Abstract: An encryption device (10) is an encryption device in authentication encryption. A key generation unit (21) generates a key K of an encryption function E of a block cipher, in accordance with an initial parameter N. A hash calculation unit (22) calculates a hash value msk with an internal parameter ctr as an input. An encryption unit (23) generates a ciphertext c of the message m by using the encryption function E, with a key K generated by the key generation unit (21), a hash value msk calculated by the hash calculation unit (22), and a message m as inputs.

Abstract: There is disclosed in one example a computing system, including: a processor; a memory; and a memory encryption engine (MEE) including circuitry and logic to: allocate a protected isolated memory region (IMR); encrypt the protected IMR; set an access control policy to allow access to the IMR by a device identified by a device identifier; and upon receiving a memory access request directed to the IMR, enforce the access control policy.

Abstract: A host processing device instructs a plurality of virtual data processing (VDP) accelerators, configured on each of a plurality of data processing accelerators. The VDP accelerators configure themselves for secure communications. The host device generates an adjacency table of each of the plurality of VDP accelerators. Then the host device then establishes a session key communication with each VDP accelerator and sends the VDP accelerator a list of other VDP accelerators that the VDP accelerator is to establish a session key with, for secure communications between the VDP accelerators. The VDP accelerator establishes a different session key for each pair of the plurality of VDP accelerators.

Abstract: Provided is a method for computer-aided obfuscation of program code, wherein a plurality of calculation steps is implemented in the program code, wherein predetermined calculation steps of the plurality of calculation steps are retrieved in a predetermined order with the execution of the program code, and at least some of the predetermined calculation steps are predefined calculation steps in which a respective first table that is stored in the program code and includes of a plurality of digital first tabular values is accessed in order to read a first tabular value required for the respective predefined calculation step from the first table. As part of the obfuscation of the program code, a dynamic mask formed by a plurality of digital mask values is used, wherein, for any predefined calculation step, another mask value is used to replace the first tabular value from the first table with a second tabular value.

Abstract: A key management device for data encryption/decryption is provided. The key management device includes a static random-access memory (SRAM), a register, and a control circuit. The control circuit can set a key lookup table in the SRAM or the register, and manage a key database. The key database includes the SRAM and an one-time programmable (OTP) memory disposed outside the key management device, and the key database stores at least one key. The key lookup table includes a key number and metadata of each of the at least one key stored in the key database. According to a specific key number contained in a key read command or a key delete command from the processor, the control circuit reads or deletes a specific key corresponding to the specific key number in the key database.

Abstract: A system and method for providing authenticating user access to an access controlled device such as computers, mobile devices, or tablets. The present disclosures describes a novel method and system for eye tracking performed through the execution of computer software on a nontransitory computer-readable medium to measure neurological impulses through physiological expressions of the user. These measurements are unique to each user and therefore ideal for the use in the field of encryption and decryption. This novel system can potentially make mobile devices significantly more secure. Preferably, the system comprises a user interface and a camera.

Abstract: Disclosed herein are embodiment that are directed to a method comprising storing each encrypted data block, of a cyphertext page, with corresponding encrypted error correction code (ECC) bits in a persistent memory device (PMD). In exemplified embodiments, the encrypted ECC bits verify both an encryption counter value of an encryption operation and a plaintext block of the cyphertext page from a decryption operation. In other embodiments, the method includes decrypting, using the decryption operation during a read operation of a memory controller, a respective one block of the cyphertext file and the corresponding encrypted ECC bits stored in the PMD using a current counter value to form the plaintext block and decrypted ECC bits. Further, the may include verifying the plaintext block with the decrypted ECC bits; and performing a security check of the encryption counter value in response to the plaintext block failing the verification, using the decrypted ECC bits.

Abstract: A network device may receive network traffic for an application. The network device may determine a first classification for the network traffic according to a first classification technique. The first classification may identify the network traffic as relating to a particular application or an unknown application. The network device may determine a second classification for the network traffic according to a second classification technique. The second classification may identify the network traffic as relating to an unknown application of a particular type and identity. The network device may process, based on whether the first classification identifies the network traffic as relating to the particular application or the unknown application, the network traffic according to a first security policy associated with the particular application or a second security policy associated with the unknown application of the particular type and identity.

Abstract: Provided is a method for protecting an encrypted control word. The method includes: receiving a hardware security module entitlement management message and an encrypted control word transmitted from a main chip, where the hardware security module entitlement management message includes a key for decrypting the encrypted control word; decrypting, based on the hardware security module entitlement management message and a hardware security module root key stored in the hardware security module, the encrypted control word to obtain a control word; reencrypting the control word based on a re-encryption key stored in the hardware security module to obtain a reencrypted control word; and transmitting the reencrypted control word to the main chip, so that the main chip decrypts, based on a main chip entitlement management message transmitted from the front end, the reencrypted control word to obtain the control word.

Abstract: Provided are a method and device for performing authentication using a hardware security module (HSM) in a one machine-to-machine (oneM2M) environment. The method of performing authentication using an HSM in a oneM2M environment includes extracting a symmetric key stored in the HSM using a security application programming interface (API), generating a first value and a second value using the extracted symmetric key, and performing mutual authentication with an M2M enrolment function (MEF) server through transport layer security pre-shared key ciphersuites (TLS-PSK) using the first value and the second value.

