Abstract: In one embodiment, an apparatus includes: a clock generator to receive a reference clock signal and generate a first clock signal using the reference clock signal; a counter coupled to the clock generator to maintain a first count regarding a number of cycles of the first clock signal; and a controller coupled to the counter. The controller may be configured to detect a potential security violation when the first count varies from a predetermined value.

Abstract: Systems and methods are provided for context-based authentication, via a decentralized network. One example method includes receiving, at a mobile device, from a relying party, a request for an attribute of a user in connection with an interaction between the user and the relying party and determining a type of authentication to be used for the interaction, based on an authentication policy of the relying party and multiple context signals stored in the mobile device prior to providing the attribute to the relying party. The multiple context signals are indicative of one or more patterns indicative of the user and/or the mobile device. The method also includes soliciting authentication data from the user consistent with the determined type of authentication, receiving, by the mobile device, the solicited authentication from the user, and providing the attribute to the relying party in response to the user being authenticated at the mobile device.

Abstract: Systems, methods, and non-transitory computer readable media are provided for security-aware caching of resources. An offline version of a resource may be prepared for a computing device. The offline version of the resource may include a security parameter. The security parameter may define a security rule to be enforced with respect to offline usage of the resource. The offline version of the resource may be provided for caching by the computing device. The cache of the offline version of the resource may enable the offline usage of the resource by the computing device. The security rule for the offline usage of the resource may be enforced by the computing device based on the security parameter.

Abstract: Presented here is a system that manages secured file system, and an authority to the secured file system, by granting access only to a user who is authorized to access the file system. The user within the system is identified using a unique key unique to each user. The user's authority is recorded in a linear sequence distributed among multiple devices each of which independently verifies the validity of each block in the linear sequence. The validity of the linear sequence is guaranteed by preventing certain operations from being performed on the linear sequence, such as branching of the linear sequence, deletion, and modification of the blocks within the linear sequence. Prior to adding a new block to the linear sequence, the validity of the block is independently computed by each of the devices.

Abstract: Fully homomorphic encryption integrated circuit (IC) chips, systems and associated methods are disclosed. In one embodiment, a method of operation for a number theoretic transform (NTT) butterfly circuit is disclosed. The (NTT) butterfly circuit includes a high input word path cross-coupled with a low word path. The high input word path includes a first adder/subtractor, and a first multiplier. The low input word path includes a second adder/subtractor, and a second multiplier. The method includes selectively bypassing the second adder/subtractor and the second multiplier, and reconfiguring the low and high input word paths into different logic processing units in response to different mode control signals.

Abstract: The present disclosure involves systems, software, and computer implemented methods for access control for object instances. A method includes receiving, at a cloud application, a user request associated with a user. The user request corresponds to an instance of a first application artifact type. Role assignments for the user are retrieved from a cloud platform and a determination is made that the role assignments grant permission to the first application artifact type to the user. A determination is made that a first instance-based access policy exists for the first application artifact type. A determination is made regarding whether the first instance-based access policy grants permission for the user to access the instance. The user request is serviced in response to determining that the first instance-based access policy grants permission for the user to access the instance.

Abstract: A method for performing spacetime-constrained oblivious transfer between various laboratories of a first party A and various laboratories of a second party B. The method includes providing the spacetime-constrained oblivious transfer to satisfy various conditions. The method further includes encoding, by the laboratories of the first party A, various messages in a quantum state selected from various non-orthogonal quantum states. The method further includes transmitting, by the laboratories of the first party A, the quantum state to a first laboratory of the second party B. The method further includes applying, by the first laboratory of the second party B, a quantum measurement on the quantum state to obtain a classical measurement outcome. The method further includes transmitting, by the first laboratory of the second party B, the classical measurement outcome to the laboratories of the second party B.

Abstract: A method and system for detecting intrusion in a distributed field bus of a vehicle network involve using an Intrusion Detection System (IDS) to detect intrusion in the network. In a network with a number of nodes, IDS is configured in each of the number of nodes. The IDS, in a first node configured in a transmission mode, receives at least one message signal. A hash function is performed on at least one message signal for generating a first Honeypot (HPT) signal. Simultaneously, the first node transmits the first HPT signal to the second node. The first node and the second node generates a reference HPT and second HPT respectively using an echo-hash function. The IDS detect intrusion based on a comparison of the reference HPT and the second HPT. The method is independent of network traffic timing and can be performed in real-time.

Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity.

Abstract: A system may include an interface configured to couple to a network, and includes a processor and a memory accessible to the processor. The memory may be configured to store instructions that, when executed, cause the processor to process search results corresponding to multiple data owners to selectively filter personally identifiable information (PII) associated with one or more consumers from the set of search results according to data sharing permissions for each of the data owners to produce filtered results. The instructions may further cause the processor to provide the filtered results to a user device through the network.

