Abstract: A star topology network comprises a user device, a central gateway, and one or more sensor nodes added to the existing network. A communication between the user device and the central gateway is secured either based on public-key cryptography, symmetric-key cryptography, or by the use of a secure channel such as a wired communication. A request from the user device to the central gateway can be transmitted over the internet.

Abstract: A microcontroller comprising a first integrated circuit configured to receive power from a power supply comprising a second integrated circuit via at least one power input terminal and wherein at least one communication terminal provides for communication between the microcontroller and the power supply, wherein the microcontroller is configured to provide for encrypted communication between the power supply and the microcontroller based on a pre-shared encryption key, the encrypted communication configured to provide for authentication of the identity of the power supply and, if the power supply passes the authentication, the microcontroller is configured to operate in a normal mode and receive said power from the power supply, and if the power supply fails authentication, the microcontroller is configured to enter a tamper mode.

Abstract: A method of determining that a subject electronic device 1021 . . . N is counterfeit. The method involves delivering the web page component to a subject device 1021 . . . N in response to a request. The web page component is adapted to retrieve actual values of a plurality of attributes from the subject device 1021 . . . N. Reference values of the plurality of attributes are retrieved from a device property store 110 and the method determined that the subject device 1021 . . . N is counterfeit when at least one of the actual values of the plurality of attributes is different to the reference value of that attribute.

Abstract: A system on chip includes a host controller and a secure controller for securing communication between the system on chip and external devices accessing a memory controlled by a memory and an encryption/decryption module for encrypting and decrypting the data.

Abstract: An example operation may include one or more of generating, by a data management node, a profile token based on a data profile of a data provider (DP) node, receiving, by the data management node, a transaction request from a service provider (SP) node to access data from the DP node over a blockchain, acquiring, by the data management node, consent of the SP node based on the profile token, generating, by the data management node, a consent token based the consent of the SP node, and allowing access to data of the DP node by the SP node based on a verification of the consent token.

Abstract: A physically unclonable function (PUF) includes an array of differential PUF bits arranged in rows and columns, wherein each differential bit is located at an intersection of a row and a column, and includes a first PUF cell coupled to a corresponding first bit line and first source line and a second PUF cell coupled to a corresponding second bit line and second source line. The PUF includes a source bias transistor coupled between each corresponding first source line and a first power supply terminal and between each corresponding second source line and the first power supply terminal, wherein a gate electrode of each of the source bias transistors is coupled to a second power supply terminal, and a corresponding set of margin transistors coupled in parallel with each source bias transistor, wherein a gate electrode of each margin transistor is coupled to receive a corresponding margin setting control signal.

Abstract: Disclosed are systems and methods for encryption of an ephemeral layer of one or more containers. An exemplary method comprises detecting a container starting execution in an operating system, generating a temporary encryption key and storing the temporary encryption key in memory of a kernel of the operating system, creating an encrypted area as the ephemeral layer in a storage device, the encrypted area accessible only by the container, providing to the container access to the encrypted area, and responsive to stopping execution of the container, destroying the temporary encryption key.

Abstract: The disclosed computer-implemented methods for automatically recovering from malware attacks may include (1) saving, in response to determining that a reputation of a process is unknown, a backup copy of a file on a remote storage device prior to allowing the process to modify the file; (2) determining, after the process has modified the file, that the process is potentially malicious; and (3) restoring, in response to determining that the process is potentially malicious, the backup copy of the file from the remote storage device. The provided methods may automatically recover computers from ransomware attacks and other malware attacks which encrypt file systems. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A key ceremony application creates bundles for custodians encrypted with their passphrases. Each bundle includes master key share. The master key shares are combined to store an operational master key. The operational master key is used for private key encryption during a checkout process. The operational private key is used for private key decryption for transaction signing in a payment process. The bundles further include TLS keys for authenticated requests to create an API key for a web application to communicate with a service and to unfreeze the system after it has been frozen by an administrator.

Abstract: A method of processing malicious events in a network infrastructure determines features of malicious events detected by a firewall of an attack analyzer. Example features may indicate an origin of an attack, a target of the attack, or a type of a malicious event. The attack analyzer determines distances, e.g., using a non-Euclidean distance function, between features of a given malicious event and features of statistical distribution objects (SDOs). The SDOs describe clusters of previously detected malicious events. The attack analyzer may select one of the SDOs that has features similar to those of the given malicious event. The attack analyzer can update the SDOs by including an alert of the given malicious event with an existing cluster or generating a new cluster including the alert. The attack analyzer may transmit information describing the clusters of the SDOs to a management console.

Abstract: Method, device, and system of detecting a mule bank account, or a bank account used for terror funding or money laundering. A method includes: monitoring interactions of a user with a computing device during online access with a banking account; and based on the monitoring, determining that the online banking account is utilized as a mule bank account to illegally receive and transfer money. The method takes into account one or more indicators, such as, utilization of a remote access channel, utilization of a virtual machine or a proxy server, unique behavior across multiple different account, temporal correlation among operations, detection of a set of operations that follow a pre-defined mule account playbook, detection of multiple incoming fund transfers from multiple countries that are followed by a single outgoing fund transfer to a different country, and other suitable indicators.