Abstract: Certain aspects herein provide a system and method for performing behavior analysis for a computing device by a computing system. In certain aspects, a method includes detecting an event occurring at the computing device at a first time, determining, based on the detecting, an event category of the event, and collecting first one or more behaviors associated with the determined event category occurring on the computing device based. The method also includes comparing the first one or more behaviors with a dataset indicating one or more expected behaviors of the computing device associated with the event. Upon determining that at least one of the first one or more behaviors corresponds to an unexpected behavior based on the comparing, the method further includes taking one or more remedial actions.

Abstract: Systems and methods include a method for protecting data for a remote terminal unit (RTU) and providing audit trail information for forensics procedures. Monitoring is performed for conditions detected at an RTU that warrant a data protection operation at the RTU. The monitoring is performed by an instrumented security function (ISF) chip communicating with the RTU in a supervisory control and data acquisition system (SCADA) network. Upon determining that conditions are warranted, the data protection operation is initiated by the ISF chip. The system also provides audit trail information for forensics procedures upon detecting a threat in the vicinity of the RTU. The system invokes the forensics procedure by initiating the localization services (HBL) embedded as part of the RTU's disk apparatus triggered by a change to the disk apparatus such as a power disconnect or by receiving a security signal from the NAC or local occupancy sensors.

Abstract: In one example, an integrated circuit includes a register interface that includes a plurality of registers, a bus interface configured to monitor write requests transmitted to the register interface, where the write requests include a target address and data to be written. The bus interface is configured to receive the data to be written to the plurality of registers and register selection signals for selecting a respective register in the plurality of registers. The integrated circuit includes a monitoring circuit configured to monitor the register selection signals between the bus interface and the plurality of registers in order to determine when the data to be written to the plurality of registers is valid.

Abstract: Technologies for secure certificate management include a computing device that receives a keystore command related to an encryption key, converts the keystore command into an encrypted database command, unlocks an encrypted database stored by the computing device with an obfuscated passphrase, and executes the encrypted database command. The encrypted database includes a key table to store binary copies of encryption keys and a metadata table to store metadata related to the encryption keys. The computing device returns a response to the keystore command in response to executing the encrypted database command. The keystore command may be received and the response may be returned via a command-line interface or a machine-to-machine interface. The computing device may load multiple encoded passphrase segments from corresponding predetermined file system locations, decode the encoded passphrase segments, and compound the decoded passphrase segments to generate the passphrase.

Abstract: The present disclosure includes apparatuses, methods, and systems for verifying a vehicular identity. An example includes a processing resource, memory, and a vehicular communication component configured to verify an identity of the particular vehicle using a public key, wherein the public key is received in response to a departure of the particular vehicle, and request, in response to verifying the identity of the particular vehicle, data corresponding to information associated with the departure of the particular vehicle.

Abstract: Aspects of the present disclosure describe techniques for detecting anomalous data in an encrypted data set. An example method generally includes receiving a data set of encrypted data points. A tree data structure having a number of levels is generated for the data set. Each level of the tree data structure generally corresponds to a feature of the encrypted plurality of features, and each node in the tree data structure at a given level represents a probability distribution of a likelihood that each data point is less than or greater than a split value determined for a given feature. An encrypted data point is received for analysis, and anomaly score is calculated based on a probability identified for each of the plurality of encrypted features. Based on determining that the calculated anomaly score exceeds a threshold value, the encrypted data point is identified as potentially anomalous.

Abstract: The present disclosure provides systems and methods that reduce vulnerability of software systems (e.g., machine-learned models) to adversarial attacks by increasing variety within the software system. In particular, a software system can include a number of subcomponents that interoperate using predefined interfaces. To increase variety within the software system, multiple, different versions of one or more of the subcomponents of the software system can be generated. In particular, the different versions of the subcomponent(s) can be different from each other in some way, while still remaining functionally equivalent (e.g., able to perform the same functions with comparable accuracy/success). A plurality of different variants of the software system can be constructed by mixing and matching different versions of the subcomponents. A large amount of variety can be exhibited by the variants of the software system deployed at a given time, thereby leading to increased robustness against adversarial attacks.

Abstract: A telecommunication system of the type wherein a series of terminals are mutually connected through a server and of a data transmission network characterised in that the management and the control of data management within the network are furthermore provided, with a single device made up of a SOC (System on Chip) processor to which the required support peripherals are associated.

Abstract: A system for generating a hybrid token architecture for chaining authenticated interactions is provided.

Abstract: A system comprising a processor and a computer readable memory coupled to the processor, the computer-readable memory comprising computer program code executable by the processor to generate create a self-signed certificate, create a second certificate using the set of certificate generation parameters, the second certificate linked to the self-signed certificate, store the self-signed certificate in a certificate store of a first web browser; and store the second certificate in a local server certificate store to allow a local service to use the second certificate in a handshake to establish a secure socket connection with the first web browser in compliance with a mixed content security policy of the first web browser.