Abstract: A memory system includes a plurality of memory cells at intersections between a plurality of word lines and a plurality of bit lines, and a plurality of bit line sense amplifiers connected to the plurality of bit lines, the plurality of bit line sense amplifiers configured to write data to or read data from the plurality of memory cells through the plurality of bit lines, a redundancy bit line sense amplifier among the plurality of bit line sense amplifiers configured to generate a physically unclonable function (PUF) key including a unique random digital value.

Abstract: The disclosure relates to technology for secure compute. One aspect includes a network device, comprising a non-transitory memory comprising instructions; and one or more processors in communication with the non-transitory memory storage. The one or more processors execute the instructions to receive and process routing requests in a network; send an indication into the network that the network device is able to perform secure computes; perform a secure compute based on an input received via the network from an input device; ensure that a result of the secure compute is trusted as a correct result of the secure compute; and provide the trusted result of the secure compute to a result device connected to the network.

Abstract: Methods, systems, and computer program products for detection of personally identifiable information (PII). A first detector and a second detector are configured to interoperate. The first detector is different from the second detector and the second detector incurs a greater computational cost than the first detector when processing identical content. Content is presented to the first detector so as to implement a first type of PII detection that is based at least in part on regular expression analysis using regular expressions. The content is presented to the second detector. The second detector performs PII detection based on content analysis that is different from the first detector's regular expression analysis. The second detector causes generation of new regular expressions based on the content analysis and the first detector is updated with such new regular expressions. Performance of the first detector is continually improved as new regular expressions are generated.

Abstract: An obfuscation process is described for obfuscating a cryptographic parameter of cryptographic operations such as calculations used in elliptical curve cryptography and elliptical curve point multiplication. Such obfuscation processes may be used for obfuscating device characteristics that might otherwise disclose information about the cryptographic parameter, cryptographic operations or cryptographic operations more generally, such as information sometimes gleaned from side channel attacks and lattice attacks.

Abstract: A decoder is provided for decoding user information. The decoder obtains a random code pattern from at least one of a card or a device owned by a user. The decoder further obtains a personal identifier from the user. The decoder then queries a mapping table based on a combination of the random code pattern and the personal identifier of the user, wherein the mapping table comprises user information associated with each of a plurality of users mapped to a respective unique combination of a random code pattern and a personal identifier of the user. The decoder obtains user information of the user in response to the query, wherein one or more actions are performed based on the user information.

Abstract: Systems and methods facilitate privacy-preserving data curation in a federated learning system by transmitting a portion of a potential data sample to a remote location. The portion is inspected for quality to rule out data samples that do not satisfy data curation criteria. The remote examination focuses on checking the region of interest but maintains privacy as the examination is unable to parse any other identifiable subject information such as face, body shape etc. because pixels or voxels outside the portion are not included. The examination results are sent back to the collaborators so that inappropriate data samples can be excluded during federated learning rounds.

Abstract: According to an embodiment, a security controller is described comprising a memory storing data elements of a data array and a processing circuit configured to determine a power of two such that number of data elements is higher than the power of two but at most equal to double the power of two, determine random first and second integers, change indices of a predefined sequence of indices, comprising performing a first change of the index according to a first permutation if it is lower than the power of two, performing a second change of the index by adding a third integer modulo data array length and performing a third change of the index by a second permutation if it is, following the second change, lower than the power of two, and process the data elements in an order of the changed indices.

Abstract: The safety is improved when executing a transaction instructed after the login from a user having carried out the login operation to the server. A transaction system (101) includes a server (121), a first terminal (141), and a second terminal (161). A user logs-in the server (121) through the first terminal (141). The server (121) generates a notice to be transmitted to the second terminal (161) when receiving an instruction of a transaction through the first terminal (141) from a user. The first terminal (141) or the second terminal (161) prompts the user to input a confirmation of details of the transaction when the notice is transmitted to the second terminal (161) from the server (121). The server (121) regards the confirmation of the transaction made by the user as having been made when the input of the user matches with the details of the transaction.

Abstract: Examples provide a single-command menu option for initiating security scanning of source code without user interaction with the security scan component performing the security scan. The single-command menu option can include a single-click menu option in a graphical user interface, a command-line utility or a web interface for performing web service calls to the security scanning service(s). A user selects source code for scanning. A zip file is created for the selected source code. The zip file is placed in a target directory or scan queue for upload to the security scan component. A user ID appended to the source code is utilized to return a summary report of the scan results to the user without user credentials or login to the system.

Abstract: Method and system are provided for user authentication using original and modified images. The method includes receiving an original image for a user, where the original image is a private image that meets certain configured criteria. The method uses a pre-trained Convolutional Neural Network (CNN) model to extract one or more image features of the original image and feeds the extracted image feature into a Generative Adversarial Network (GAN) image generator to realistically modify the extracted image feature to generate a modified image. The method authenticates a user based on recognition of a presented original image or a presented modified image.

