Abstract: Described herein are systems and methods for verifying the integrity of data, such as data used for training machine learning models. Some implementations are directed to verifying the provenance of datasets, the contents of datasets, or both. In some implementations, multiple filters are selected for verifying the contents of datasets. Filters can be selected based on rules, random selection, or using a machine learning model in some implementations. In some implementations, data cleaning is provided.

Abstract: A communication system including a host computer is provided herein. The host computer may include processing circuitry configured to provide user data and a communication interface configured to forward the user data to a cellular network for transmission to a user equipment (UE). The cellular network comprises a base station having a radio interface and base station processing circuitry. The base station processing circuitry configured to store a previously active security context for the UE, receive from the UE an RRCResumeRequest message including a security token, generate a temporary security context for the UE, use the temporary security context to verify the security token, send an RRC message to the UE, if no response to the RRC message is received from the UE, discard the temporary security context and retrieve the previously active security context. Thereafter, the base station transmits the user data for a host application.

Abstract: Receiving a first request message from a first apparatus through a first secure channel, where the first request message includes an identifier of an electronic control unit of a vehicle; obtaining a first key based on the identifier and security information of the first secure channel; and establishing a second secure channel with the electronic control unit based on the first key, where the second secure channel is used for communication between a cloud server and the electronic control unit.

Abstract: Techniques for real-time updating of encryption keys are disclosed. In the illustrative embodiment, an encrypted link is established between a local and remote processor over a point-to-point interconnect. The encrypted link is operated for some time until the encryption key should be updated. The local processor sends a key update message to the remote processor notifying the remote processor of the change. The remote processor prepares for the change and sends a key update confirmation message to the local processor. The local processor then sends a key switch message to the remote processor. The local processor pauses transmission of encrypted message while the remote processor completes use of the encrypted message. After a pause, the local processor continues sending encrypted messages with the updated encryption key.

Abstract: In some instances, a method for verifying communication paths is provided. The method comprises: obtaining, from a first user device, a request to access content associated with a relying party system, wherein the request indicates user credentials and a first session identifier (ID); obtaining one or more quick response (QR) codes and a second session ID associated with a first QR code of the one or more QR codes, wherein the relying party system generates and provides the first QR code to the first user device; and verifying the first session ID and the second session ID, wherein the relying party system grants the first user device access to the requested content based on the verification.

Abstract: A proof of authenticity of a website presentation includes a presentation being retrievable from the local storage of the web browser. The presentation is presented together with the main presentation retrieved from the website, thereby the presentation proves authenticity of the main presentation with the first website (10B).

Abstract: A system and method for evaluating definitions from a markup language document for agentless host configuration of an image in a virtualized computing environment generates an instruction to deploy a virtual instance based on a base image, the virtual instance including a disk. The method further includes generating an inspectable disk based on the disk of the virtual instance; receiving a markup language document, the document including a plurality of definitions, each including a data element; inspecting the inspectable disk for a cybersecurity object corresponding to a data element of a first definition of the plurality of definitions; evaluating the first definition based on the cybersecurity object to generate an evaluated first definition result, in response to determining that the definition is evaluable; generating an output based on the evaluated first definition result; and generating the output based on a notification, in response to determining that the definition is unevaluable.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network risk assessment. One of the methods includes obtaining information describing network traffic between a plurality of network devices within a network. A network topology of the network is determined based on the information describing network traffic, with the network topology including nodes connected by an edge to one or more other nodes, and with each node being associated with one or more network devices. Indications of user access rights of users are associated to respective nodes included in the network topology. User interface data associated with the network topology is generated.

Abstract: A system and method for evaluating definitions from a markup language document for agentless host configuration includes generating an inspectable disk based on a disk of a host, the host deployed in a virtualized computing environment. The system is configured to: receive a markup language document, the markup language document including a plurality of definitions, each definition including a data element; inspect the inspectable disk for a cybersecurity object corresponding to a first data element of a first definition of the plurality of definitions; evaluate the first definition further based on the cybersecurity object to generate an evaluated first definition result, in response to determining that the definition is evaluable; generate an output based on the evaluated first definition result; and generate the output based on a predetermined notification, in response to determining that the definition is unevaluable.

