Abstract: Described herein are techniques for managing replication in a data storage environment. The techniques including selectively compressing and selectively encrypting, by a production site, a set of files for replication from the production site to a remote site. Files can be selectively compressed based on a compression ratio satisfying a compression threshold, and files can be selectively encrypted based on a file content satisfying an encryption criteria. The techniques can further include updating, by the production site, metadata associated with selectively compressed files and updating metadata associated with selectively encrypted files. The techniques can further include replicating the set of files for replication from the production site to the remote site, the set of files for replication including the selectively compressed and the selectively encrypted files.

Abstract: Systems and methods for ensuring data privacy in a data sharing system are provided. A computer implemented method carried out at a host computing system includes: accessing a set of data from a data source including a true element and at least one spurious element so that the host computing system cannot differentiate between the elements to obfuscate the true element from the host computing system. The method includes: accessing a code which is executable on the set of data so as to output multiple results for the elements of the set of data; processing the set of data, including for each element: executing the code on the element to generate a result; computing a hash value of the element; and outputting the result in association with the hash value to a third-party computing system. A third-party computing system has access to the true hash value of the true element for identification of the result generated by execution of the code on the true element.

Abstract: Systems, computer program products, and methods are described herein for securely managing device communication. The present invention may be configured to provide, to another system, staging information including a digital certificate, a PIN, and a protocol for storing on a device, receive from the device a request to connect to an internal network after user input of the PIN, receive a digital certificate from the device, establish a wireless connection between the device and the internal network, and cause the device to delete the PIN. In some embodiments, the system is configured to permit communication from the device to the other system for a predetermined time window. In some embodiments, the system receives updates from the other system, via an external network, and the system sends the updates to the device, via the internal network.

Abstract: A method executing an instruction (300) to execute a query (q) for a data block (102) and determining whether the data block is stored in a block stash (370). When the data block is stored in the block stash during a download phase, the method includes removing the data block from the block stash, sending a fake query (304) to a distributed system (140) to retrieve a random data block stored in memory (114) of a distributed system (140), and discarding the random data block. When a current version of the data block is stored in the block stash during an overwrite phase, the method includes sending a fake query to the distributed system to retrieve another random data block stored in the memory of the distributed system, decrypting and re-encrypting the random data block with fresh randomness, and re-uploading the re-encrypted random data block onto the distributed system.

Abstract: A method includes receiving registration information regarding a telematics unit and a respective control system for a plurality of equipment pieces; receiving a seed from a control system of a first equipment piece via a telematics unit of the first equipment piece based on receiving a telematics session request by the control system of the first equipment piece; authenticating the telematics unit and the control system of the first equipment piece based on information included with the seed and the registration information; generating a first encrypted key and a second encrypted key based on the authentication; providing the first key to the telematics unit for the first equipment piece; and providing the second encrypted key to the control system of the first equipment piece via the telematics unit of the first equipment piece to establish a data communication channel.

Abstract: A subscriber identity module (eUICC), comprises profiles for the utilization of a mobile terminal that include at least a first profile and at least a second profile, of which the second profile (Pr1, Pr2) is devised as an active profile. The first profile is designed as a root profile (PrR) which in a normal state of the subscriber identity module is in an inactive state, and which is devised to be activated in response to an authentication command (AUTHENTICATE) received at the subscriber identity module. The authentication command is specially parameterized for the root profile (PrR) with a specific root value of the network parameter (P2) to be activated during a change-over period. The initially active second profile (Pr1, Pr2) is deactivated during the change-over period. After the end of the change-over period, the first profile (PrR) is again deactivated and the second profile (Pr1, Pr2) is again activated.

Abstract: A device includes a power button and a fingerprint sensor, where the power button is integrated with the fingerprint sensor. A method is applied to a process in which a user presses the power button to start up the device. The method includes obtaining fingerprint information acquired by the fingerprint sensor, and saving the fingerprint information. The method further includes obtaining a fingerprint authentication request. The method further includes providing the fingerprint information to perform fingerprint authentication to log in to an operating system of the device.

Abstract: According to certain embodiments, an authentication method of an electronic device, comprises responsive to detecting an external electronic device using a first communication circuit, transmitting first data to the external electronic device using a second communication circuit; determining whether a response to the first data is received; and when the response to the first data is received from the external electronic device, performing communication connection and authentication procedures with the external electronic device.

Abstract: A defense suite for an industrial control system (ICS) network is disclosed. The defense suite is installed and executed on a network server hosting the human-machine interface (HMI) function of the network, thereby gaining communication privileges of the HMI server to query and perform other operations with programmable logic controllers (PLCs) and other assets of the network. The defense suite further comprises a network protection engine (NWPE) that alerts a defense suite user of suspicious activity in the network. Normal behavior of the network is obtained by a learning engine, during a learning period. The learning engine can be reactivated after a configuration change in the network. The data suite also comprises an operating system protection engine (OSPE), for preventing removable devices from accessing the HMI server and a preventing execution of unauthorized executables. The OSPE is also trained for which programs are authorized through its own program discovery module.

