Abstract: Technology is shown for verifying a leaf certificate in a PM chain of trust involving receiving a leaf certificate signed by an intermediate certificate embedded in the leaf certificate. The intermediate certificate is extracted from the received leaf certificate and its public key used to calculate a signature for the received leaf certificate. The calculated signature is compared to a signature included in the received leaf certificate. The received leaf certificate is verified when the calculated signature matches the signature included in the received leaf certificate. The intermediate certificate can be included as a X.509 property of the leaf certificate.

Abstract: This application provides a voiceprint recognition method and device. The method includes: calculating, by an electronic device a first confidence value that an entered voice belongs to a first registered user, and calculating a second confidence value that the entered voice belongs to a second registered user. The method further includes: calculating, by another electronic device, a third confidence value that the entered voice belongs to the first registered user, and calculating a fourth confidence value that the entered voice belongs to the second registered user. A server determines, based on the first confidence value and the third confidence value, a fifth confidence value that a user is the first registered user, and determines, based on the second confidence value and the fourth confidence value, a sixth confidence value that the user is the second registered user.

Abstract: A system implemented on a server computer for managing digital certificates includes a certificate management agent module, a digital certificate processing module and a configuration module. The certificate management agent module processes requests to create a plurality of certificate management agents. Each of the certificate management agents is configured to manage a lifecycle of a digital certificate for a client electronic device. The digital certificate processing module processes requests from the certificate management agent module for digital certificates for the plurality of certificate management agents. The configuration module receives and processes configuration parameters for the certificate management agents and for the digital certificates.

Abstract: Techniques are described herein that are capable of provisioning a trusted execution environment (TEE) based on (e.g., based at least in part on) a chain of trust that includes a platform on which the TEE executes. Any suitable number of TEEs may be provisioned. For instance, a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information.

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine that an entity was granted an anomalous role assignment to a managed environment. The processor may also, based on the determination that the role assignment of the entity is anomalous, identify at least one indicator associated with the role assignment, determine an indicator value corresponding to the identified at least one indicator, and determine whether the indicator value exceeds a predefined threshold value. The processor may, based on a determination that the indicator value exceeds the predefined threshold value, output an alert indicating that the role assignment is suspicious.

Abstract: Systems, methods, and devices implement security operations in security platforms implemented across web servers and application servers. Systems include a first server including one or more processors configured to identify one or more patterns of malicious activity based, at least in part, on event information associated with a request and at least one of a plurality of custom parameters, and a second server including one or more processors configured to host an application accessed by the client device, wherein the first server is coupled between the client device and the second server and is configured to handle requests between the client device and the second server. Systems also include a database system configured to store application data associated with the application and the client device.

Abstract: A method comprises: monitoring a data stream comprising a plurality of data events; identifying a data pattern comprising one or more of the plurality of data events; determining that at least one of the data events comprising the data pattern supports virtual card generation; determining that the at least one of the data events comprising the data pattern is performed using a physical card number at a geolocation; determining that at least one virtual number has been associated with profile data associated with a user; transmitting a notification comprising a request to generate a virtual number; and upon receipt of an approval of the request, executing a script to generate the virtual number and associate the virtual number with the geolocation.

Abstract: A first address bus may be located in an upper layer of an integrated circuit that is associated with a memory and a memory controller. The first address bus may receive a first portion of a memory address. A second address bus may be located in a lower layer of the integrated circuit where the second address bus is to receive a second portion of the memory address. Furthermore, a data bus may be located in an intermediate layer where the data bus is to receive data corresponding to the memory address from the memory and may transmit the data to the memory controller. The intermediate layer may be between the upper layer and the lower layer. A layout of the signals of the data bus may vertically overlap with a layout of signals of the first address bus and a layout of signals of the second address bus.

Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie.

Abstract: Techniques for providing a securing platform for service provider network environments are disclosed. In some embodiments, a system/process/computer program product for providing a securing platform for service provider network environments includes communicating with an orchestrator and/or another network element on a service provider network to identify a subscriber with a new IP flow using a security platform; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

Abstract: A computer implemented method to identify a malicious database request including receiving a database query for retrieving data from a database; classifying the received query based on query instructions contained in the query to identify a class of query for the query, the class of query having associated attributes defining expected characteristics of queries of the class when executed by the database; monitoring characteristics of the received query executed to retrieve data from the database; and responsive to a determination that the monitored characteristics deviate from the expected characteristics, identifying the query as malicious.

Abstract: A content distribution system includes content receivers that provide a plurality of blockchain databases that store transaction records associated with subscriber requests for content, and a computer system that processes those transaction records and enables authorized content receivers to output requested content.

