Abstract: Techniques for implementing a read-only mode for a virtual TPM device are provided. In one set of embodiments, while operating in this read-only mode, the virtual TPM device will not generate, store, or allow the use of any security sensitive data, thereby avoiding the security risks arising out of replicating (e.g., cloning) a VM or VM template that includes the device.

Abstract: Disclosed is a unified access method applying a digital human being CodeChain, including: obtaining information corresponding to a first principal, and obtaining information corresponding to at least one further principal via a heterogeneous access route; identifying the Globe grid coding medium to obtain the information corresponding to the first principal: digital human being identification information of a partner corresponding to the industrial code server; a matter corresponding to the industrial code server and an Globe grid corresponding to the matter, wherein the Globe grid representing a right to share an income from the matter; and information representing association between the partner and the Globe grid and/or the digital human being identification information of the partner with the Globe grid.

Abstract: Techniques are disclosed to leverage co-located radios such as BLE and Wi-Fi radios to increase the security of BLE ranging and localization. In one aspect, a transmitting BLE device may use a co-located Wi-Fi radio to transmit signals to interfere with an intruding device's interception of BLE RTT packets. The obfuscating Wi-Fi transmission may overlap a BLE RTT packet in the time domain with or without overlapping in the frequency domain. In one aspect, the co-located Wi-Fi radio may transmit pre-determined signature Wi-Fi signals concurrently with the BLE RTT packets to a receiver with co-located BLE and Wi-Fi radios. The receiver may detect a change in the pre-determined relationship between the two types of communication to reveal an intrusion attempt. In one aspect, a co-located Wi-Fi radio may capture parts of BLE RTT packets concurrently with a BLE radio transmitting or receiving BLE RTT packets to detect an intrusion attempt.

Abstract: A system and method for quantile-based assessment and handling of digital events in a digital threat mitigation platform includes receiving, via an application programming interface (API), a request from a subscriber to assess a threat of a digital event, computing, using one or more threat scoring machine learning models, a digital threat inference based on one or more corpora of feature vectors associated with the digital event, wherein the digital threat inference includes an uncalibrated digital threat score, retrieving, from a database, a T-Digest data structure of historical digital threat scores of the subscriber, computing, using the T-Digest data structure of historical digital threat scores, a percentile-based threat score based on the uncalibrated digital threat score computed for the digital event, and executing an automated disposal decision computed for the digital event based on at least the percentile-based threat score satisfying automated decisioning instructions of the digital threat mitiga

Abstract: The disclosure includes a system and method in which one or more virtual resources are presented to a secure element; and the one or more virtual resources are mapped to available resources based on a model architecture for the secure element in order to provide hardware abstraction, the available physical resources varying based on the model architecture and an associated host device, the virtual resources allowing consistent interaction with the virtual resources regardless of variation in the physical resources available and their location. The hardware abstraction increases the versatility of the secure element and may contribute to the secure element's functionality. The secure element providing functionality to replace most items carried in an individual's pockets, e.g., logical and physical keys, a thumb drive, identification, credit and debit cards, etc.

Abstract: The disclosed computer-implemented method for protecting against credential theft by impersonator applications may include (i) identifying an ownership relationship between each of a group of applications and a group of websites, (ii) generating a preliminary list containing the applications identified as having the ownership relationship with the websites, (iii) determining missing ownership relationships for the applications and the websites in the preliminary list, (iv) updating the preliminary list with the missing ownership relationships to create a trusted list of applications and websites, and (v) performing a security action that protects against a credential theft attack by referencing the trusted list to detect potential impersonator applications attempting to steal user credentials. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A disaster recovery site storage array causes an instance of a host application or selected executables running on a host server to validate changes to an asynchronously updated replica of a storage object. Snapshots of the replica are generated before and after each set of changes to the replica are received from a remote storage array. Validation is performed by mounting snapshots to the instance of the associated host application and causing the host application instance to validate the data. If a snapshot is determined to be invalid, then the replica to recovered with the most recent known-valid snapshot. Alternatively, if each set of changes is validated prior to being applied to the replica, invalid changes are not applied to the replica. Unvalidated snapshots may be accumulated and validated independently from application of sets of changes to the replica, thereby decoupling validation from replication.

Abstract: The technology disclosed relates to a provenance system for tracing repurposing of targeted artificial intelligence (AI) systems. A training logic is configured to train an AI system on a training dataset that satisfies a target artist configuration by requiring that at least some training samples in the training dataset are sourced from a target artist, and to generate a trained version of the AI system (trained AI system). The target artist configuration characterizes a work of the target artist. The trained AI system is configured to construct an output that satisfies that target artist configuration. A deployment logic is configured to make available the trained AI system via a blockchain network. A provenance logic is configured to provide access to the trained AI system, and to validate that new outputs generated by repurposing the trained AI system satisfy the target artist configuration.

Abstract: A method is provided for watermarking a machine learning model. A sequence of bits is generated. The sequence of bits may be text characters divided into chunks. A selected plurality of input samples from training data is divided into subsets of input samples. All of the input samples of each subset of the subsets of input samples are labeled with a same first label in a problem domain of the ML model. Each chunk is combined with a subset of the labeled subsets to produce a plurality of labeled trigger samples. Each trigger sample of each set of the plurality of sets is relabeled to have a second label different from the first label and in the problem domain to produce a relabeled set of trigger samples. The ML model is trained with the training data and the relabeled trigger samples to produce a watermarked ML model.