Abstract: Disclosed are various embodiments for an authentication service. A unique identifier is associated with a device access token for a client to be authenticated. An authentication identifier is sent to an authenticated client. The client to be authenticated communicates the authentication identifier and unique identifier to the authentication service to complete authentication.

Abstract: A vehicle processing device authenticates that an authorized user has requested an action by the vehicle and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date.

Abstract: Various implementations described herein are directed to a device with a reset tree having leaf buffers that provide sensed output signals based on a reset-synchronizing input signal. The device may have a first sensor that receives the sensed output signals from the leaf buffers of the reset tree and provides an attack detection signal based on sensing a malicious attack. The device may have a second sensor that receives the reset-synchronizing input signal, receives the attack detection signal from the first sensor and provides a reset alarm signal based on duration of a timing glitch associated with comparing a difference between the reset-synchronizing input signal and the attack detection signal.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for automatic account protection. A method includes detecting a trigger indicating one or more of a potential and an actual security breach at one or more websites where a user has an account that is accessible using electronic credentials. A method includes logging into the one or more websites for the user using the electronic credentials. A method includes performing one or more actions at the one or more websites associated with the electronic credentials to protect the user's account.

Abstract: Systems, apparatuses, and methods are described for establishing, or re-establishing, trust for a network device. A user device may send, via a network device, a service request to establish trust for the network device in a network. The service request may comprise, or may allow look up of, identifying information for the network device, such as a network address. Trust of the network device may be established, at least in part, by confirming the network address (or other identifying information) associated with the network device, and/or by confirming certain devices that are in communication with the network device. An authentication token may be sent to the network device for reconnecting to the network.

Abstract: Systems and methods for leveraging smart glasses for identifying anomalies in a document is provided. Methods may include scanning the document and determining a document type based off pre-defined identifiable features extracted from the document. In parallel to determining, methods may include performing a series of actions to identify any anomalies. Methods may include tracking the user's eye movements and based off of the one or more portions of the document upon which the user's eyes are focused, capturing data from one or more portions, identifying a document characteristic and comparing the document characteristic to a predetermined document rule. When the document characteristic complies to the predetermined document rule, methods may include repeating the series of actions and when the document characteristic fails to comply with the predetermined document rule, methods may include displaying an image of the anomaly, on a display of the smart glasses.

Abstract: A device may include a processor configured to select a quantum key distribution transmission; identify an optical fiber path via which the quantum key distribution transmission is to be performed; determine one or more values for at least one transmission parameter for the identified optical fiber path; and select a pulse script for the optical fiber path based on the determined one or more values for the at least one transmission parameter. The processor may be further configured to perform the quantum key distribution transmission via the identified optical fiber path using the selected pulse script.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for automated event migration. A method includes aggregating a set of events from one or more servers to a trusted hardware device. Certain different events of a set of events may be associated with different service providers. A method includes identifying, on a trusted hardware device, a repeating event from a set of events. A method includes prompting a user to migrate subsequent instances of a repeating event from one service provider to a different service provider of a plurality of service providers based on a likelihood that the aggregated set of events includes each event for the user of an event type of the aggregated set of events. A method includes migrating subsequent instances of a repeating event, using a user's electronic credentials, from one service provider to a different service provider in response to the user accepting a prompt.

Abstract: Systems, apparatuses, and methods are disclosed for quantum entanglement authentication (QEA). An example method includes transmitting a first number and a first electronic identification of a first set of entangled quantum particles to a first computing device, each entangled quantum particle in the first set of entangled quantum particles is entangled with a respective entangled quantum particle in a second set of entangled quantum particles, receiving from the first computing device, a first session key, the first session key being a function of the first number and a second number provided to the first computing device in response to a first measurement initiation control signal comprising the first electronic identification of a first subset of the first set of entangled quantum particles, and in an instance in which the first session key corresponds to a second session key, authenticating a session between the first computing device.

Abstract: There is herein provided a method of performing Quantum Key Distribution, the method including transmitting, in a first basis state, a first photon from a quantum transmitter to a quantum receiver; transmitting, in a second basis state, a second photon from the quantum transmitter to the quantum receiver, the second basis state being non-orthogonal to the first basis state and the transmitter and receiver being optically connected by both a first optical channel and a second optical channel, wherein transmitting the first photon from the quantum transmitter to the quantum receiver in the first basis state comprises: transmitting the first photon from the quantum transmitter to the quantum receiver along either the first optical channel or the second optical channel, wherein transmitting the second photon from the quantum transmitter to the quantum receiver in the second basis state comprises: transmitting a first portion of the probability distribution of the second photon from the transmitter to the receiver