Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.

Abstract: A data-transmitting method of a handheld electronic device includes: detecting movement of a first handheld electronic device to generate a first motion data; receiving a broadcast signal, wherein the broadcast signal carries a source device data and a second motion data; comparing the first motion data with the second motion data; establishing a communication link to a second handheld electronic device according to the source device data when the first motion data matches the second motion data; and receiving a specific data from the second handheld electronic device or sending the specific data to the second handheld electronic device.

Abstract: A system and method for modification of a passcode for accessing the system are provided. The system includes a premises control unit. The premises control unit including control processing circuitry configured to: receive an expected code message, the expected code message instructing an initiation to monitor for an input from a user, receive a input code that is input by the user, determine whether the input code matches a predefined verification code, and if the input code matches the predefined verification code, cause transmission of a verification message to a monitoring server, the verification message indicating the input code matched the predefined verification code and triggering the monitoring server to allow a passcode for accessing the system to be modified.

Abstract: A tamper resistant element (TRE) in a device can operate a primary platform and support a “Smart Secure Platform”. The TRE may not keep time when electrical power is removed from the TRE. The device can receive (i) a certificate for an image delivery server (IDS) with a first timestamp and (ii) a signed second timestamp from a certificate authority, comprising a signature according to the Online Certificate Status Protocol (OCSP) with stapling. The device can forward the certificate and second timestamp to the TRE. The device can receive a ciphertext and an encrypted image from the IDS, where the ciphertext includes a third timestamp from a Time Stamp Authority (TSA), and forward the data to the TRE. The TRE can conduct a key exchange to decrypt the ciphertext. The TRE can compare the second and third timestamps to verify the certificate has not been revoked.

Abstract: Aspects of the present disclosure relate to retrospective memory analysis. In examples, a historical archive of memory images for an execution environment is maintained. A historical memory image of the historical archive may be evaluated according to a current set of known issues, rather than issues that were known at the time of the memory capture. Accordingly, it may be possible to determine when the execution environment was last in a good environment condition. As another example, it may be possible to determine whether a now-known issue has since been resolved (e.g., such that the issue would not be identified in the current execution environment). Thus, as compared to contemporaneous issue identification techniques, aspects of the present disclosure may be applied to any number of execution environments to enable retrospective identification of now-known issues that were, at least at the time of a memory capture, not known.

Abstract: A processing unit determines a first mapping relationship and a second mapping relationship, where the first mapping relationship indicates that an access rule of a first physical address is access forbidden, and the second mapping relationship indicates that an access rule of the first physical address is access allowed. The processing unit determines that a target mapping relationship is the first mapping relationship, sends a first access request to a memory control unit. The processing unit receives first exception information sent by the memory control unit, where the first exception information is sent when the memory control unit determines that the access rule of the first physical address in the target mapping relationship is access forbidden. The processing unit monitors a process based on the first exception information, switches the target mapping relationship; and re-sends the first access request to the memory control unit.

Abstract: Secure circuitry detects a latency between when an interrupt occurred and when the interrupt was released in correspondence with handling of the interrupt. The secure circuitry detects an interval between consecutive occurrences of the interrupt. In response to either or both of the latency exceeding a latency limit and the interval exceeding an interval limit, the secure circuitry performs an action.

Abstract: A method, a computer system, and a computer program product for security risk analysis is provided. Embodiments of the present invention may include collecting operational data. Embodiments of the present invention may include building pipelines. Embodiments of the present invention may include localizing security issues using the operational data on an unsupervised model. Embodiments of the present invention may include constructing a semantic graph using shift-left data. Embodiments of the present invention may include constructing a mapping between the operational data and the shift-left data. Embodiments of the present invention may include clustering collected datasets. Embodiments of the present invention may include creating an active learning cycle using ground truth.

Abstract: A method including receiving, at a VPN server from a user device during an established VPN connection between the VPN server and the user device, a data request for the VPN server to retrieve data of interest from a host device; utilizing, by the VPN server during the established VPN connection, a first exit IP address to transmit a query to the host device for retrieving the data of interest; determining, by the VPN server based on transmitting the query, that the first exit IP address is blocked by the host device; and transmitting, by the VPN server during the established VPN connection and based on determining that the first exit IP address is blocked, the data request to a secondary server to enable retransmission of the query to the host device by utilizing a second exit IP address is disclosed. Various other aspects are contemplated.

Abstract: A method, system, and computer program product to provide a synthetic device ID for a device is provided herein. The method includes receiving a request from the device to obtain a service from a vendor, where the device is associated with an internal device ID. The method further includes generating the synthetic device ID for the device and associating the device, the internal device ID, the vendor, and the synthetic device ID. The method also includes transmitting the synthetic device ID to the vendor, and internally tracking the request based on the association.

