Abstract: A method, system and product including communicating a first report associated with a first temporary identifier of a user device; upon receiving the first report from the user device, storing the first report with the first temporary identifier; communicating a message comprising a second temporary identifier of the user device; communicating a second report that is associated with the second temporary identifier of the user device, wherein the second report is not associated with the first temporary identifier; upon receiving from the user device a second report, storing the second report with the second temporary identifier, whereby the first report cannot be directly matched with the second report based on respective identifiers thereof.

Abstract: Techniques for borrow checking in hardware are described. The technology includes a memory to store a plurality of allocated objects, an allocated object referenced by a pointer; and a processor to execute a join instruction to create a group of pointers, by creating a group record for the group referenced by a group pointer and setting a group bit and ownership identifier (ID) of pointers of the group; and execute a transfer group ownership instruction to transfer ownership of the group, including pointers of the group, by verifying validity of the group and setting the ownership ID of pointers of the group when the group is valid.

Abstract: A method comprises: in response to detecting a new expression in a policy rule, updating a global version number to a new value; identifying a particular IP address that corresponds to an FQDN matching on the new expression; storing an entry comprising the particular IP address, the new expression, and an entry version number in a first data structure, the entry version number being assigned the new value; in response to detecting a new connection to a destination IP address: finding a matching entry in the first data structure corresponding to the destination IP address; determining whether the global version number matches the entry version number for the matching entry; and in response to determining that the global version number does not match the entry version number for the matching entry, sending update information to a slowpath process that associates an updated configuration information for the matching entry.

Abstract: One or more computing devices, systems, and/or methods for managing a firmware password of a User Equipment (UE) are provided. In an example, the UE determines that a first firmware password variable is indicative of a firmware password of a firmware of the UE. The UE transmits the first firmware password variable to a first computer for storage in a first dataset. The UE generates a password. The UE sets a second firmware password variable, in a second dataset stored on the UE, to the password. The UE transmits the second firmware password variable including the password to the first computer for storage in the first dataset. The UE sets the firmware password of the firmware of the UE to the second firmware password variable including the password.

Abstract: Aspects of the subject disclosure may include, for example, receiving, at a device, a message over a communication network from a remote source, determining if the message includes executable code and initiating a virtual machine in an isolated portion of the memory of the device responsive to the determining the message include executable code. Aspects of the subject disclosure further include executing, by the virtual machine, the executable code within the isolated portion of the memory, monitoring, by an artificial intelligence module, activities of the executable code during the executing the executable code and determining if the executable code comprises malicious code responsive to the monitoring activities of the executable code. Aspects of the disclosure further include deleting the executable code from the device in response to a determination that the executable code comprises malicious code. Other embodiments are disclosed.

Abstract: A cyber threat intelligence (CTI) gateway device may receive rules for filtering TCP/IP packet communications events that are configured to cause the CTI gateway device to identify communications corresponding to indicators, signatures, and behavioral patterns of network threats. The CTI gateway device may receive packets that compose endpoint-to-endpoint communication events and, for each event, may determine that the event corresponds to criteria specified by a filtering rule. The criteria may correspond to one or more of the network threat indicators, signatures, and behavioral patterns. The CTI gateway may create a log of the threat event and forward the threat event log to a task queue managed by a cyberanalysis workflow application. Human cyberanalysts use the cyberanalysis workflow application to service the task queue by removing the task at the front of the queue, investigating the threat event, and deciding whether the event is a reportable finding that should be reported to the proper authorities.

Abstract: A method for the secure interaction of a user with a mobile terminal and a further entity includes transmitting a secret or an image of the secret generated by a one-way function and an individual data from the user to a back-end, transmitting the image and the individual data from the back-end to a protected execution environment of a processor of the mobile terminal; notifying the user on a secure user interface of the mobile terminal, wherein the individual data is displayed to the user and wherein the user is authenticated with the secret, the user interacting with a secure element of the mobile terminal having a secure connection with the protected execution environment, via the secure user interface and the protected execution environment; and the secure element interacting with the further entity via a secured connection providing a complete security chain of all entities involved in the interaction.

Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.

Abstract: A device for authenticating a user is described that comprises a sensor configured to measure the movement of a user in response to the interaction of the user with a displayed image and controller circuitry configured to authenticate the user in response to a positive comparison between the movement of the user and a stored movement associated with the user.

Abstract: An apparatus is one of a plurality of apparatuses that participate in multi-party computation and the apparatus implements a protocol to perform zero-knowledge proof in secret-distribution-based multi-party computation. The apparatus includes an acquisition unit that acquires a share of data related to a matter to be certified, and an output unit that outputs an output share obtained as a result of performing calculation according to the protocol using the acquired share as an input. Verification in zero-knowledge proof can be performed using output shares collected from the plurality of apparatuses participating in the multi-party computation.

