Abstract: The present technology provides a method to regenerate secrets while a version of the system is operational, thus avoiding the loss of availability that would have resulted from a system shutdown. The technology described herein may work in a computing context that assigns a first secret in an active role and a second secret in the backup role. The technology described herein activates a second instance of the service with the key not being regenerated serving as the active key. The second instance is then moved to the production mode and the first version of the service is moved to the staging mode. A new secret is generated and then assigned to the first instance of the service while it runs in the staging mode. Once the secret rotation is complete, the primary service instance is then moved back to the production mode with the new key configuration.

Abstract: A system for generating a secure communication channel interface, the system including a computing device configured to transmit, to a user client device, a configuration packet uniquely identifying the computing device, receive, from the user client device, a confirmation authentication for the configuration packet, initiate a secure communication channel interface with the user client device, establish a security baseline parameter within the secure communication channel interface, wherein establishing a security baseline parameter includes capturing a baseline audiovisual measurement using an audiovisual capture device, detect a change in the security baseline parameter by detecting a change in relation to a baseline user environment landmark, and execute a mitigation action to prevent a security breach.

Abstract: A security device includes a physical unclonable function (PUF) cell array that includes a plurality of PUF cells connected with a first word line, a controller that selects a target PUF cell of the plurality of PUF cells and outputs a control signal based on the target PUF cell, a decoder that applies a first voltage to the first word line in response to the control signal, a bit line selection circuit that outputs a target current across a bit line connected with the target PUF cell and a sum current corresponding to a sum of currents across the remaining bit lines connected with other PUF cells, and a bit determiner that outputs a target bit of the target PUF cell based on the target current and the sum current, and the security device generates a security key based on the target bit for responding to an authentication requests.

Abstract: A system, a method, and a program for providing a virtual code, a virtual code generating device, and a virtual code verifying device are provided. The method includes receiving, by a virtual code verifying means, a virtual code from a virtual code generating means, extracting, by the virtual code verifying means, a plurality of detailed codes included in the virtual code, and searching for, by the virtual code verifying means, a storage location of a real code based on the plurality of detailed codes.

Abstract: Embodiments of the present disclosure provide systems, methods, and apparatuses for addressing the above problems through the use of access rules that involve analyzing historical access request result data for various data elements individually and in combination over a predefined time interval. An automated determination can be made for whether a transaction can be authenticated based upon the historical access request result data (e.g., ultimately, deciding whether the data element or set of data elements are associated with a valid access request).

Abstract: Systems and method are provided for determining a reliability of a physically unclonable function (PUF) cell of a device. One or more activation signals are provided to a PUF cell under a plurality of conditions. A PUF cell output provided by the PUF cell under each of the plurality of conditions is determined. A determination is made of a number of times the PUF cell output of the PUF cell is consistent. And a device classification value is determined based on the determined number of times for a plurality of PUF cells.

Abstract: Various embodiments are generally directed to providing authentication and confidentiality mechanisms for message communication over an in-vehicle network. For example, authentication data associated with a communicating node may be transmitted over the network by encoding different predefined voltage levels on top of the message bits of the message being communicated. Different voltage levels may represent different encodings, such as a bit-pair or any bit combination of the authentication data. In a further example, messaging confidentiality between at least two communicating nodes may be achieved by pseudo-randomly flipping, or scrambling, the dominant and recessive voltages of the entire message frame at the analog level based on a pseudo-random control bit sequence.

Abstract: Systems, computer program products, and methods are described herein for dynamic chaffing for log obfuscation based on shifting exposure portfolio. The present invention is configured to receive an event log from one or more sources associated with a resource, wherein the event log comprises one or more event records generated based on one or more action incidences; initiate a chaffing engine on the event log; generate, using the chaffing engine, one or more artificial records based on at least the one or more event records; tag the one or more artificial records and the one or more event records with one or more authentication codes; interleave, using the chaffing engine, the one or more artificial records and the one or more event records to generate an encrypted event log with one or more chaffed event records; and store the encrypted event log in an event database.

Abstract: A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q?1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd?48.

Abstract: Devices and techniques for authenticated modification of a storage device are described herein. A data transmission, received at an interface of the storage device, can be decoded to obtain a command, a set of input identifications, and a first signature corresponding to data identified by the input identifications. Members of the set of input identifications can be marshalled to produce an input set. A cryptographic engine of the storage device can be invoked on the input set to produce a second signature from the input set. The first signature is and the second signature are compared to determine a match. In response to the match, the input set can be written to a secure portion of the storage device.

Abstract: Techniques are disclosed for detecting adversarial attacks. A machine learning (ML) system processes the input into and output of a ML model using an adversarial detection module that does not include a direct external interface. The adversarial detection module includes a detection model that generates a score indicative of whether the input is adversarial using, e.g., a neural fingerprinting technique or a comparison of features extracted by a surrogate ML model to an expected feature distribution for the output of the ML model. In turn, the adversarial score is compared to a predefined threshold for raising an adversarial flag. Appropriate remedial measures, such as notifying a user, may be taken when the adversarial score satisfies the threshold and raises the adversarial flag.

