Abstract: A physically unclonable function (PUF) system is provided. The PUF system includes an entropy source, a plurality of selectable paths, a random selection block, and error correction logic. The plurality of selectable paths are formed between the entropy source and an output for providing a PUF response. The random selection block is for randomly selecting one of the plurality of selectable paths in response to receiving a challenge. The error correction logic is coupled to the output for receiving the PUF response and for correcting any errors in the PUF response for the plurality of selectable paths. By using a different path through the entropy source each time a challenge is received, protection is provided against side-channel attacks.

Abstract: According to one embodiment, a malware detection system is integrated with at least a static analysis engine and a dynamic analysis engine. The static analysis engine is configured to automatically determine an object type of a received object. The dynamic analysis engine is configured to automatically launch the object after selecting an action profile based on the object type. The dynamic analysis engine is further configured to, provide simulated user interaction to the object based on the selected action profile either in response to detecting a request for human interaction or as a result of a lapse of time since a previous simulated human interaction was provided.

Abstract: Techniques and computing devices for mitigating return-oriented programming (ROP) attacks are described. A hardened stack and an unhardened stack are provided. The hardened stack can include indications of return addresses while the unhardened stack can include all other memory allocations. A stack hardening instruction can be inserted before unhardened instructions (e.g., instructions that are themselves not authorized to access the hardened stack). The stack hardening instruction determines whether the unhardened instruction accessed memory outside the unhardened stack and generates a fault based on the determination. A register can be provided to include an indication of an address span of the unsafe stack. The stack hardening instruction can determine whether the unhardened instruction accessed a memory location outside the address range specified in the register and generate a fault accordingly.

Abstract: Systems, methods, and other embodiments associated with bidirectional authorization are described herein. According to one embodiment, a method includes a user receiving a communication from an entity. In response to receiving the communication from the entity, the method further includes generating a token. The token may be personal identification number (PIN), alphanumeric value, code word, pass phrase, or security question. The token is received by a device of the user. Additionally, the token is transmitted to the entity. The user may then receive evidence of the token from the entity.

Abstract: A computer return apparatus includes a processor. The apparatus includes a memory connected to the processor. The apparatus includes a display. The apparatus includes a return screen that the processor automatically causes to appear during or after boot-up of the processor on the display, that displays information concerning an owner who owns the computer, concerning user information about who the user is who the computer is assigned to for use, and return information for returning the computer to the owner from data stored in the memory. A method for displaying information to assist with returning a computer to its owner.

Abstract: Systems and methods for data collection and processing in a network, including one or more sensors disposed in a network interface and configured to collect raw signal traffic data where each sensor is further configured to parse the raw signal traffic data into network protocols; split the network protocols into content data and metadata; derive contextual metadata from the content data; compile the metadata and the derived metadata to produce anonymized metadata; encrypt the anonymized metadata; and transmit to the encrypted anonymized metadata to a unified data server.

Abstract: A first processing environment includes: a control processing unit configured to execute control processing on a control subject; a first storage area for storing data for controlling the control subject; and a verification determination unit. A second processing environment includes: a second storage area for storing an expected value; a verification value generation unit; and a verification execution unit. The verification value generation unit generates the verification value before the control processing is stopped. The verification execution unit executes comparison processing of comparing the expected value and the verification value before the control processing is activated.

Abstract: In one or more embodiments, one or more systems, methods, and/or processes may determine a first force value of the stylus in contact with a surface; may determine a first profile associated with the first user; may determine that the first force value is not included by the first profile; if multiple force values of the first profile are within a range of the first force value, may determine a first response value based at least on multiple response values of the first profile respectively associated with the multiple force values of the first profile within the range; and if multiple force values of at least one other profile are within the range, may determine the first response value based at least on multiple response values of the at least one other profile respectively associated with the multiple force values of the at least one other profile within the range.

Abstract: Systems and methods for utilizing statistical relational learning techniques in order to predict factors for nodes of a node graph, such as a node graph that represents attacks and incidents to a computing system, are described. In some embodiments, the systems and methods identify certain nodes (of a node graph) as representing malicious attributes of an email or other threat artifact received by a computing system or network and utilize relational learning to predict the maliciousness of attributes represented by other nodes (of the node graph).