Abstract: Apparatus and methods implement a physical unclonable function (PUF) from NAND operations. A NAND flash memory device may generate an unclonable natural random sequence of bits based on a threshold voltage of a plurality of cells in a memory cell array. The unclonable natural random sequence may be stored starting at an address of the memory cell array. A selected subsequence of the unclonable natural random sequence may be stored in a first set of data latches, and target data may be stored in a second set of data latches. The NAND flash memory device may generate a physical unclonable function (PUF) output by applying an XOR operation to the target data and the selected subsequence. The PUF output may be stored in a set of registers or provided to a memory controller to be used for secure applications such as secure identity detection and secure data transfer.

Abstract: The present teaching generally relates to detecting abnormal user activity associated with an entity. In a non-limiting embodiment, baseline distribution data representing a baseline distribution characterizing normal user activities for an entity may be obtained. Information related to online user activities with respect to the entity may be received, distribution data representation a dynamic distribution may be determined based, at least in part, on the information. One or more measures characterizing a difference between the baseline distribution and the dynamic distribution may be computed, and in real-time it may be assessed whether the information indicates abnormal user activity. If the first information indicates abnormal user activity, then output data including the distribution data and the one or more measures may be generated.

Abstract: Techniques are described related to for generating/distributing state machines that are implemented within a security zone to obtain private information from one or more resources within the security zone. In various implementations, an automated assistant client implemented by processor(s) within the security zone may receive a free form natural language query (“FFNLQ”) that is answerable using private information available from resource(s) within the security zone. Data indicative of the FFNLQ may be provided to a semantic processor outside of the security zone, and the online semantic processor may return a state machine that is implemented by processor(s) within the security zone to obtain the private information from resource(s) within the security zone. Based on the state machine and the obtained private information, natural language output may be generated and presented to convey information responsive to the FFNLQ.

Abstract: An integrated circuit and a method of configuring a plurality of integrated circuits are disclosed. Each integrated circuit comprises a cryptographic key specific to it. Each integrated circuit comprises a cryptographic key specific to it. Each cryptographic key can be generated on the respective integrated circuit using a physical unclonable function and data associated with the cryptographic key, e.g. a configuration message comprising instructions for generating the cryptographic key using the physical unclonable function. The cryptographic key specific to the integrated circuit is not stored on the integrated circuit. Each of the plurality of integrated circuits are configured using a data file that is encrypted with the respective cryptographic key specific to the integrated circuit, circuit.

Abstract: An equivalent circuit architecture and attendant methods for generating a physically unclonable function (PUF) response include a plurality of devices capable of generating a voltage output, a voltage source, and a microcontroller adapted to receive the voltage output from each device of the plurality of devices. The devices may be energy harvesting devices or sensors. The microcontroller is configured to determine an average peak voltage for predefined groups of the plurality of devices, to compare summation voltage values for the predefined groups, and from that information to output response values defining a 128-bit PUF response. The microcontroller determines a peak voltage of each device of the plurality of devices an equal number of times to generate the 128 bit PUF response value, this preventing biasing the response towards any individual device or group of devices.

Abstract: Examples associated with ransomware attack monitoring are described. One example includes a monitor module to monitor files stored on the system for sequences of file accesses that match a predefined pattern of file accesses. An investigation module is activated when a number of sequences of file accesses that match the predefined pattern exceeds a first threshold. The investigation module logs actions taken by processes to modify files. A reaction module pauses a set of processes operating on the system when the number of sequences of file accesses that match the predefined pattern exceeds a second threshold. The reaction module then identifies processes associated with a suspected ransomware attack based on the logging performed by the investigation module, and resumes legitimate processes.

Abstract: The disclosure discloses a method for defending control flow attacks. When a data processor gives a response to an interrupt routine, a return address and a binary key are input to an encryption circuit to be encrypted to obtain an encrypted return address, and the obtained encrypted return address is synchronously written into a stack of the data processor and an built-in register bank; when the response given to the interrupt routine by the data processor is finished, the encrypted return address is read from the tack of the data processor and the built-in register bank; afterwards, the two encrypted return addresses are decrypted by first and second decryption circuits respectively to obtain two decrypted return addresses; and the two decrypted return addresses are compared to draw a conclusion whether the data process suffers from a control flow attack, and data processor determines to continue or terminate the routine accordingly.

Abstract: Provided is a system and method for confidential string-matching and confidential deep-packet inspection. The method includes: receiving encrypted ciphertexts from a first computing device; windowing a text corpus and applying a hash; performing binning and splitting on the corpus set of hashes; performing batching on the binned and split corpus set of hashes; determining match ciphertexts by evaluating a homomorphic encryption circuit between the encrypted ciphertexts and the batched corpus set of hashes; and communicating the match ciphertexts to the first computing device, the confidential string matching determinable by the first computing device by: decrypting the match ciphertexts, determining from the decryption output, if the hash value for each pattern window matches the hash value for any corpus windows and if the matched windows are adjacent in the corpus.

Abstract: Methods and devices for accessing encrypted data on a computer device may include determining that a current device state of the computer device is locked. The methods and devices may include using a level two encryption key to encrypt data associated with at least one application while the computer device is locked. The methods and devices may include using a temporary decryption key in memory of the computer device to access level two encrypted data while the computer device is locked.