Abstract: The present disclosure relates to systems and methods that provide a reconfigurable cryptographic coprocessor. An example system includes an instruction memory configured to provide ARX instructions and mode control instructions. The system also includes an adjustable-width arithmetic logic unit, an adjustable-width rotator, and a coefficient memory. A bit width of the adjustable-width arithmetic logic unit and a bit width of the adjustable-width rotator are adjusted according to the mode control instructions. The coefficient memory is configured to provide variable-width words to the arithmetic logic unit and the rotator. The arithmetic logic unit and the rotator are configured to carry out the ARX instructions on the provided variable-width words. The systems and methods described herein could accelerate various applications, such as deep learning, by assigning one or more of the disclosed reconfigurable coprocessors to work as a central computation unit in a neural network.

Abstract: A method for converting data on a computer from an original encrypted format to a new encrypted format without exposing the data in a decrypted state during the conversion process. The computer(s) is locked during the conversion process. The computer data is now re-encrypted to the new format, the original encryption is then removed, and the new encryption software is applied. Finally, the computer with its newly-encrypted data is unlocked for normal usage.

Abstract: A constrained device includes an exterior surface affixed with a public key associated with the constrained device. Alternatively, or in addition, the public key may be included in a container that stores the constrained device. The constrained device also includes memory, which stores a private key, wherein the private key corresponds to the public key that is affixed on the exterior surface of the constrained device. By displaying the public key on the constrained device, a system administrator may document the public key and related information about the device and its intended role in the network without requiring any human interface or any establishment of power or network at the installation site.

Abstract: A method for authorizing execution of a first action is disclosed. The method includes: receiving, from a first client server having access to a human resources database of an organization, a first employee structure indicating an employee status associated with each of one or more employees of the organization; receiving, from a requesting device, a first request to execute a first action; generating a second request to obtain approvals for executing the first action; and selectively transmitting the second request to one or more first employees of the organization, the one or more first employees being identified based on the first employee structure.

Abstract: Systems and methods are provided for authenticating image files when network connections should not or cannot be used to transfer image files. A user device application may capture an image at a user device, generate an image file, and generate a hash file based on the image file. Instead of sending the image file to an authentication server for authentication, the application may send the hash file. If desired, the application may transfer the image file when a desirable network connection is available. Any alteration to the image file in the meantime will result in a different hash file for the altered image file, thus allowing detection of altered image files. This approach offers decreases the amount of data that is required to be transmitted in low or undesirable signal conditions, while maintaining an ability to detect alterations to image files that may have been made in the meantime.

Abstract: A cyber-physical system may have a plurality of system nodes including a plurality of monitoring nodes each generating a series of current monitoring node values over time that represent current operation of the cyber-physical system. According to some embodiments, a watermarking computer platform may randomly inject a watermarking signal into an injection subset of the system nodes. The watermarking computer platform may then receive current monitoring node values over time and generate a current watermarking feature vector based on the current monitoring node values. The watermarking computer platform might comprise a dedicated watermarking abnormality detection platform or a unified abnormality detection platform (e.g., that also uses data-drive feature vectors). The injection subset may be associated with a randomly selected subset of the system nodes and/or magnitudes of watermarking signals that are randomly selected.

Abstract: Security of a protected computer that is accessible via a public network is enhanced by eliminating or reducing open network ports on the protected computer. To reduce open network ports, the protected computer initiates a control connection to an enterprise controller. A request for service from a client device is made to the enterprise controller. If appropriate, the request is then forwarded by the enterprise controller to the protected computer over the control connection. If the request is accepted by the protected computer, the protected computer opens an additional connection to the enterprise controller to provide for streaming of input and output between the task performed on the protected computer and the enterprise controller. This input and output is forwarded by the enterprise controller to the client device and/or protected computer.

Abstract: A system and method for monitoring a leakage of internal information by analyzing encrypted traffic according to the present invention is characterized in that an SSL session is not created directly between an internal computer and an external computer, but a monitoring computer creates SSL sessions with the internal computer and the external computer respectively, and when a data packet is transmitted from the internal computer to the external computer, the monitoring computer first checks whether the data packet contains internal information and then delivers the data packet.

Abstract: A method of encrypting a data file includes: opening the data file; selecting, via a first user interface, a portion of the data file; encrypting, via an encryption component, the selected portion of the data file as one of a first level of encryption associated with a first authorized user and a second level of encryption associated with a second authorized user so as to create an encrypted data file; and saving the encrypted data file. The encryption component includes an out-of-band encryption key component having stored therein, a first encryption key associated with the first level of encryption and a second encryption key associated with the second level of encryption.