Abstract: Within an organization, numerous different persons can access data. But a user account with database access may be compromised, leading to data theft and data destruction. Database queries used to access data may vary in length, content, and formatting. Features of these queries can be extracted to train a machine learning classifier. Queries for users can be mapped to a vector space and when a new sample query is received, it can be assessed using the classifier to determine its level of similarity with previous queries by that user and other users. By analyzing the results of this assessment on the new query, it can be determined if this new query represents a data access anomaly—e.g. a particularly unusual query for a user, given his or her past, that may indicate user credentials have been compromised. When a data access anomaly exists, a remedial action may be take.

Abstract: The present invention analyzes the text of a received file to determine if the file likely is a forensic artifact of a ransomware attack on a computer system. If the computer system concludes that the file is likely an artifact of a ransomware attack, the system suspends or terminates all related processes, thereby minimizing the harm caused to the computer system.

Abstract: In one set of embodiments, each server executing a secure multi-party computation (MPC) protocol can receive shares of inputs to the MPC protocol from a plurality of clients, where each input is private to each client and where each share is generated from its corresponding input using a threshold secret sharing scheme. Each server can then verify whether the shares of the plurality of inputs are valid/invalid and, for each invalid share, determine whether a client that submitted the invalid share or a server that holds the invalid share is corrupted. If the client that submitted the invalid share is corrupted, each server can ignore the input of that corrupted client during a computation phase of the MPC protocol. Alternatively, if the server that holds the invalid share is corrupted, each server can prevent that corrupted server from participating in the computation phase.

Abstract: Handling a memory fault based on detecting whether a memory pointer was invalidated by a pointer authentication (PA) failure. After an access to a memory pointer causes a memory fault, detecting that the memory pointer was invalidated by a PA failure includes creating a new memory pointer by replacing reserved bits of the memory pointer with a default value, and determining that the new memory pointer corresponds to a memory address that falls within executable memory. This determination includes determining that the memory address is within an executable memory page, determining that a call instruction is stored at a prior memory address that immediately precedes the memory address, and/or determining that the memory address corresponds to a code section of an executable file. The PA failure is handled based on logging the PA failure, terminating the application program, and/or resuming execution at an instruction stored at the memory address.

Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.

Abstract: A tamper resistant element (TRE) in a device can operate a primary platform and support a “Smart Secure Platform”. The TRE may not keep time when electrical power is removed from the TRE. The device can receive (i) a certificate for an image delivery server (IDS) with a first timestamp and (ii) a signed second timestamp from a certificate authority, comprising a signature according to the Online Certificate Status Protocol (OCSP) with stapling. The device can forward the certificate and second timestamp to the TRE. The device can receive a ciphertext and an encrypted image from the IDS, where the ciphertext includes a third timestamp from a Time Stamp Authority (TSA), and forward the data to the TRE. The TRE can conduct a key exchange to decrypt the ciphertext. The TRE can compare the second and third timestamps to verify the certificate has not been revoked.

Abstract: A system and method for modification of a passcode for accessing the system are provided. The system includes a premises control unit. The premises control unit including control processing circuitry configured to: receive an expected code message, the expected code message instructing an initiation to monitor for an input from a user, receive a input code that is input by the user, determine whether the input code matches a predefined verification code, and if the input code matches the predefined verification code, cause transmission of a verification message to a monitoring server, the verification message indicating the input code matched the predefined verification code and triggering the monitoring server to allow a passcode for accessing the system to be modified.

Abstract: A data-transmitting method of a handheld electronic device includes: detecting movement of a first handheld electronic device to generate a first motion data; receiving a broadcast signal, wherein the broadcast signal carries a source device data and a second motion data; comparing the first motion data with the second motion data; establishing a communication link to a second handheld electronic device according to the source device data when the first motion data matches the second motion data; and receiving a specific data from the second handheld electronic device or sending the specific data to the second handheld electronic device.

Abstract: Aspects of the present disclosure relate to retrospective memory analysis. In examples, a historical archive of memory images for an execution environment is maintained. A historical memory image of the historical archive may be evaluated according to a current set of known issues, rather than issues that were known at the time of the memory capture. Accordingly, it may be possible to determine when the execution environment was last in a good environment condition. As another example, it may be possible to determine whether a now-known issue has since been resolved (e.g., such that the issue would not be identified in the current execution environment). Thus, as compared to contemporaneous issue identification techniques, aspects of the present disclosure may be applied to any number of execution environments to enable retrospective identification of now-known issues that were, at least at the time of a memory capture, not known.

Abstract: A processing unit determines a first mapping relationship and a second mapping relationship, where the first mapping relationship indicates that an access rule of a first physical address is access forbidden, and the second mapping relationship indicates that an access rule of the first physical address is access allowed. The processing unit determines that a target mapping relationship is the first mapping relationship, sends a first access request to a memory control unit. The processing unit receives first exception information sent by the memory control unit, where the first exception information is sent when the memory control unit determines that the access rule of the first physical address in the target mapping relationship is access forbidden. The processing unit monitors a process based on the first exception information, switches the target mapping relationship; and re-sends the first access request to the memory control unit.