Abstract: A communication device stores a first secret key and a first public key, and the on-vehicle authentication device stores a second secret key, a second public key and a signature verification key. The on-vehicle authentication device acquires the first public key, verifies the authenticity of the electronic signature using a signature verification key, encrypts the second public key using the authentic first public key and transmits the encrypted second public key. The communication device receives the encrypted second public key, decrypts the encrypted second public key using the first secret key, encrypts the first public key using the decrypted second public key. The on-vehicle authentication device receives the encrypted first public key, decrypts the encrypted first public key using the second secret key, and authenticates that the communication device is an authentic device when the decrypted first public key has been determined to be authentic.

Abstract: Example threat detection methods and apparatus are disclosed. One example method includes obtaining page code of a first display page group identified by a uniform resource locator (URL) and an overall size occupied by the first display page group in a display area of a browser of a Web sandbox when loading the URL in the browser. After preset dynamic code is injected into the page code of the first display page group, the page code is parsed and executed. A request message is sent when a value of a display variable is greater than or equal to a preset value, to request to obtain page code of a second display page group. A response message that carries the page code of the second display page group is received. It is further detected, in the Web sandbox, whether the page code of the second display page group carries attack code.

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of networks, a plurality of fraud-detection ECUs each connected to a different one of the networks, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a network connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The gateway device receives updated rule information transmitted to a first network among the networks, selects a second network different from the first network, and transfers the updated rule information only to the second network. A fraud-detection ECU connected to the second network acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: Provided is a method for checking the integrity of user data by a processor, which includes a method step for a first check value for the user data to be computed during a security-protected mode of operation. The method includes a further method step for the first check value to be stored in a security-protected memory module of the processor during the security protected mode of operation. The method includes a further method step for a second check value for the user data to be computed during a runtime mode. The method includes a further method step for the first check value to be compared with the second check value by the processor during the runtime mode. The method includes a further method step for a piece of control information to be provided by the processor during the runtime mode, wherein the control information includes a result of the comparing.

Abstract: Users have to assign labels to a ticket to route to right domain expert for resolving issue(s). In practice, labels are large and organized in form of a tree. Lack in clarity in problem description has resulted in inconsistent and incorrect labeling of data, making it hard for one to learn/interpret. Embodiments of the present disclosure provide systems and methods that identify relevant queries to obtain user response, for identification of right category and ticket logging there. This is achieved by implementing attention based sequence to sequence (seq2seq) hierarchical classification model to assign the hierarchical categories to tickets, followed by a slot filling model to enable identifying/deciding right set of queries, if the top-k model predictions are not consistent. Further, training data for slot filling model is automatically generated based on attention weight in the hierarchical classification model.

Abstract: The present disclosure generally relates to creating virtualized block storage devices whose data is replicated across isolated computing systems to lower risk of data loss even in wide-scale events, such as natural disasters. The virtualized device can include at least two volumes, each of which is implemented in a distinct computing system. Each volume can be encrypted with a distinct key, and an encryption service can operate to transform data “in-flight” on the replication path between the volumes, reencrypting data according to the key appropriate for each volume.

Abstract: A computer-implemented method, a device, and a non-transitory computer-readable storage medium of automatically determining an interactive GUI element in a graphic user interface (GUI) to be interacted. The method includes: detecting, by the processor, one or more candidate interactive GUI elements in the GUI based on a plurality of algorithms; determining, by the processor, a likelihood indicator for each of the one or more candidate interactive GUI elements, a likelihood indicator indicating the likelihood that a candidate interactive GUI element associated with the likelihood indicator is an interactive GUI element to be interacted; and determining, by the processor, an interactive GUI element to be interacted from the one or more candidate interactive GUI elements based on the likelihood indicators.

Abstract: An information processing apparatus includes a detection unit that detects a degree of inconvenience to a user who is a target of authority setting, and a setting unit that sets an authority of the user in accordance with the degree of inconvenience.

Abstract: Disclosed embodiments relate to encrypting or decrypting confidential data with additional authentication data by an accelerator and a processor. In one example, a processor includes processor circuitry to compute a first hash of a first block of data stored in a memory, store the first hash in the memory, and generate an authentication tag based in part on a second hash. The processor further includes accelerator circuitry to obtain the first hash from the memory, decrypt a second block of data using the first hash, and compute the second hash based in part on the first hash and the second block of data.

Abstract: The disclosure includes embodiments for an ego vehicle to detect misbehavior. According to some embodiments, a method includes receiving a V2X message from an attacker. The V2X message includes V2X data describing a location of an object at a target time. The method includes receiving a set of CPMs from a set of remote devices. The set of CPMs include remote sensor data describing a free space region within the roadway environment. The method includes determining a relevant subset of the CPMs include remote sensor data that is relevant to detecting misbehavior. The method includes determining, based at least in part on the remote sensor data of the relevant subset, that the object is not located at the location at the target time. The method includes detecting the misbehavior by the attacker based on the determination that the object is not located at the location at the target time.

Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.