Abstract: A computer implemented system and method for acquisition of advance consent for each instance of PII use includes the steps of receiving reference specimens for a user, electronically storing the reference specimens on a distributed block chain. When PII of the user is to be used, a consent session is electronically requested for the user. Consent-session specimens are electronically received from the user in response to the electronic request for the consent-session after completion of the consent session. The consent-session specimens include a video of the user making an affirmative consent statement, a photograph of fingerprints of the user, and a photograph of identification (ID) credentials of the user. A degree to which each of the consent-session specimens from the user match the reference specimens for the user is electronically determined and the transaction information is electronically stored on the distributed block chain.

Abstract: Various embodiments comprise systems, methods, architectures, mechanisms, apparatus or protocols configured to provide seamless authentication of devices to secure networks via an Extensible Authentication Protocol (EAP) using credentials based on device information and/or service information visible to third party mobile services providers.

Abstract: A method, including identifying, in network data traffic, multiple scans, each of the scans including an access, in the traffic, of a plurality of ports on a given destination node by a given source node during a predefined period. Respective first probabilities of being accessed during any given scan computed for the communication ports that were accessed in the identified scans, and a respective second probability that both of the ports in the pair were accessed during any given scan are computed for each pair of the ports in the identified scans. Upon detecting a scan by one of the nodes including accesses of first and second ports on a given destination node for which the respective second probability for the pair of the first and second ports is lower than a threshold dependent upon the respective first probabilities of the first and second ports, a preventive action is initiated.

Abstract: A device includes a communication interface and a processor. The communication interface is configured to receive a network threat report. The processor is configured to extract an indicator from the network threat report. The indicator is reported to be associated with a network threat. The processor is also configured to determine, based on the indicator, a confidence score indicating a likelihood that the indicator is associated with malicious activity. The processor is further configured to determine, based on the indicator, an impact score indicating a potential severity of the malicious activity. The processor is further configured to identify, based on the indicator, the confidence score, and the impact score, an action to be performed. The action includes blocking network traffic corresponding to the indicator or monitoring network traffic corresponding to the indicator. The processor is also configured to initiate performance of the action.

Abstract: A system and method for providing cyber defense for electronic identification, vehicles, ancillary vehicle platforms, and telematics platforms using blockchain. The vehicle may be a ground-based vehicle, air-based vehicle, roadable aircraft vehicle, sea-based vehicle, autonomous vehicle, or unmanned aerial vehicle. Wherein ancillary vehicle platforms may include, but not limited to, aviation platforms, urban air mobility platforms (UAM), and unmanned aircraft systems (UAS). The system and method include determining whether a user is an authorized operator of a vehicle, the vehicle including an external display of a digital license tag. If the user is determined to be an unauthorized operator of the vehicle, the system activates a primary kill switch which prevents the activation of the vehicle's digital license tag.

Abstract: An apparatus for enhancing secret key rate exchange over quantum channel in QKD systems includes an emitter system with a quantum emitter and a receiver system with a quantum receiver, wherein both systems are connected by a quantum channel and a service communication channel. User interfaces within the systems allow to define a first quantum channel loss budget based on the distance to be covered between the quantum emitter and the quantum receiver and the infrastructure properties of the quantum channel as well as a second quantum channel loss budget associated to the loss within the realm of the emitter system. The emitter system is adapted to define the optimal mean number of photons of coherent states to be emitted based on the first and the second quantum channel loss budgets.

Abstract: This document discloses a solution for detecting, by a computer apparatus, computer program library in a binary computer program code.

Abstract: In some embodiments, a first device may generate a data block for an ordered set of data blocks such that the data block is cryptographically chained to a given data block preceding the data block in the ordered set. The first device may obtain an encryption key used to encrypt information related to the data block, and use group members' keys to encrypt the encryption key to generate a group key. As an example, the group's members may include a first member associated with the first device and other members. The keys used to encrypt the encryption key may include the other members' keys. The first device may transmit the ordered set and the group key to a communication resource (e.g., accessible by the members). Other devices (associated with the other members) may use the ordered set and the group key to obtain content related to the ordered set.

Abstract: A method, an information handling system (IHS), and an authentication system for authenticating users of an IHS. The method includes receiving, from a client computer system, a request to access at least one authentication domain of the IHS. The method further includes transmitting a request for an authentication token to a baseboard management controller (BMC) and receiving the authentication token from the BMC. The method further includes generating, via a processor, an application session using the authentication token and the client credentials and transmitting the application session to the client computer system. The application session allows access by the client computer system to the authentication domain of the IHS.

Abstract: A system and method for serverless runtime application self-protection.

Abstract: A client application establishes a connection between the client application and an origin server over one or more networks. The application generates a request to establish a secure session with the origin server over the connection. The request includes information, in a header of the request, that flags traffic sent during the secure session to a network of the one or more networks as subject to one or more optimizations performed by the network. Subsequent to establishing the secure session, the application encrypts the traffic in accordance with the secure session and sends the traffic to the origin server over the connection, subject to the one or more optimizations. The infrastructure service applies the one or more optimizations to the traffic as it passes through the edge network to the origin server.