Abstract: The present disclosure relates to implementations of physically unclonable functions (PUFs) for cryptographic and authentication purposes. Specifically, the disclosure describes implementations of machine learning engines (MLEs) in conjunction with PUFs generating outputs having multiple states.

Abstract: Periodically re-encrypting user data stored on a storage device, including: detecting that a data encryption key should be decommissioned; and for user data stored on the storage device that is encrypted with the data encryption key: reading the user data that is encrypted with the data encryption key from the storage device; re-encrypting the user data utilizing a current data encryption key; and writing the user data that is encrypted utilizing the current data encryption key to the storage device.

Abstract: A virtual card downloading method, and a terminal, and an intermediate device for virtual card downloading. A virtual card downloading method includes determining, by a terminal, a preset scenario condition, and reporting terminal information to a server when the preset scenario condition is satisfied, wherein the terminal information in configured to enable the server to create an account for the terminal and to associate the account with virtual card data. The method further includes accessing the server by the terminal and by using the account, and downloading, by the terminal from the server, the virtual card data associated with the account. The scenario condition is that the terminal establishes a communication connection to the server.

Abstract: Methods and systems described herein provide for protecting user information in an overlay service. Protecting user information may include redacting personally identifiable information (PII) from information that may be exposed to third parties. Additionally, protecting user information may include opening a second account on behalf of the user using a plurality of unique identifiers in lieu of information identifying the user. This protects users' identities and privacy as their assets are transferred between various institutions.

Abstract: Described herein are various technologies pertaining to generating an activity feed for an entity hosted at a file hosting server. The activity feed includes a plurality of entries that are representative of activities undertaken with respect to the entity over time.

Abstract: An electronic device is provided. The electronic device includes a memory configured to store an application and first unique information of the application, and at least one processor operatively connected with the memory. The at least one processor is configured to divide code of the application into a plurality of segments, select at least one segment among the plurality of segments, create second unique information in relation to the at least one segment, compare the first unique information and the second unique information, and determine whether the code of the application has been tampered with, based on a result of the comparison of the first unique information and the second unique information.

Abstract: Methods and systems are provided for validating a signature in a multi-tenant environment. A server or other computing device that is part of a distributed network may request a certificate collection from an identified tenant store. The requested certificate collection may be loaded in a virtual store that is accessible by the server or other computing device. The sever or other computing device may then access one or more certificates from the virtual store to validate a signature.

Abstract: A system and method are provided for the destruction of electronically stored information and/or components that incorporated sensitive technology or that contain sensitive information upon the occurrence of one or more predetermined events. The system and method of the present invention is particularly suited for the safeguarding of electronically stored information and/or classified technology in systems deployed in an operational environment. The system and method of the present invention be incorporated into drones, full size aircraft, any type of vehicle, mines, missiles, torpedos, bombs, phones, cameras, robots, satellites or other spacecraft, computers, hard drives, thumb drives, switches, routers, bugs, brief cases, safes, and generally any device that utilizes components on which sensitive data is stored or components that utilize technology that should only be accessed by authorized personnel.

Abstract: A hybrid computer network environment can include a first type of hosts and a second type of hosts. An apparatus adapted to receive requests for access to hosts obtains authenticators for accessing the hosts. The apparatus can further determine the type of the hosts and process the requests for access using a first type of authenticator for access to the first type of hosts and a second type of authenticators for access to the second type of hosts.

Abstract: In an aspect, an apparatus that includes a first security domain and at least a second security domain obtains, at a virtual machine of the first security domain, a stream identifier associated with the second security domain. The apparatus generates, at the virtual machine of the first security domain, a command to map the stream identifier associated with the second security domain to a first address translation context. The apparatus maps, at a hypervisor device, the first address translation context to a second address translation context that is associated with the second security domain of the stream identifier. The apparatus processes a stream of memory access transactions that includes the stream identifier based on at least the first address translation context or the second address translation context.

Abstract: A method of processing data includes at least one processor accessing a data storage unit, the data storage unit providing at least one input data object and at least one transmutation command to be performed on the at least one input data object. The at least one transmutation command operates in a forward mode on the at least one input data object to produce at least one output data object to be stored in a data storage unit.

Abstract: A method for verifying information of a first data item in a plurality of different data items stored on a server includes a) generating a hash tree, b) computing an authentication path for the first data item based on a recomputation of the hash tree, wherein an authentication path includes all siblings of tree nodes from the first data item to a root of the hash tree, c) recomputing the root-hash based on the first data item and a computed authentication path of the first data item and comparing the recomputed root-hash with the root-hash of the hash-tree of step a), d) determining a side element in leaves or a tree level above of the hash tree and its authentication path, and e) verifying the authentication path of the side element.

Abstract: A method for encrypting data when a device is offline is disclosed. In the method, a determination is made as to whether a successful connection with a remote server computer can or cannot be made. If a connection cannot be made, then data can be encrypted with an ephemeral public key. Later, then a connection is available, the encrypted data can be transmitted to the remote server computer for processing.

Abstract: Periodically re-encrypting user data stored on a storage device, including: reading user data stored on the storage device, wherein the user data is associated with a user-visible identifier; determining, from metadata associated with the user data, whether the user data is encrypted utilizing an expiring data encryption key; responsive to determining that the user data is encrypted utilizing the expiring data encryption key, re-encrypting the user data utilizing a current data encryption key; and writing the user data that is encrypted with the current data encryption key to the storage device, wherein the user data remains associated with the user-visible identifier.

Abstract: A system and machine-implemented method of wireless network access are provided. First network credentials for a first wireless network hosted by a wireless-enabled device are received from a server. A first network connection with the wireless-enabled device in the first wireless network is established based on the first network credentials. Second network credentials for a second wireless network are provided to the wireless-enabled device via the first network connection. A second network connection with the wireless-enabled device in the second wireless network is established based on the second network credentials.

Abstract: A span of responsibility access control system for use in plant process management and similar applications. The system leverages span-of-responsibility enabled user accounts and corresponding resource properties to assign, verify, and control access to assets and other resources in the plant process management system on a per user basis. Aspects of the system include configuration of properties for each monitored or controlled asset and association of a span of responsibility based on asset properties, such as asset type and location, with a user account. An access control module compares asset properties to the span of responsibility associated with the user account to determine whether the user is entitled to access any given asset, independent of determining permissions to act on such asset.

Abstract: A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.

Abstract: The present disclosure relates to implementations of physically unclonable functions (PUFs) for cryptographic and authentication purposes. Specifically, the disclosure describes implementations of machine learning engines (MLEs) in conjunction with PUFs generating outputs having multiple states.

Abstract: A device may receive a packet from a first endpoint that is destined for a second endpoint. The first endpoint may be hosted on the device. The device may determine whether a secure session exists between the first endpoint and the second endpoint. The secure session may permit encrypted traffic to be exchanged between the first endpoint and the second endpoint. The device may process the packet using a set of rules after determining whether the secure session exists between the first endpoint and the second endpoint. The device may encrypt the packet using security information associated with the secure session after determining that the secure session exists, or establishing the secure session when the secure session does not exist. The device may provide the packet toward the second endpoint after encrypting the packet.

Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.