Abstract: In some implementations, a first device may connect to a network, wherein the first device is associated with a first application that is associated with a service provider. The first device may detect that a second device connected to the network is associated with a second application that is associated with the service provider. The first device may receive, from the second device, identification information associated with the second device. The first device may transmit, to a third device associated with the service provider, the identification information associated with the second device. The first device may receive, from the third device, authentication information permitting the first application to operate on the network based on the third device receiving the identification information associated with the second device.

Abstract: A network environment includes a message-processing resource that receives a communication originated by a communication device and transmitted from the communication device over a wireless communication link. By way of non-limiting example, the communication can be a request for retrieval of content from server resource disposed in the network environment. The message-processing resource processes the communication transmitted over the wireless communication link to identify a network address assigned to the communication device. The message-processing resource maps the network address to corresponding status information associated with the communication device.

Abstract: A method is described that includes receiving source code corresponding to a program to be loaded on a processing device, generating a representation of the source code, generating a first authentication indication that indicates the representation is authentic and is based on the source code, generating a second authentication indication that indicates a build server generating the representation is authentic, the second authentication indication generated using an attestation operation and generating a modified representation including the representation, the first authentication indication, and the second authentication indication.

Abstract: A network device may receive a redundant identifier certificate associated with a redundant routing module, and may provide, to a bootstrap device, a primary identifier certificate associated with a primary routing module associated with the network device. The network device may establish a secure connection with the bootstrap device based on the bootstrap device verifying an authenticity of the primary routing module via the primary identifier certificate. The network device may provide, to the bootstrap device via the secure connection, a redundant routing module identifier associated with the redundant routing module and may receive, from the bootstrap device via the secure connection, a signed certificate chain associated with the redundant routing module. The network device may verify the signed certificate chain and may verify the redundant identifier certificate, associated with the redundant routing module, based on verifying the signed certificate chain.

Abstract: This application describes methods, mediums, and systems for verifying a device for use in a messaging system. Using the device verification procedures described, a messaging system can securely authorize new devices to send and receive encrypted messages on behalf of a user, preferably without the need to share a private encryption key between the users' different devices. The application describes several techniques that can be used to provide such a system, including distributing a computer-perceptible code that encodes encryption information between a secondary device and a primary device. This allows the information to be distributed without intervention by a server. Other techniques provide unique ways to build and reverify authorized device lists, distribute encryption keys in chat channels, ensure that lists of authorized devices are distributed in the correct order and remain valid for an appropriate amount of time, add new devices to an ongoing or new conversation, and more.

Abstract: An apparatus for secure multiparty computations for machine-learning is presented. The apparatus includes at least a processor and a memory communicatively connected to the at least a processor. The memory contains instructions configuring the at least a processor to submit a secure multiparty computation request onto an immutable sequential listing, wherein the secure multiparty computation request includes a contingent payment and an authenticity commitment of a first private dataset, receive at least a participant commitment from each participating device of a quorum of participating devices, generate a first localized model as a function of the first private dataset, and perform a joint training protocol as a function of the first localized model and a second localized model from the quorum of participating devices, wherein the joint training protocol includes generating a joint training datum.

Abstract: A method for identifying a malicious connection between a client device and a server includes obtaining handshake parameters for the client device and the server responsive to the client device initiating a connection with the server, generating a feature set by extracting features from the handshake parameters, predicting a maliciousness of the connection using a machine learning model, where the extracted features are provided as inputs to the machine learning model, and automatically initiating a corrective action if the connection is predicted to be malicious.

Abstract: One example method includes dynamically monitoring a stream of image portions that have been classified by a segmentation model of a video surveillance system, evaluating the image portions, based on the evaluating, determining that an attack on the video surveillance system is occurring, or has occurred, and implementing, or causing the implementation of, a remedial action with regard to the attack. The image portions may be image portions that have been classified by a segmentation model.

Abstract: Disclosed are a CPK-based digital bank, a digital currency and a payment method. The digital currency is a core component of the digital bank. The digital currency is realized by means of a CPK digital signature, and a payer provides an account authenticity certification, an amount authenticity certification and a fund allocation authenticity certification, thereby effectively preventing crimes inside or outside a bank. The digital currency directly takes an account identifier as an account number. The digital currency can be used in on-line operations, as well as off-line operations, thereby satisfying face-to-face trade requirements between a great number of retail accounts. The CPK digital bank is realized by means of a CPK chip without support of other devices, such that everyone can check the authenticity of the digital currency.

Abstract: A system and method for enhancement of device security using machine learning and a set of rules is provided. The system acquires log data from an electronic device configured to communicate data via a network. The system prepares a feature set based on the log data. The feature set corresponds to one or more parameters associated with a cybersecurity of the electronic device. The system determines security incidents associated with the electronic device based on at least one of an application of one or more incident detection rules and/or one or more ML models on the feature set. The system collects information associated with the determined security incidents and determines a set of measures to be implemented on the electronic device to mitigate or prevent issues associated with the security incidents. Thereafter, the system controls execution of the determined set of measures on the electronic device.

Abstract: A system for detecting Denial-of-Service (DoS) attacks on one or more user profiles collects a number of invalid sign-on attempts on the one or more user profiles during every time interval. The system determines a number of invalid sign-on attempts on every user profile since the start of the first time interval. The system detects a first DoS attack on a particular user profile if a first number of invalid sign-on attempts on the particular user profile exceeds a single-user profile. The system detects a second DoS attack on multiple user profiles during the first time interval if the increase in the total number of invalid sign-on attempts since the last time interval exceeds a scan-level threshold number. The system detects a third DoS attack on multiple user profiles if the total number of invalid sign-on attempts detected during combined time intervals exceeds a third threshold number.