Abstract: Systems and methods are provided for vulnerability proofing the administration of hardware components of an IHS. A proposed configuration for a hardware component of the IHS is detected. Multiple catalogs specifying known vulnerabilities of hardware components are accessed, such as a catalog of known vulnerabilities provided by a manufacturer of the hardware component and such as a catalog of known vulnerabilities provided by a manufacturer of the IHS. The proposed configuration of the hardware component is evaluated as being vulnerable in the first catalog and also in the second catalog. If the proposed configuration is identified as vulnerable in either the first catalog or in the second catalog, the hardware component is disabled until the proposed configurations for the hardware component are changed to include no configurations with vulnerabilities identified in either the first or second catalogs.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: receiving data center data; identifying unprotected sensitive data center data contained within the data center data; classifying the sensitive data center data contained within the data center data according to a sensitivity based classification; and, remediating the sensitive data center asset data according to the sensitivity based classification of the sensitive data center data.

Abstract: Systems and methods are provided for vulnerability proofing the launching of application instances by an IHS (Information Handling System). The launching of an application instance on the IHS is detected, where the application instance is launched using an application template that includes configurations for one or more hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. Hardware component configurations included in the application template are identified as vulnerable in one or more of the catalogs. If the application template includes configurations that are identified as vulnerable in the catalogs, launching of the application is prevented until the hardware component configurations within the application template are modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: generating a data tag for an object within a data center asset, the generating the data tag for the object associating a contextual meaning with the object; mapping the data tag to the object, the mapping the data tag to the object associating a data tag with the object; and, protecting the data tag to provide a protected data tag, the protecting the data tag ensuring that only an authorized user can manage an aspect of the protected data tag.

Abstract: A secure computing control method, a data packet processing method and device, and a system thereof are disclosed. The secure computing method may include: receiving a first data packet message for secure computing from a processor, the first data packet message including data packet information and secure computing configuration information corresponding to the data packet information; acquiring corresponding first data packet data from a memory according to the data packet information of the first data packet message; selecting a corresponding security algorithm according to the secure computing configuration information corresponding to the first data packet message; performing secure computing on the first data packet data by the selected security algorithm to generate secure computed second data packet data and a second data packet message corresponding to the second data packet data; transmitting the second data packet data to the memory; and transmitting the second data packet message to the processor.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: generating a request for a client identifier or an access token for access to a target application programming interface (API); obtaining an access policy associated with the target API; determining a least privileged API access permission based upon the access policy associated with the target API; and, using the client identifier or access token to access the target API when the least privileged API access permission allows access to the target API.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: submitting a request for a workload instance to a cloud service provider; establishing a secure communication channel between the cloud service provider and a data center monitoring and management console; exchanging information between the cloud service provider and the data center monitoring and management console via the secure communication channel, the information including a verifiable workload instance identity; and, using the verifiable workload instance identity to authenticate a workload instance provided by the cloud service provider.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: providing the data center asset to a data center asset purchaser; establishing a communication channel between an onboarding system and the data center asset; generating a request to a rendezvous service to generate a shared data center asset secret key for the data center asset; associating the shared data center asset secret key with the data center asset; and, providing authorization for the data center asset to be onboarded when the shared data center asset secret key generated by the rendezvous service matches the shared data center asset secret key associated with the data center asset.

Abstract: The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: embedding a unique identifier within a data center asset, the unique identifier including a signed certificate; providing the data center asset to a customer; establishing a secure communication channel between an onboarding system and the data center asset, the secure communication channel using the signed certificate; exchanging information between the onboarding system and the data center asset via the secure communication channel, the information including a data center asset ownership voucher; and, using the data center asset ownership voucher to associate the data center asset to the customer.

Abstract: A system, method, and computer-readable medium for performing a security operation.