Abstract: This disclosure relates to systems, methods, and data storage devices, such as a data storage device comprising a data path and a controller. The data path comprises a data port to transmit data between a host computer system and the data storage device. The data storage device registers with the host computer system as a block data storage device. A non-volatile storage medium stores encrypted user content data. A cryptography engine is connected between the data port and the storage medium and uses cryptographic key data to encrypt and decrypt user content data. The controller is configured to send the encrypted user content data for back-up storage external to the data storage device as encrypted by the cryptographic key data, and communicate with a user device over a communication channel that is different from the data path, to send the cryptographic key data for decryption of the encrypted user content external to the data storage device.

Abstract: Disclosed is a system for protecting electronic devices from counterfeiting and misuse. The system includes a hub unit and a smart switch. The hub unit includes a generator, a modulator and a first conductive surface. The smart switch is connected to sub-circuits and capacitively coupled to the hub unit. The smart switch includes a transmission gate, a second conductive surface, a rectifier, a buffer, a demodulator, and a latch. The smart switch receives switching instructions over an alternating electric field from the hub unit to operate the electronic device.

Abstract: In an embodiment, a method comprises: detecting, with at least one processor of a device, a presence of a protective apparatus associated with an item; generating, with the at least one processor, a log including data indicating the detected presence; and storing or transferring, with the at least one processor, the log to a server computer or other device.

Abstract: A federated permission management service provides clients with customized access to a data set using customized authorization metadata. The federated permission management service may define and apply permissions that are defined at a data lake that provides access to many different data sets from many different sources, as well as those permissions that may be defined at the source of the data set, which may be provided when performing a data sharing request. By allowing for permissions to be specified at the data lake in addition to permissions specified at a source of a data set, the permission management service can provide a fine-grained access control to specific objects of the data set, such as specific columns, specific rows, or specific cells of a database to be shared, even for those data sets in the data lake having different sources.

Abstract: A method for data acquisition, a device and a storage medium are provided. The method includes: determining a data identification intersection between databases of data providers, where the data identification intersection comprises data identifications that are same between the databases of the data providers; constructing a Bloom vector of a Bloom Filter according to the data identification intersection, and sending the Bloom vector to the data providers; receiving candidate data sent by the data providers, where the candidate data is data corresponding to a target data identification, and the target data identification is determined by the data providers from data identifications of respective databases through the Bloom Filter based on the Bloom vector; and selecting target data corresponding to the data identification intersection from the candidate data.

Abstract: In various embodiments supporting directional security, a user equipment (UE) may receive from a network device a noise resource allocation including an indication of a noise direction and a noise parameter, generate a noise signal based at least in part on the noise parameter, and transmit the noise signal in the noise direction while transmitting a communication transmission signal in a different direction from the noise direction. In various embodiments, a network device may determine a geographic zone of interest, select one or more reconfigurable intelligent surfaces (RISs) associated with the geographic zone of interest, selecting one or more noise transmitting UEs, control the one or more noise transmitting UEs to transmit at least one noise signal, and control the one or more RISs to steer the at least one noise signal into the geographic zone of interest.

Abstract: An intelligent gateway device provided at a premise (home or business) for providing and managing application services associated with use and support of a plurality of digital endpoint devices associated with the premises. The device includes a communications and processing infrastructure integrated with a peer and presence messaging based communications protocol for enabling communications between the device and an external support network and between the device and connected digital endpoint devices. A services framework at the gateway device implements the communications and processing infrastructure for enabling service management, service configuration, and authentication of user of services at the intelligent gateway. The framework provides a storage and execution environment for supporting and executing received service logic modules relating to use, management, and support of the digital endpoint devices.

Abstract: Aspects of the disclosure relate to enhancing hybrid traditional neural networks with liquid neural networks for cyber security and offense protection. A computing platform may receive a request to access enterprise organization data. The computing platform may compare the current request to previous requests to determine whether a similar request was previously processed. If a similar request was not previously processed, the computing platform may flag the request as a threat and may analyze the request. The computing platform may extract data from the request and may use the extracted data to generate rules, threat detection algorithms, and training models. The computing platform may use the rules, threat detection algorithms, and training models to train a deep learning neural network to identify and handle threats to an enterprise organization.

Abstract: Methods and apparatus to a login methodology. A method includes selecting a library of images stored in the computer device, setting nicknames for the selected library, uploading the selected library of images to the server, and generating a login account. A network includes a server including at least a processor and a memory, a computer device linked to the server, the computer device including at least a processor and a memory, the memory including at least an operating system and a login process, the login process including selecting a library of images stored in the computer device, setting nicknames for the selected library, uploading the selected library of images to the server and generating a login account.

Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.

Abstract: A computerized method is described for authenticating access to a subscription-based service to detect an attempted cyber-attack. More specifically, a request is received for a subscription for analysis of objects, which are supplied by a customer to a malware detection system. A customer identifier is assigned to the customer initiating the request for the subscription and a sensor associated with the customer is identified and an identifier of the sensor is associated with the customer identifier. Then, service policy level information pertaining to the subscription is associated with the identifier of the sensor, where the service policy level information includes a set of subscription attributes including object analysis restrictions.