Abstract: A data extraction system includes a registration apparatus, a data storage apparatus, and a query apparatus. The registration apparatus generates registration data including first information obtained by encrypting secret information, which is information that a user wishes to keep secret, by using a secret key and second information obtained by encrypting the secret key by using at least biological information of the user. The data storage apparatus holds the registration data. The query apparatus acquires the registration data by generating a query for acquiring the registration data from the data storage apparatus, extracts the secret key from the registration data by using biological information of the user, and extracts the secret information from the registration data by using the extracted secret key.

Abstract: A database protection system (DPS) detects anomalies in real time without reliance on discrete security rules, instead relying on a machine learning-based approach. In particular, a Bayesian machine learning model is trained on a set of database protocol metadata (DPM) that the system collects during its runtime operation. Typically, a set of DPM parameters is protocol-specific. The approach herein presumes that DPM parameters are not independent, and that their conditional dependencies (as observed from the database connections) can be leveraged for anomaly detection. To that end, the machine learning model is trained to detect dominant (repeating) patterns of connection DPM parameters. Once trained, the model is then instantiated in the DPS and used to facilitate anomaly detection by identifying connections that do not conform to these patterns, i.e. that represent unusual connection DPM parameters.

Abstract: An encrypted security system and associated methods for controlling physical access. The system includes a security server configured to receive a request for authentication from a mobile device, the request having information identifying the mobile device and a physical access control device. The security server forwards an encryption message having a plurality of unique identifiers to the physical access control device via the mobile device. The physical access control device is configured to authenticate the plurality of unique identifiers in the encryption message and operate an access control mechanism.

Abstract: A plurality of permissions associated with the on-demand computing services environment may be identified. Each of the permissions may identify a respective one or more actions permitted to be performed within the on-demand computing services environment. Each of the permissions may be granted to a respective one or more user accounts within the on-demand computing services environment. A degree of overlap between a first group of the user accounts granted a first one of the permissions and a second group of the user accounts granted a second one of the permissions may be determined. When the degree of overlap exceeds a designated threshold, a designated permission set that includes the first permission and the second permission may be created.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface; and instructions encoded within the memory to instruct the processor to: receive a uniform resource locator (URL) for analysis, the URL to access a web page via a remote server; via the network interface, retrieve from the remote server a copy of the web page; render the web page in a headless browser to provide a computer-accessible visual output; perform visual analysis of the visual output via a digital eye; compare the visual analysis to a plurality of known phishing target websites; and if the comparison identifies the web page as visually similar to a known phishing target website, detect the web page as a phishing web page.

Abstract: A method by one or more network devices for providing obfuscated code to web application clients. The method includes determining a configuration utilized by a web application client based on a header of a web application layer request generated by the web application client, selecting, for providing to the web application client with a web application layer response corresponding to the web application layer request, an obfuscated code from a plurality of obfuscated codes for the configuration utilized by the web application client, where the plurality of obfuscated codes for the configuration utilized by the web application client provide the same intended functionality but are obfuscated differently from each other, and providing the selected obfuscated code to the web application client with the web application response.

Abstract: Some embodiments disclose a method and apparatus for processing data, a computer device and a storage medium. A method can include: acquiring, by a cloud storage system, a series of slices obtained by dividing a to-be-stored file; encrypting, by the cloud storage system, each slice by using a different data key; and storing, by the cloud storage system, an encrypted data ciphertext.

Abstract: There is disclosed in one example an advertisement reputation server, including: a hardware platform including a processor and a memory; a network interface; and an advertisement reputation engine including instructions encoded in memory to instruct the processor to: receive via the network interface a plurality of advertisement instances displayed on client devices; extract from the advertisement instances an advertiser identifier; analyze one or more advertisements associated with the advertiser identifier to assign an advertiser reputation; and publish via the network interface advertisement reputation information derived from the reputation for the advertisement identifier.

Abstract: Methods and systems for obfuscating computer program code are disclosed. In an embodiment, a method of generating obfuscated binary code from input source code for execution on a target processor comprises: generating a set of random obfuscation transform selections; and iteratively optimizing the obfuscation transform selections until a termination criterion is met. The obfuscation transformation selections may comprise indications of custom instructions which are executable on the co-processor in order to reduce side channel leakage.

Abstract: The disclosed computer-implemented method for malware detection using localized machine learning may include (i) generating a global score for a file using a global machine learning model, (ii) generating a localized score for the file using a localized machine learning model, (iii) determining that the file is malware using the global score, the localized score, and the local conviction threshold, and (iv) in response to determining that the file is malware, performing a security action to protect the computing device against malware. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: There is provided a computer-implemented method of enhancing data privacy. One or more tensors of numeric data are determined, at a processor, in dependence on input data. A transform is determined in dependence on user-associated data, which may be user input or biometric data. Each of the one or more tensors of numeric data are transformed into at least two fragments of data by applying the transform. Each of the fragments of data obfuscates the numeric data. Each of the at least two fragments of data are stored separately at a respective geographically separated storage system.