Abstract: Provided is a digital fingerprint generator. The digital fingerprint generator includes: a control circuit, configured to generate a control word; a first pulse generation circuit, connected to the control circuit, and configured to output a first pulse signal in response to the control word; a second pulse generation circuit, connected to the control circuit, having a same structure as the first pulse generation circuit, and configured to output a second pulse signal in response to the control word; and an output circuit, connected to the first pulse generation circuit and the second pulse generation circuit, and configured to output a digital fingerprint based on the first pulse signal and the second pulse signal according to a predetermined first rule.

Abstract: Methods and systems for implementing security operations in an input/output (I/O) device are disclosed. In an embodiment, an I/O (Input/Output) device involves an I/O port, a host bus configured to be connected to a host, a data processing pipeline within the I/O device coupled to the I/O port and to the host bus to process and forward data between the I/O port and the host bus, and a hardware security module (HSM) within the I/O device coupled to the host bus and to the data processing pipeline, the HSM comprising a crypto engine configured to encrypt and decrypt data of the data processing pipeline, and a secure key storage coupled to the crypto engine containing encryption keys for use in encrypting and decrypting packets, wherein the secure key storage contains keys that are encrypted by the HSM and that are accessible through the HSM.

Abstract: An apparatus, method, and system for curtailing and investigating software piracy is provided. The method includes spawning user applications on a computer without use of a file on the file system. A protected application data source is retrieved by an operating system of the computer from a server and placed into a portion of memory not accessible by at least one application. The operating system also prevents the protected application data source from being written to the file system. In this manner there is no file subject to unauthorized distribution. The protected application data may also be watermarked by ordering at least one of executable functions, function call parameters, and program data according to a license identifier so that any two versions execute the same, but carry an identifier which can be used to trace piracy to the source.

Abstract: A control flow graph representing a plurality of controls is constructed, wherein each control comprises a measure taken to counter threats to an IT infrastructure. For each path through the control flow graph, a metric quantifying an efficacy of the controls along the path in countering the threats is calculated. A threat strength distribution for threats to the IT infrastructure is constructed. A visualization of an efficacy of a combination of the plurality of controls is generated, based on the metrics, the control flow graph, and the threat strength distribution. A weakness in the plurality of controls is identified, based on the visualization. The plurality of controls is modified based on the identifying.

Abstract: A method, system and product including obtaining a media stream depicting a real-time communication of a participant in a communication context; identifying the communication context; obtaining a personalized model of the participant when communicating in the communication context, wherein the personalized model is configured to identify a behavioral pattern of the participant; executing the personalized model on at least a portion of the media stream to determine whether a behavioral pattern of the participant in the media stream matches the behavioral pattern of the participant according to the personalized model; and upon identifying a mismatch between the behavioral pattern of the participant in the media stream and the behavioral pattern of the participant according to the personalized model, performing a responsive action.

Abstract: The present application discloses a key updating method and apparatus, a file sharing method and apparatus, a device, and a computer storage medium. The key updating method includes: acquiring a target root key and an auxiliary target root key; acquiring the identity information of a data owner of target data; acquiring a target timestamp when the target data is encrypted; acquiring a key generation parameter and an auxiliary key that are generated at a timestamp previous to the target timestamp; generating a target private key of the data owner on based on the key generation parameter and auxiliary key of the timestamp previous to the target timestamp, the identity information and the target timestamp, the key generation parameter generated at the timestamp previous to a starting timestamp being the target root key, the auxiliary key generated at the timestamp previous to the starting timestamp being the auxiliary target root key.

Abstract: The present application relates to a method and apparatus for intelligent wireless protocol optimization including storing, in a memory, a first customer key and a second customer key, receiving, by a processor, a secret key, decrypting, by the processor, the secret key using a first customer key to extract a master key, provisioning, by the processor, an electronic control unit in response to the master key, and deleting, by the processor, the second customer key in response to the provisioning of electronic control unit in response to the master key.

Abstract: Systems and methods for digitally encrypting sensitive, self-executing, digital content are provided. A method may include storing the digital content in an encrypted digital vault and generating a first password and a second password which together may unlock the digital vault. The method may include storing the first password on a first encrypted distributed ledger and the second password on a second encrypted distributed ledger. The method may include automatically updating the passwords periodically and storing the updated passwords as new entries on the distributed ledgers. When a document from a predetermined list of documents is digitally scanned and authenticated, the method may include unlocking access to the first password on the first distributed ledger for the designated entity. When the digital vault is unlocked with the first and the second passwords, the digital content may self-execute.

Abstract: Systems, methods, and computer-readable storage media for authenticating a user account with a synchronized content management system are disclosed. A synchronized online content management system may receive a request from a client device to access content in the content management system via a web browser that is running on the client device. The system may identify that a client-side application for the content management system has been installed on the client device and that the client-side application is already logged into a user account with the content management system. The system can cause the web browser to open a local host connection to the client-side application such that the web browser may be able to obtain from the client application some user account identifying information for the user account. The system can then cause the web browser to log into the user account by using the user account identifying information.