Abstract: An adaptive deception system is provided for defending a production network against cyber-attacks utilizing deception devices on the production network. The adaptive deception system includes a deception management system. The deception management system includes monitors for making observations regarding the deception devices including observations of an attacker's interaction with the deception device. The adaptive deception system further incudes a control system having sensors that receive the observations of the deception management system. The control system is configured to provide an adaption specification in response to the observations made. Actuators of the control system are activated in order to provide the adaption specification to the deception management system where monitors of the deception management system implement the specified adaption. Implementation of the adaption adapts the properties of the deception devices to interfere with the cyber-attacker.

Abstract: A host device, a storage device, and a method employ a vendor unique command (VUC) authentication system. The storage device includes a memory and a memory controller which includes a VUC authentication module and controls the memory. The VUC authentication module transmits first memory information about the memory to the host device, receives from the host device a one-time password generated by the first memory information, verifies the one-time password, and receives a vendor unique command from the host device when the one-time password is correct.

Abstract: Systems and methods are disclosed for authenticating a chunk of data identified in a query received by a data intake and query system. The data intake and query system receives a query that identifies a set of data and manner for processing the set of data, and identifies a chunk of data that is part of the set of data. The system generates a content identifier, such as a hash, of the chunk of data. The system further authenticates the chunk of data based on the generated content identifier and a content identifier stored by a distributed ledger system.

Abstract: To facilitate improved email and device security, embodiments of systems and methods include intercepting, by a processor associated with an entity, an internet request, where the internet request is produced by a link received in an email at a first computing device. The processor determines that the link is externally bound relative to an entity network. The processor determines an existence of a sandbox environment instance in a set of existing sandbox environment instances. The processor routes the link through the sandbox environment instance. The processor updates the sandbox log in the database based on the sandbox environment instance and the link. The processor causes to display on a screen of the first computing device a user interface for interacting with the link in the sandbox environment instance, and the processor logs activities associated with interacting with the link in a security log.

Abstract: In modern object-oriented programming, programs are written using typed objects like classes and instances that interact with one another via rules of composition, inheritance, encapsulation, message passing, and polymorphism. Some embodiments described herein can include a method for tokenizing such modern objects that maintains their interactive properties on a blockchain. It improves upon, and diverges from, the smart contract model used mainly on account-based blockchains today to create a generally-programmable token system that is native to UTXO-based blockchains, where individually-owned software objects interact with other software objects owned by other individuals. These tokenized objects are called jigs. Jigs, an abstraction like objects, enable applications to build their own digital assets that interact with other jigs from other applications. Jogs enable users to own their data as tokens and use their data independent of any one application's complete control.

Abstract: Methods and systems of segmenting computing devices in a wireless network having an access point broadcasting in a single domain are described. In an exemplary method, a request to join the wireless network is received from a computing device. The request is associated with an identifier. When the identifier is not associated with a virtual network within the wireless network, a virtual network is configured within the wireless network and the identifier is associated thereto and the computing device is assigned thereto. When the identifier is associated with an existing virtual network within the wireless network, the computing device is assigned to the existing virtual network.

Abstract: Two-way secure channels are provided between multiple services across service groups, where the certification is performed by a certificate authority associated with one of the service groups. One method comprises a first service providing a first handshake communication with a first token to a second service, wherein the first service obtains the first token by authenticating with an identity and access management service having a first certificate signed by a certificate authority, wherein the first handshake communication succeeds when the second service has a second certificate signed by the certificate authority, and wherein the second service obtains a second token by authenticating with the identity and access management service. The first service receives a second handshake communication from the second service with the second token.

Abstract: Disclosed are examples for providing functions to receive a media file to be stored in a media repository. In the examples, a location in the media repository may be assigned to the media file. A media file address in a blockchain platform may be assigned to the media file. Metadata including the assigned location in the media repository and the assigned media file address in the blockchain platform may be added to the media file. A media file hash value may be generated by applying a hash function to the media file including the metadata. The media file hash value may be included in a message and uploaded to the assigned media file address in the blockchain platform as a transaction in the blockchain. An indication that the media file is uploaded to the media repository may be delivered to a subscriber device from which the media file was received.

Abstract: A method for assessing a cybersecurity risk of a software object includes generating an abstract syntax tree (AST) for a software object, and determining that the AST is insufficient to identify, to a specified confidence level, a cybersecurity risk of the software object. In response to determining that the AST is insufficient to identify the cybersecurity risk of the software object, a graph convolutional neural network (gCNN) is executed, based on the AST, to produce a set of features for the AST and to produce a probability of maliciousness of the software object based on the set of features. A signal representing an alert is sent, based on the probability of maliciousness, if the probability of maliciousness exceeds a pre-defined threshold.

Abstract: An example operation includes one or more of encrypting, by a transport, received data based on a first biometric associated with an occupant, unencrypting, by the transport, the encrypted data, based on a verification of a second biometric, wherein the second biometric is a continuum of the first biometric, and providing, by the transport, the unencrypted data to the occupant.