the vendor, and the synthetic device ID. The method also includes transmitting the synthetic device ID to the vendor, and internally tracking the request based on the association.

Abstract: A system and method for modification of a passcode for accessing the system are provided. The system includes a premises control unit. The premises control unit including control processing circuitry configured to: receive an expected code message, the expected code message instructing an initiation to monitor for an input from a user, receive a input code that is input by the user, determine whether the input code matches a predefined verification code, and if the input code matches the predefined verification code, cause transmission of a verification message to a monitoring server, the verification message indicating the input code matched the predefined verification code and triggering the monitoring server to allow a passcode for accessing the system to be modified.

Abstract: Systems, methods, and manufactures for enhancing the determination of differential privacy query results. Implementations may include a database; a result cache; a processor; and a media storing instructions that, when executed by the processor, cause the system to perform operations that include obtaining a query of the database; determining that a specificity of the query exceeds a specificity threshold; determining that the result cache lacks any query results of previous queries that are substantially equivalent to the query; partitioning the database into a plurality of groups; determining a query result by executing the query on the plurality of groups; determining a sensitivity of the query and a nominal measurement of the query; determining a noisy result by adding noise to the query result based on the sensitivity and the nominal measurement; storing the noisy result in the result cache; and providing the noisy result in response to the query.

Abstract: A method and device for detecting a malicious circuit on an integrated circuit (IC) device is provided. The method includes generating a plurality of test patterns on the IC. A scan test circuit and the plurality of test patterns are used to test don't care bits of a function under test on the integrated circuit. Scan out data from the scan test circuit is provided in response to the plurality of test patterns. The scan out data is stored in a memory on the integrated circuit. The scan out data is monitored over a predetermined time period. If it is determined that a characteristic of the scan out data has changed within the predetermined time period, an indication that a malicious circuit has been detected is output. The device includes circuitry for performing the method in the field.

Abstract: Techniques for session security. Information corresponding to an electronic device used to access a resource is gathered. The information uniquely identifies the electronic device. Subsequent accesses to the resource during the session are monitored to determine whether changes occur to the information. A security action is taken in response to a change in the information.

Abstract: A method for operating an electronic apparatus according to an embodiment of the present invention may comprise the steps of: setting a first key for unlocking data stored in a first electronic apparatus; when the first electronic apparatus receives, from a second electronic apparatus, a second key set by the second electronic apparatus, transmitting by the first electronic apparatus, to the second electronic apparatus, first data locked using the first key and the second key; and when the first electronic apparatus receives, from the second electronic apparatus, a generation signal of a first event for the first data, transmitting the first key to the second electronic apparatus according to whether the first event is approved or not.

Abstract: A method is described. The method includes receiving an access request from a router, the router having received the access request from a client device, the client device initiating the access request to obtain access to a website or application. The method also includes sending an authorization request to an authorizing user, the authorization request comprising the access request, thereby enabling the authorizing user to see information related to the access sought to be obtained. The method further includes receiving an authorization response from the authorizing user. The method additionally includes sending the authorization response to the router, enabling the router to act on the access request.

Abstract: Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets shared during initialization with dynamic time information to generate a data encryption key. The software layers can then securely transfer data with each other by encrypting and decrypting data exchanged between the software layers using the dynamically generated data encryption key.

Abstract: A computer-implemented method is provided for detecting compiler-injected security flaws. The computer-implemented method includes receiving source code, compiling the source code, reverse engineering the compiled source code, comparing operations performed by the source code and the reverse engineered source code, identifying differences between the source code and the reverse engineered source code, and creating a list of differences. The list of differences includes operations that are present in the source code and missing from binary code. Alternatively, the list of differences includes operations that are present in binary code and missing from the source code.

Abstract: An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Abstract: Cardinality-based activity pattern detection is described herein. Events on a computing system are monitored to detect patterns matching defined activity patterns. A cardinality-based activity pattern query is executed over data representing detected activity patterns to identify multiple, distinct defined activity patterns that have occurred during a particular time period.