Abstract: The herein described technology facilitates sharing of notes and files with a locked computing device. The locked computing device may receive a file sharing request that includes a file identifier identifying a location of a source file. The locked processing device provides a user account of the processing device with access to content of the source file responsive to authentication of a recipient access credential associated with the user account.

Abstract: In order to provide improved matching of records between different sources, systems and methods include generating a data link between a stored interaction profile of the user and activity data records that identify activities performed by the user. Online interaction data associated with the user is received, including tracking data indicative of online interactions with content. The online interaction data is stored in the stored interaction profile associated with the user. An activity model is used to predict correlation parameters representing groupings of online interactions of the online interaction data with activities performed by the user, where the prediction is based on the tracking data and each activity in the interaction profile. The interaction profile is updated with the groupings and user activities are authenticated based on the interaction profile.

Abstract: An example device includes a processor coupled to a network and a memory coupled to the processor. The memory includes computer code for causing the processor to establish a secure connection between a manageability application and an interconnect device, the interconnect device being in communication with a newly connected networked device; and securely communicate, from the manageability application to the interconnect device, temporary login information for the networked device.

Abstract: A method for verifying instructions of diagnostic equipment is used to solve a technical problem that a lower computer of the diagnostic equipment is prone to be cheated by an upper computer, this method comprises: obtaining first verification data sent from the upper computer of the diagnostic equipment, wherein the diagnostic equipment carries the first verification data when a software version of the diagnostic equipment is updated, the first verification data is encrypted and comprises a set of instructions sent from the upper computer to the lower computer in a corresponding software version; decrypting the first verification data to obtain the set of instructions; comparing instruction data received from the upper computer with the set of instructions, and judging whether the instruction data comply with the set of instructions; if the instruction data comply with the set of instructions, executing the instruction data; and if the instruction data doesn't comply with the set of instructions, refusing to

Abstract: A counter integrity tree for memory security includes at least one split-counter node specifying at least two counters each defined as a combination of a major count value shared between the at least two counters and a respective minor count value specified separately for each of the at least two counters. This increases the number of child nodes which can be provided per parent node of the tree, and hence reduces the number of tree levels that have to be traversed in a tree covering a given size of memory region. The minor counter size can be varied dynamically by allocating nodes in a mirror counter integrity tree for accommodating larger minor counters which do not fit in the corresponding node of the main counter integrity tree.

Abstract: The present application is directed to a method and system for secure electronic communications using physically distributed security hardware and capable of operating by simulating a common or unitary HSM device. This is achieved by implementing the internal operations of the HSM using threshold cryptography on a set of internal nodes. In order to provide the necessary functionality, the keys and the required operations (such as the digital signature) are distributed among these nodes. In particular, the system provides digital signature capabilities through an efficient and modular application of Victor Shoup's schema referred to in the background.

Abstract: Native file encryption support is integrated into an existing file system that does not provide such support, such as the FAT family of file systems, while maintaining backwards compatibility with previous implementations of these file systems.

Abstract: A method for verifying upgrade of diagnosis connector of diagnostic equipment is used to solve a problem that an illegal person implements an illegal upgrade for the diagnosis connector of the diagnostic equipment by cloning.

Abstract: An unauthorization determination system includes a memory device that is mounted in a vehicle and includes a predetermined non-access area, a connection device mounted in the vehicle and configured to be connected to the external device in a wired or wireless manner, and an ECU configured to, in a case where access to the non-access area is requested from the external device or in a case where the non-access area is accessed by the external device, determine that the access from the external device is unauthorized.

Abstract: The present disclosure includes a method for authenticating a field device of automation technology with respect to a destination device. A telegram is created by the field device, which telegram includes a first data field and at least a second data field. The first data field includes information on the status of the field device and/or of the device components of the field device and/or information on the device parameterization/configuration, and a sequence counter or a time stamp. Security data are generated from the first data field via a cryptographic method, which security data are stored in the second data field. The telegram is transmitted from the field device to the destination device, wherein the destination device verifies the second data field as to authenticity or integrity upon receipt of the telegram, and wherein a first alarm is generated if the authenticity or the integrity of the second data field is not successfully verified.

Abstract: An approach is provided that selects a geographic location to which transmission of a data packet is disallowed. The approach identifies disallowed network devices that reside in the selected geographic location and builds a routing path through a public computer network through an allowed set of network devices with the allowed set of network devices does including any of the disallowed network devices. The approach then transmits the data packet from a transmitting network device to a receiving network device using the routing path.