Abstract: A method including determining, by a first server, an encrypted authentication packet, the determining including, determining a crypted code field to indicate a type associated with the encryption authentication packet and that at least a portion of the encryption authentication packet is encrypted, and determining a crypted payload based at least in part on encrypting an initial authentication packet. The method may also include transmitting, by the first server to a second server, the encrypted authentication packet to enable the first server and the second server to conduct an authentication process. Various other aspects are contemplated.

Abstract: A method including configuring a first server to determine an encrypted authentication packet, the configuring including, configuring the first server to determine a crypted code field to indicate a type associated with the encryption authentication packet and that at least a portion of the encryption authentication packet is encrypted, and configuring the first server to determine a crypted payload based at least in part on encrypting an initial authentication packet. The method may also include configuring the first server to transmit, to a second server, the encrypted authentication packet to enable the first server and the second server to conduct an authentication process. Various other aspects are contemplated.

Abstract: Providing an automatic mechanism of invalidating false-positive indications of certain identified portions of source code to reduce the number of errors in a security report. Certain embodiments of the present invention utilize static security scanning as a mechanism for automatically determining which portions of the identified source code contain potential vulnerabilities, and whether these identified portions of the source code are correctly or incorrectly identified with a false-positive indication.

Abstract: Methods and apparatus that registers a plurality of mesh node devices to operate as part of a wireless mesh network after a user device scans encoded information that is unique to each mesh node of a plurality of different mesh nodes. After codes associated with different respective mesh nodes are scanned by a user device, that user device may communicate with these different mesh nodes via a low power communication interface and the user device may send registration information to a registration computer via a secure communication channel. Apparatus may also receive a validation code from the registration computer via a communication channel that is different from the secure communication channel and these apparatus may then send the validation code to the registration computer via the secure communication channel when the user device is validated by the registration computer.

Abstract: A log analysis device is provided. The log analysis device receives a log indicating status of an electronic control system mounted in a movable object from the electronic control system, analyzes an abnormality in the electronic control system by using the log received. Depending on a result of the analyzing, the log analysis device determines, on a log-by-log basis, priority for the electronic control system to transmit the log to the log analysis device. Based on the priority determined, the log analysis device generates instruction information that gives an instruction for controlling transmission of the log, and transmits the instruction information to the electronic control system.

Abstract: A system and method for capturing value preference based data from a requestor of one or more digital content presentations during an access sequence and transforming the captured data into a useful tool enabling the content provider to modify the user experience prior to or subsequent to granting access to the requested content resulting in a more efficient and tailored interaction between the requestor and the content provider.

Abstract: A system and method are provided for implementing a secure configuration of a networked system for secure communications, the networked system including at least one instrument for performing corresponding tasks and at least one controller for controlling functions of the at least one instrument. The method includes providing a secure instrument configuration (SIC); displaying status provided by the SIC server identifying the controller and the instruments to a user via a user interface; writing controller secure configuration information from the SIC server to the controller through a software agent on the controller, the controller secure configuration information including authentication data for the instruments, and/or credentials of the one controller acceptable by the one instruments for identifying the controller; and communicating with the controller to initiate implementation of the secure configuration.

Abstract: Systems and methods to encrypt centralized information associated with users of a customer due diligence platform based on a modified key expansion schedule are disclosed. Exemplary implementations may: obtain user profile information making up user profiles of users of a customer due diligence platform; encrypt the user profile information to generate encrypted user profile information based on a modified key expansion schedule requiring multiple different keys; effectuate storage of the encrypted user profile information in association with the user profiles in non-transitory electronic storage; and/or perform other operations.

Abstract: A method including configuring a first server to receive, from a second server, an encrypted authentication packet to enable the first server and the second server to conduct an authentication process, the encrypted authentication packet including a crypted code field indicating that a portion of the encrypted authentication packet is encrypted and a crypted payload including an encrypted initial authentication packet; and configuring the first server to transmit, to the second server, a response based at least in part on determining that the portion of the encrypted authentication packet is encrypted and on decrypting the encrypted initial authentication packet. Various other aspects are contemplated.

Abstract: The presently disclosed subject matter includes an apparatus that receives a dataset with values associated with different digital resources captured from a group of compute devices. The apparatus includes a feature extractor, to generate a set of feature vectors, each feature vector from the set of feature vectors associated with a set of data included in the received dataset. The apparatus uses the set of feature vectors to validate multiple machine learning models trained to determine whether a digital resource is associated with a cyberattack. The apparatus selects at least one active machine learning model and sets the remaining trained machine learning models to operate in an inactive mode. The active machine learning model generates a signal to alert a security administrator, blocks a digital resource from loading at a compute device, or executes other remedial action, upon a determination that the digital resource is associated with a cyberattack.