Abstract: Example of secure monitoring of modular applications and associated edge devices are described herein. In an example, an accreditation request is initiated to accredit at least one of a modular application and an edge device hosting the modular application. The edge device may a device coupling an IoT device to a cloud server. Based on initiating, accreditation information corresponding to at least one of the modular application and the edge device may be received. The accreditation information are generated by a hardware encryption device associated with the edge device. Further, an accreditation status of the modular application may be monitored during execution of the modular application to ascertain whether the modular application and the edge device have been tampered. In case tampering is detected, a remedial action to address the tampering may be performed.

Abstract: Examples described herein relate to a data aggregation system for enabling query operations on restricted data that originates from multiple independent sources.

Abstract: An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Abstract: Presented here is a system to reduce the computational cost of validating transactions recorded in a block chain by at least 500 million. In one embodiment, no proof of work is required, and the validity of the data stored in the block chain is guaranteed using a combination of private identification associated with one or more authorized users and a hash value propagated from each block to the subsequent blocks in the block chain. In another embodiment, the proof of work required is designed to be mildly computationally expensive, for example, at least 500 million times cheaper than the proof of work required to perform a bitcoin verification. The proof of work required can be increased or decreased based on various factors such as an expected time to add a new block to the block chain and/or current processor performance.

Abstract: A device includes a memory. The device also includes a controller. The controller includes a register configured to store an indication of whether an ability of a received command to alter an access protection scheme of the memory is enabled. The received command may alter the access an access protection scheme of the memory responsive to the indication.

Abstract: A method and system for sharing data anonymously between a user's electronic device and a third-party host is provided. A data vault receives, from the electronic device, information about the electronic device and a third-party identifier. The third-party identifier uniquely identifies the third-party host. Using the information about the electronic device and the third-party identifier, the data vault validates the authenticity of the electronic device and the third-party host and identifies a user preference. The data vault server creates an authenticated baton payload that includes the user preference and does not contain user identification information. The data vault receives from the third-party host a request for user data with the authenticated baton payload previously provided to the electronic device. Upon verification of the request for user data and the authenticated baton payload, the data vault provides the requested data to the third-party host without the user identification information.

Abstract: This application discloses a mobile network authentication method, a terminal device, a server, and a network authentication entity. The method includes: receiving, by a first terminal device, a DH public key and a first ID that are sent by at least one second terminal device; sending a first message to a server, where the first message includes a DH public key of each second terminal device of the at least one second terminal device and a first ID of the second terminal device; receiving a second message sent by the server, where the second message includes a DH public key of the server and a second ID of the second terminal device that is generated by the server; and sending, by the first terminal device, the second ID of the second terminal device and the DH public key of the server to the second terminal device.

Abstract: A cryptographic service device includes: a processor; and a memory storing instructions executable by the processor, wherein the processor is configured to execute the instructions to operate as a registration module, a working key creation module, and a cryptographic operation calling module. The registration module is configured to call a secondary security module to generate an asymmetric key pair including a target public key and a target private key. The working key creation module is configured to receive a working key creation request of a business system, and call a primary security module to generate a working key for the business system. The cryptographic operation calling module is configured to receive a cryptographic operation request of the business system, and call a target security module to obtain an operation result of the target security module.

Abstract: Techniques for governing access to third-party application programming interfaces (API's) are disclosed. A proxy service exposes an API configured to receive requests, from user-facing services, to perform functions of backend services. The proxy service stores a usage policy that defines a criterion that is (a) different from any authorization criterion and (b) associated with using a function of a backend service. The proxy service receives a request to perform the function of the first backend service for a user-facing service and determines that the request does not satisfy the usage policy. Based on determining that the request does not satisfy the usage policy, the proxy service refrains from accessing the backend service to perform the function responsive to the request, and transmits an alert to the user-facing service indicating that the request does not satisfy the usage policy.