Abstract: Some embodiments are directed to an electronic computation device (100) arranged for obfuscated execution of a multiplication. The device comprises a storage (120) arranged for storing multiple variables used in the execution of an arithmetic operation, a variable (x: y; 2) of the multiple variables being represented as multiple multiplicative shares (X=(x0, x1, . . . , xm?1); Y=(y0, y1, . . . , ym?1); 20), said multiplicative shares being represented in the storage as multiple additive shares (xi=(xi,0,xi,1, . . . , xi,n?1); Yi=(yi,0,yi,1, . . . , yi,n?1); 210, 220).

Abstract: Embodiments relate to data storage systems and data processing systems using a data hub, connector grid, and channel services. The systems can extract raw data from a plurality of source systems, and load and store the raw data at a data hub implemented by a non-transient data store. The systems can receive request to generate data for consumption and, in response, transmit generates data sets to channel services. The system can implement event detection and logging. The system can implement policy enforcement and identity management with access controls.

Abstract: An encrypted security system and associated methods for controlling physical access are described. The system includes a security server configured to receive a request for authentication from a mobile device, the request including information identifying the mobile device and a physical access control device. The security server forwards an encryption message including a plurality of unique identifiers to the physical access control device via the mobile device. The physical access control device is configured to authenticate the plurality of unique identifiers in the encryption message and operate an access control mechanism.

Abstract: An encryption device (10) is an encryption device in authentication encryption. A key generation unit (21) generates a key K of an encryption function E of a block cipher, in accordance with an initial parameter N. A hash calculation unit (22) calculates a hash value msk with an internal parameter ctr as an input. An encryption unit (23) generates a ciphertext c of the message m by using the encryption function E, with a key K generated by the key generation unit (21), a hash value msk calculated by the hash calculation unit (22), and a message m as inputs.

Abstract: A host processing device instructs a plurality of virtual data processing (VDP) accelerators, configured on each of a plurality of data processing accelerators. The VDP accelerators configure themselves for secure communications. The host device generates an adjacency table of each of the plurality of VDP accelerators. Then the host device then establishes a session key communication with each VDP accelerator and sends the VDP accelerator a list of other VDP accelerators that the VDP accelerator is to establish a session key with, for secure communications between the VDP accelerators. The VDP accelerator establishes a different session key for each pair of the plurality of VDP accelerators.

Abstract: There is disclosed in one example a computing system, including: a processor; a memory; and a memory encryption engine (MEE) including circuitry and logic to: allocate a protected isolated memory region (IMR); encrypt the protected IMR; set an access control policy to allow access to the IMR by a device identified by a device identifier; and upon receiving a memory access request directed to the IMR, enforce the access control policy.

Abstract: Provided is a method for computer-aided obfuscation of program code, wherein a plurality of calculation steps is implemented in the program code, wherein predetermined calculation steps of the plurality of calculation steps are retrieved in a predetermined order with the execution of the program code, and at least some of the predetermined calculation steps are predefined calculation steps in which a respective first table that is stored in the program code and includes of a plurality of digital first tabular values is accessed in order to read a first tabular value required for the respective predefined calculation step from the first table. As part of the obfuscation of the program code, a dynamic mask formed by a plurality of digital mask values is used, wherein, for any predefined calculation step, another mask value is used to replace the first tabular value from the first table with a second tabular value.

Abstract: A key management device for data encryption/decryption is provided. The key management device includes a static random-access memory (SRAM), a register, and a control circuit. The control circuit can set a key lookup table in the SRAM or the register, and manage a key database. The key database includes the SRAM and an one-time programmable (OTP) memory disposed outside the key management device, and the key database stores at least one key. The key lookup table includes a key number and metadata of each of the at least one key stored in the key database. According to a specific key number contained in a key read command or a key delete command from the processor, the control circuit reads or deletes a specific key corresponding to the specific key number in the key database.

Abstract: A system and method for providing authenticating user access to an access controlled device such as computers, mobile devices, or tablets. The present disclosures describes a novel method and system for eye tracking performed through the execution of computer software on a nontransitory computer-readable medium to measure neurological impulses through physiological expressions of the user. These measurements are unique to each user and therefore ideal for the use in the field of encryption and decryption. This novel system can potentially make mobile devices significantly more secure. Preferably, the system comprises a user interface and a camera.