Abstract: A writing method of a crypto device includes receiving a write request from a central processing unit, determining a write attribute of the write request, and performing one of a partial write operation and a full write operation according to the write attribute. In the full write operation, a random number for a version count is generated, a key stream is generated using the version count, the key stream and write data are encrypted in a first logical operation, and the encrypted data and the version count are stored in a memory device.

Abstract: A medical information anonymizing system includes a processing circuitry. The processing circuitry acquires medical information generated in a format based on a communication standard for a medical image and including a medical image and supplementary information. The processing circuitry adds the anonymization reference information indicating an anonymizing method for anonymizing the medical information to the supplementary information in the medical information. The processing circuitry configured to receive the medical information in which the anonymization reference information is added to the supplementary information and, based on the anonymization reference information added to the medical information, anonymize at least one of the medical image and the supplementary information included in the medical information.

Abstract: An embodiment associates a user's post data that with a category from a predefined list of categories based on the post content. The embodiment analyzes, using machine learning, the post data for potentially sensitive content and generates a first sensitive data indicator identifying potentially sensitive information in the post data and an associated first confidence value. The embodiment generates explanatory data identifying a feature that contributed to the post data being identified as potentially sensitive, and generates a modified version of the post data that modifies the feature. The embodiment analyzes the modified post data for potentially sensitive content and generates a second sensitive data indicator and a second confidence value indicating that the post data is more likely to contain sensitive data than the modified post data. The embodiment alerts the user regarding the potentially sensitive data and recommends changing the post based on the modified feature value.

Abstract: Techniques for configuring data protection settings for data of an industrial system or an electric power system are provided. The industrial system or the electric power system includes at least one gateway via which the data are transmitted to a computing resource for processing and/or storing. One or several privacy-preserving techniques to be applied to the data are automatically determined. The one or several privacy-preserving techniques being determined based on data privacy requirements for the data and processing operations to be performed on the data by the computing resource. The determined one or several privacy-preserving techniques are automatically applied.

Abstract: A computer implemented method to detect anomalous behavior of a software container having a software application executing therein, the method including receiving a sparse data representation of each of a: first set of container network traffic records; a first set of application traffic records; and a first set of container resource records, and training an hierarchical temporal memory (HTM) for each first set, wherein the container network traffic records correspond to network traffic communicated with the container, the application traffic records correspond to network traffic communicated with the software application, and the container resource records correspond to the use of computer resources by the container; receiving a sparse data representation of each of a: second set of container network traffic records; a second set of application traffic records; and a second set of container resource records; executing the trained HTMs based on each respective second set to determine a degree of recognition o

Abstract: Systems, methods and non-transitory computer readable media for controlling access in privacy firewalls are provided. A request to access a content of an element may be received, the content of the element may include a first portion and a second portion, the first portion may include identifiable information and the second portion may include no identifiable information. A permission record corresponding to the element may be accessed. In response to a first value in the permission record, access may be provided to the content of the element, including access to the first and second portions, and in response to a second value in the permission record, partial access may be provided to the content of the element, the partial access may include access to the second portion and may exclude access to the first portion.

Abstract: A method disclosed herein may include receiving, at a first computing system, encrypted identifiers and encrypted values, performing, by the first computing system, a concealing operation on the encrypted identifiers to produce concealed encrypted identifiers, wherein the concealing operation conceals the encrypted identifiers from the first computing system and a second computing system but enables matching between the concealed encrypted identifiers, decrypting, by the second computing system, the concealed encrypted identifiers to produce concealed identifiers, and performing, by the second computing system, an aggregation operation using the concealed identifiers and the encrypted values to produce an encrypted aggregate value without accessing personally identifiable information associated with the encrypted values.

Abstract: An example system includes a processor that can obtain a circuit describing operations of sequential secure computation code. The processor can modify the circuit based on a cost function. The processor can partition the circuit into a number of sub-circuits. The processor can assign the number of the sub-circuits to different processors for execution.

Abstract: Embodiments described herein enable the detection, analysis and signature determination of obfuscated malicious code. Such malicious code comprises a deobfuscation portion that deobfuscates the obfuscated portion during runtime to generate deobfuscated malicious code. The techniques described herein deterministically detect and suspend the deobfuscated malicious code when it attempts to access memory resources that have been morphed in accordance with embodiments described herein. This advantageously enables the deobfuscated malicious code to be suspended at its initial phase. By doing so, the malicious code is not given the opportunity to delete its traces in memory regions it accesses, thereby enabling the automated exploration of such memory regions to locate and extract runtime memory characteristics associated with the malicious code.

Abstract: Disclosed are systems and methods for passively authenticating users of a native application running on a mobile communications device. The user may be applying for a service, product, access, etc. from a provider computing system. A unique device identifier of the device may be acquired and provided to a first computing system. A mobile telephone number associated with the device may be received at the device. User information may be accepted from the user via a user interface of the device for entry into a set of fields. The mobile telephone number may be verified by determining, via a second computing system that is different from the first computing system, that the mobile telephone number is associated with the user information. The service/product/access for the user may be approved in response to verification of the mobile telephone number. The user may be authenticated without challenge questions.