Abstract: Blockchain systems operate over a network of computing devices. Proof of space blockchain consensus systems utilize data stored in storage devices across the computing devices within the network. These storage devices are utilized to generate and store proof of space consensus data. This data is then accessed at a later time to respond to challenges issued across the blockchain network. In order to limit successful submissions of these challenge responses, one or more filters are utilized. These filters result in only a fraction of the stored data on a storage device to be useable for solving the blockchain challenge. Attackers may attempt to circumvent this filter to increase their odds of submitting an approved solution to the blockchain challenge. In order to address this, additional data structures are stored within the storage device and are registered at the time of creation on the blockchain to make these filters more robust.

Abstract: A confidential computing (CC) apparatus includes a CPU and a peripheral device. The CPU is to run a hypervisor that hosts one or more Trusted Virtual Machines (TVMs). The peripheral device is coupled to the CPU and to an external memory. The CPU includes a TVM-Monitor (TVMM), to perform management operations on the one or more TVMs, to track memory space that is allocated by the hypervisor to the peripheral device in the external memory, to monitor memory-access requests issued by the hypervisor to the memory space allocated to the peripheral device in the external memory, and to permit or deny the memory-access requests, according to a criterion.

Abstract: Described are techniques for asset management using an asset management identification key. The techniques include populating, based on input to a front-end portal, a plurality of fields including a plurality of attributes and a serial number of a device. The techniques further include hashing each of the plurality of fields. The techniques further include hashing a contiguous sequence of the hashed plurality of fields to generate an asset management identification key. The techniques further include transmitting the asset management identification key to a blockchain and authenticating the device using the asset management identification key stored on the blockchain.

Abstract: Systems and methods for sending and receiving communications securely between a human interface keyboard and a computer terminal are described. In some embodiments, the keyboard includes a human interface display and a processor to encrypt keystrokes entered by a user. Synchronization between the keyboard and the computer terminal is maintained by the devices, by encrypting and decrypting a signal according to the same randomized negotiated ASCII CharSet, which is generated by the computer terminal.

Abstract: In a user credential control system, an access control server includes a token issuing unit that issues, to a service provider server, a token in which a user credential that can be acquired by the service provider server is described according to the company name and the type of a service of the service provider server described in an electronic certificate, a policy registration unit that registers a policy of an access authority of the service provider server to the user credential based on the company name or the type of the service of the service provider server, and a notification reception unit that, when the user credential of the user terminal has been changed, acquires the service provider server with the access authority to the user credential from a token according to the registered policy to notify the service provider server of the change of the user credential.

Abstract: A database system includes: a distributed processing apparatus 1; and a plurality of database apparatuses 2, in which the distributed processing apparatus 1 includes: a generation unit 12 that generates an execution plan for a query related to the database apparatuses 2 based on a security policy; a transmission unit 13 that divides the query in accordance with the execution plan and transmits instructions to the corresponding database apparatuses 2, the instructions including divided queries obtained by dividing the query and transfer destinations of execution results of the divided queries; and an output unit 14 that receives the execution result of the query, from the database apparatus 2, and outputs the execution result, the database apparatuses 2 each include an execution unit 22 that executes the divided query included in the instruction received from the distributed processing apparatus 1, and transmits the execution result to another database apparatus or the distributed processing apparatus serving

Abstract: A method of verifying resource protection statuses for resources for address-based resources may include receiving a request for verification of resource protection from a client device for an address-based resource. The request includes an address of a resource. The intermediate system is programmed to receive resource protection verification requests from a plurality of client devices, and to receive resource protection verifications from a plurality of resource protection systems that are in communication with the intermediate system. The method also includes determining that none of the resource protection systems in the plurality of resource protection systems currently protect the resource; retrieving information that is securely stored for the resource and a user associated with the request; and sending the information to one or more of the plurality of resource protection systems as a request to protect the resource.

Abstract: Methods and systems are described herein for a transfer authorization system that may monitor for transfer requests for secondary cryptographic addresses maintained for one or more primary cryptographic addresses. When a transfer request is received, the transfer authorization system may determine that the transfer request is for a secondary cryptographic address. Based on that determination, the transfer authorization system may determine that the source cryptographic address of the request is authorized to receive control of cryptographic tokens from the secondary cryptographic address and that the request is associated with the source cryptographic address. The transfer authorization system may then transfer control of one or more cryptographic tokens from an associated primary cryptographic address to the secondary cryptographic address, and upon the successful transfer, may also transfer control of the one or more tokens to the requestor.

Abstract: A system for providing forensic tracing of memory device content erasure and tampering is disclosed. The system uses a special command that enables forensic tracing in a secure memory device. Once the forensic tracing is enabled, firmware of the memory device tracks the data stored on the memory device. The command specifies whether the tracking and tracing is for the entire memory device or for a region of the memory device. The firmware confirms that the forensic tracing is enabled, and a target protection region is defined. Once an authenticated command for an operation to access, modify, or erase data of the memory device is received from a host, the system enables the operation to proceed. The system creates a trace of the operation and the metadata of the target region that is modified within a secure memory region of the memory device that is not addressable by the host device.