Abstract: Aspects of the disclosure relate to dynamically controlling access to linked content in electronic communications. A computing platform may receive, from a user computing device, a request for a uniform resource locator associated with an email message. Subsequently, the computing platform may identify that the uniform resource locator associated with the email message corresponds to a potentially-malicious site. In response to identifying that the uniform resource locator associated with the email message corresponds to the potentially-malicious site, the computing platform may determine a risk profile associated with the request received from the user computing device. Based on the risk profile associated with the request, the computing platform may execute an isolation method to provide limited access to the uniform resource locator associated with the email message.

Abstract: A dynamic threat landscape to which computer resources of a specific enterprise are subject is tracked. Data feeds maintained by a security system of the enterprise are assessed. The effectiveness of data feed utilization by the security system is quantified, relative to the threat landscape. Threat detection rules deployed by the security system are assessed, and the effectiveness thereof by the security system is quantified. Processing capability of alerts generated by threat detection rules and threat response capability may also be assessed and quantified. The effectiveness of the security system as a whole is automatically quantified, based on the tracked threat landscape, the quantifications of the effectiveness of data feed utilization, threat detection rule utilization, processing capability of alerts generated by threat detection rules and/or threat response capability. Recommendations concerning more effectively protecting the enterprise against specific threats are output.

Abstract: A coherent detection-based high-speed chaotic secure transmission method includes: at a transmit terminal in a chaotic secure transmission system, optically coupling an optical chaotic carrier and transmission information by using an orthogonal basis to mask the transmission information by using a noise-like feature of the chaotic carrier, so as to obtain a chaotic masked signal; adding a fast phase disturbance and a fast polarization disturbance to the chaotic masked signal and transmitting the chaotic masked signal over an optical fiber transmission link; and at a receive terminal, obtaining the chaotic masked signal through coherent detection, compensating the chaotic masked signal for linear and nonlinear effects through digital signal processing, and using a polarization orthogonal basis- or phase orthogonal basis-based chaotic decryption algorithm to separate the chaotic carrier from the signal so as to complete decryption.

Abstract: In an approach to a implementing a PUF based on a PCM array, for each PCM device in an array of PCM devices, the PCM device is reset to an initial state. A first conductance of the PCM device is measured. A predetermined number of partial set pulses is applied to the PCM device. A second conductance of the PCM device is measured. Responsive to determining that the second conductance is greater than the first conductance multiplied by a factor, a PUF value of the PCM device is set to logical “1”. Responsive to determining that the second conductance is less than the first conductance multiplied by a factor, a PUF value of the PCM device is set to logical “0”. The PUF value of the PCM device is added to an overall PUF string for the array of PCM devices.

Abstract: In some aspects, the disclosure is directed to methods and systems for providing an architecture for building high performance silicon components that support a rich set of networking and security features. In many implementations, the architecture splits network and security functions into two functional and logical blocks (which may physically be on the same die or integrated circuit in some implementations, or may be split on separate integrated circuits). The network functions may be executed via an integrated network interface card and accelerator subsystem with a high throughput execution pipeline. Security functions may be executed asynchronously from the network processing functions, in many implementations.

Abstract: A node for a VSAN includes a BMC, a processor, and a plurality of VSAN objects. The processor instantiates a Cluster Membership, Monitoring, and Directory Service (CMMDS) and a BMC Service Module (SM). The CMMDS implements a Security Policy and Data Model (SPDM) architecture. The CMMDS determines an inventory list of the VSAN objects and a SPDM authentication state for each of the objects, and provides the inventory list and the SPDM authentication states to the BMC SM. The BMC SM provides the inventory list and the SPDM authentication state to the BMC. The BMC determines that a first VSAN object is not authenticated based upon the SPDM authentication state of the first VSAN object, and directs the CMMDS to halt input/output (I/O) operations on the VSAN to the first VSAN object.

Abstract: Decryption of an RSA encrypted message encrypted with a public RSA key by receiving encrypted key share components computed by generating a private RSA key d and a RSA modulus integer N, where N and d are integers; splitting the private key into key shares, encrypting with a fully homomorphic encryption (FHE) algorithm each key share component by using a Fully Homomorphic Encryption secret key ps associated with a set Ss to generate the encrypted key share components of said secure RSA key, computing an intermediate value YS for each set SS from said encrypted key share components, such that said computed intermediate value is a part of the RSA decrypted message, under FHE-encrypted form, and decrypting the encrypted message by combining said computed intermediate values for all sets.

Abstract: Systems, computer program products, and methods are described herein for self-clustering computing protocols. The present invention is configured to detect, using a node analysis engine, a change in a network security protocol associated with a first node or device within a distributed network, and transmit instructions for the first node or device to broadcast the change to nearby nodes or devices such that they can act in concert to protect against identifies security issues.