Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound ?0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound ?0 and a second bound ?1 from the Boolean shares to obtain z?B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z?B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound ?0 and second bound ?1.

Abstract: There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.

Abstract: Systems, computer program products, and methods are described herein for implementing device manipulation for counteracting facial recognition authentication security malfeasance. The present invention is configured to receive a request from a user via a client device to access an authentication subsystem to execute a facial recognition authentication for access to an application; initiate the facial recognition authentication on the client device in response to receiving the request; receive, from the client device, one or more external inputs in response to one or more authentication prompts; determine, using a machine learning subsystem, that at least one of the one or more external inputs is associated with a first preconfigured duress code; trigger, using a breach detection subsystem, a first set of security protocols; and execute, using the breach detection subsystem, a first set of predefined actions associated with the first set of security protocols.

Abstract: Examples of enrollment of virtual devices for unprivileged users are described. In some examples, a virtual device includes an enrollment agent, encrypted enrollment credentials, and a user mode privilege elevation component that elevates privilege of the enrollment agent. A privilege elevated token is created to include an administrative privilege of a local security authority service, and a security context of an unprivileged user account logged in to the virtual device. The enrollment agent is launched using the privilege elevated token rather than a user token of a user that is logged in. The enrollment agent decrypts the encrypted enrollment credentials based on administrative privilege of the privilege elevated token, and enrolls the virtual device with a management service using decrypted enrollment credentials.

Abstract: An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application.

Abstract: A processor with an elliptic curve cryptographic algorithm and a data processing method thereof are shown. The processor has a first register, storing a private key pointer pointing to a private key. In response to a single elliptic curve cryptographic instruction of an instruction set architecture, the processor reads a ciphertext input from a first storage space within a system memory, performing a decryption procedure using the elliptic curve cryptographic algorithm on the ciphertext input based on the private key obtained by referring to the first register to decrypt the ciphertext input and generate a plaintext output, and programming the plaintext output into a second storage space within the system memory.

Abstract: Systems, methods, and non-transitory computer readable medium disclosed herein relate to identity verification and authorization method. In one embodiment, the system can generate and send a message to a device associated with a user based on an initiated request from the user and a determination the user should be authenticated, wherein the message requests a content-based response from the user to authenticate the user. In another embodiment, the system can receive the content-based response from the user in reply to the message, wherein the content-based response comprises SMS (short message service) metadata, emoji, photo, video, audio, or a combination thereof. In another embodiment, the system can authenticate the user based on a determination of a confirmed match between the content-based response from the user and a response key preselected by the user.

Abstract: The present subject matter provides various technical solutions to technical problems facing ADS-B cyber-attacks. One technical solution for detecting and mitigating ADS-B cyber-attacks includes receiving extracting information from received ADS-B signals, detecting a cyber-attack based on a selected subset of ADS-B information, determining a detection probability, and outputting a ADS-B cyber-attack type and probability. This solution may further include determining and implementing a cyber-attack mitigation to reduce the probability or effect of the detected cyber-attack. These solutions operate based on current ADS-B receiver technology, and can be combined with existing ADS-B receivers to detect message injection attacks, modification attacks, and jamming attacks. The technical solutions described herein use machine learning (ML) algorithms and statistical models to detect anomalies in incoming ADS-B messages.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An arrangement of particles corresponding to the first entities and the second entities may be generated. Charges associated with the particles may be determined based upon the first network profile. The particles may be rearranged to a second arrangement of particles based upon the charges. One or more clusters of particles in the second arrangement of particles may be identified. One or more coalition networks associated with fraudulent activity may be identified based upon the one or more clusters of particles.

Abstract: Technology is shown for verifying a leaf certificate in a PM chain of trust involving receiving a leaf certificate signed by an intermediate certificate embedded in the leaf certificate. The intermediate certificate is extracted from the received leaf certificate and its public key used to calculate a signature for the received leaf certificate. The calculated signature is compared to a signature included in the received leaf certificate. The received leaf certificate is verified when the calculated signature matches the signature included in the received leaf certificate. The intermediate certificate can be included as a X.509 property of the leaf certificate.