Abstract: A computer-implemented method according to one embodiment includes compressing an uncompressed instance of data to create a compressed instance of data; encrypting the compressed instance of data in response to determining that a size of the compressed instance of data is less than a predetermined threshold; creating a message authentication code (MAC) for the encrypted compressed instance of data; and adding a variable-length zero pad and the MAC to the encrypted compressed instance of data to create a formatted string.

Abstract: A key exchange system, for generating a shared key for performing encrypted communication between multiple communication devices, includes the multiple communication devices. Each of the multiple communication devices includes a memory, and a processor configured to generate a short term private key by using a private key, generate a short term public key on one of asymmetric pairing groups used for the ID based encryption, by using the short term private key, and generate a shared key for performing encrypted communication with another communication device by performing a first pairing operation using a private key generated on another one of the asymmetric pairing groups and a short term public key generated in the other communication device, and performing a second pairing operation using the short term private key of the communication device and public information used in generating a private key of the other communication device.

Abstract: Communication methods and apparatus are described. One communication method includes that user equipment (UE) sends an N1 message to a security anchor function (SEAF), where the N1 message carries a Diffie-Hellman (DH) public parameter or a DH public parameter index, the N1 message further carries an encrypted identifier of the UE, and the encrypted identifier is obtained by encrypting a permanent identifier of the UE and a first DH public key. The UE receives an authentication request that carries a random number and that is sent by the SEAF. The UE sends, to the SEAF, an authentication response used to respond to the authentication request, where the authentication response carries an authentication result calculated based on a root key and the random number.

Abstract: An information handling system includes a BIOS and a service processor. The BIOS may generate, during a POST, a secret key that includes a symmetric key and a HMAC key and transmits the secret key to the service processor via an high-speed communication interface. After the POST, the BIOS transmits an SMI message that includes an encrypted message and a first hash value of the encrypted message. The encrypted message is encrypted using the symmetric key and the first hash value of the encrypted message is calculated using the HMAC key. The service processor calculate a second hash value of encrypted message based on the HMAC key and verify the encrypted message by comparing the first hash value and the second hash value. After a successful verification, the service processor decrypts the encrypted message and transmits a response to the BIOS.

Abstract: A biometric processing system for authentication combines multiple biometric signals using machine learning to map the different signals into a common argument space that may be processed by a similar fuzzy extractor. The different biometric signals may be given weight values related to their entropy allowing them to be blended to increase security and availability while minimizing intrusiveness.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for detecting a malicious process by a selected instance of an anti-malware system. The method includes one or more processors examining a process for indicators of compromise to the process. The method further includes one or more processors determining a categorization of the process based upon a result of the examination. In response to determining that the categorization of the process does not correspond to a known benevolent process and a known malicious process, the method further includes one or more processors executing the process in a secure enclave. The method further includes one or more processors collecting telemetry data from executing the process in the secure enclave. The method further includes one or more processors passing the collected telemetry data to a locally trained neural network system.

Abstract: Security features for a wireless communications system including encryption and decryption of communications, secure key exchange, secure pairing, and secure re-pairing are provided. The encryption/decryption mechanism uses AES-256 block cypher with counter mode to generate blocks of cypher bits used to encrypt and decrypt communications between a master and devices. Session keys are generated using a random salt and a counter value. The random salt is generated using a secure random number generator. A master key or device key is also used in generating session keys. Impermanent session keys are used to encrypt/decrypt finite amount of data. Thereafter, the session key is replaced and cypher bits are generated using the new session key. A synchronized key jump procedure ensures that the master and device switch to the new session key at the same time.

Abstract: An enhanced robust input protocol for secure multi-party computation (MPC) via pseudorandom secret sharing is provided. With this enhanced protocol, the servers that participate in MPC can generate and send a single random sharing [R] to a client with k inputs (rather than a separate random sharing per input), and the client can derive k pseudorandom sharings from [R] without any further server interactions.

Abstract: It is provided a method for managing central secret keys of a plurality of user devices associated with a single public key. The method is performed in a key manager and comprises the steps of: receiving, from a first user device, transformation data and an identifier of a second user device; obtaining a first central secret key associated with the first user device; generating a second central secret key by applying the transformation data to the first central secret key, wherein the transformation data is applied in reverse to how the same transformation data is applied by the first user device to a device secret key of the first user device; and storing the second central secret key in association with the second user device.

Abstract: A method for encrypting and decrypting data across domains based on privacy computing is provided. A data provider deploys a base key for a data user in advance, and when the data user needs to use the data at a later stage, the data provider generates a data token about a data key based on the base key, and then transmits encrypted data and the data token to the data user. The user obtains the data key based on its own base key in a privacy environment according to the data token, and uses the data key in the privacy environment to realize use of the encrypted data. A transmission process does not involve transmission of the key; therefore, even if a transmission channel is not secure, security of the data can still be ensured, and even if private data is used, the data itself cannot be obtained.