Abstract: This application provides a voiceprint recognition method and device. The method includes: calculating, by an electronic device a first confidence value that an entered voice belongs to a first registered user, and calculating a second confidence value that the entered voice belongs to a second registered user. The method further includes: calculating, by another electronic device, a third confidence value that the entered voice belongs to the first registered user, and calculating a fourth confidence value that the entered voice belongs to the second registered user. A server determines, based on the first confidence value and the third confidence value, a fifth confidence value that a user is the first registered user, and determines, based on the second confidence value and the fourth confidence value, a sixth confidence value that the user is the second registered user.

Abstract: A method comprises: monitoring a data stream comprising a plurality of data events; identifying a data pattern comprising one or more of the plurality of data events; determining that at least one of the data events comprising the data pattern supports virtual card generation; determining that the at least one of the data events comprising the data pattern is performed using a physical card number at a geolocation; determining that at least one virtual number has been associated with profile data associated with a user; transmitting a notification comprising a request to generate a virtual number; and upon receipt of an approval of the request, executing a script to generate the virtual number and associate the virtual number with the geolocation.

Abstract: A system implemented on a server computer for managing digital certificates includes a certificate management agent module, a digital certificate processing module and a configuration module. The certificate management agent module processes requests to create a plurality of certificate management agents. Each of the certificate management agents is configured to manage a lifecycle of a digital certificate for a client electronic device. The digital certificate processing module processes requests from the certificate management agent module for digital certificates for the plurality of certificate management agents. The configuration module receives and processes configuration parameters for the certificate management agents and for the digital certificates.

Abstract: Systems, methods, and devices implement security operations in security platforms implemented across web servers and application servers. Systems include a first server including one or more processors configured to identify one or more patterns of malicious activity based, at least in part, on event information associated with a request and at least one of a plurality of custom parameters, and a second server including one or more processors configured to host an application accessed by the client device, wherein the first server is coupled between the client device and the second server and is configured to handle requests between the client device and the second server. Systems also include a database system configured to store application data associated with the application and the client device.

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine that an entity was granted an anomalous role assignment to a managed environment. The processor may also, based on the determination that the role assignment of the entity is anomalous, identify at least one indicator associated with the role assignment, determine an indicator value corresponding to the identified at least one indicator, and determine whether the indicator value exceeds a predefined threshold value. The processor may, based on a determination that the indicator value exceeds the predefined threshold value, output an alert indicating that the role assignment is suspicious.

Abstract: Techniques are described herein that are capable of provisioning a trusted execution environment (TEE) based on (e.g., based at least in part on) a chain of trust that includes a platform on which the TEE executes. Any suitable number of TEEs may be provisioned. For instance, a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information.

Abstract: A first address bus may be located in an upper layer of an integrated circuit that is associated with a memory and a memory controller. The first address bus may receive a first portion of a memory address. A second address bus may be located in a lower layer of the integrated circuit where the second address bus is to receive a second portion of the memory address. Furthermore, a data bus may be located in an intermediate layer where the data bus is to receive data corresponding to the memory address from the memory and may transmit the data to the memory controller. The intermediate layer may be between the upper layer and the lower layer. A layout of the signals of the data bus may vertically overlap with a layout of signals of the first address bus and a layout of signals of the second address bus.

Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie.

Abstract: Techniques for providing a securing platform for service provider network environments are disclosed. In some embodiments, a system/process/computer program product for providing a securing platform for service provider network environments includes communicating with an orchestrator and/or another network element on a service provider network to identify a subscriber with a new IP flow using a security platform; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

Abstract: A computer implemented method to identify a malicious database request including receiving a database query for retrieving data from a database; classifying the received query based on query instructions contained in the query to identify a class of query for the query, the class of query having associated attributes defining expected characteristics of queries of the class when executed by the database; monitoring characteristics of the received query executed to retrieve data from the database; and responsive to a determination that the monitored characteristics deviate from the expected characteristics, identifying the query as malicious.