Abstract: An always-listening-capable decoupled accessory for a computing device is disclosed. The accessory comprises an electronic sensor, configured to record user input comprising an utterance or gesture, and a gatekeeping module implemented by a processor, wherein all data received by the communications module based on data from the first electronic sensor passes through the gatekeeping module while a gatekeeping function is disabled, wherein no data based on data from the first electronic sensor passes through the communications module while the gatekeeping function is enabled, wherein all data input to the gatekeeping module is received via an exclusive input lead from the first electronic sensor, and wherein all data output from the gatekeeping module is transmitted via an exclusive output lead to a component other than the first electronic sensor. The processor determines that user input comprises a first input content and in response automatically transmits a message to the computing device.

Abstract: An always-listening-capable computing device is disclosed, comprising a camera for recording video of human actions, a module for communication with a remote server, and a gate-keeping module that, when enabled prevents the communication module from transmitting data external to the device. The device determines, based on the content of the video, a user desire or situation requiring human attention and transmits messages as appropriate for satisfying that desire or addressing that situation. Additional methods for handling user input directed to a recipient other than the device and for ensuring data security via controlling the device's network access are also disclosed.

Abstract: According to a first aspect of the present invention, therein is provided a method of determining or generating a unique identifier for a device, the device exhibiting quantum mechanical confinement, the method comprising: measuring a unique quantum mechanical effect of the device that results from the quantum mechanical confinement; and using the measurement to determine or generate the unique identifier.

Abstract: A method exchanges messages with different security classes between security-relevant devices. Key pairs containing a private key and a public key corresponding to the private key are assigned to each security class, wherein the keys and key pairs of each security class differ from each other. Each security-relevant device has all the public keys for decrypting messages for each security class and the relevant private keys for encrypting messages corresponding to a security class that is lower than or equal to the security class of the security-relevant device. Upon receipt, the security class for the message is identified by decryption by use of the public key.

Abstract: A document management system includes a memory for storing machine-readable code and a processor configured to execute the machine-readable code. The processor stores a first document, a first hash of the first document, and a first key in the memory. The first document is encrypted with the first key. The processor further receives a request for the first key. The request includes a second hash of a second document where the second document is purported to be a copy of the first document. The processor further compares the first hash to the second hash and sends the first key in response to the request when the first hash matches the second hash.

Abstract: Disclosed herein are system, method, and computer program product embodiments for secure data aggregation in databases. An embodiment operates by identifying a value column and a group column of a plurality of columns of a dataset. Two distinct group values of the group column are identified. A first group value is replaced with a first substitute value, and a second group value is replaced with a second substitute value. A value of the value column of each of the plurality of records and the substitute values are encrypted. The plurality of encrypted records are uploaded to a server.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.

Abstract: Technologies disclosed herein provide an apparatus comprising a sensor including a first processor configured to execute first instructions to identify, based on an index, a first encrypted key of a first set of encrypted keys, identify, based on the index, a second encrypted key of a second set of encrypted keys, and extract a first trusted symmetric key from the first encrypted key using a first decryption algorithm and a first decryption key. The apparatus further comprises a computing platform coupled to the sensor and including a memory element and a processor configured to execute second instructions stored in the memory element to receive the second encrypted key from the sensor and extract a second trusted symmetric key from the second encrypted key using a second decryption algorithm and a second decryption key, where the first trusted symmetric key matches the second trusted symmetric key.

Abstract: A method for processing a network service supported by a network infrastructure allowing virtualization of network functions. The network service is made up of a sequence, called an initial sequence, of at least one virtualized network function processing an incoming stream. The method includes: detecting an anomaly relating to the at least one virtualized network function; on the basis of the anomaly, detecting and identifying a network attack targeting the network service; identifying, in the initial sequence, at least one virtualized network function impacted by the attack; modifying the initial sequence so as to circumscribe the attack in such a way that the incoming stream is routed towards at least one virtualized network function, called the curative function, carrying out a processing of the incoming stream, called the malicious stream, as well as of functions implemented by the at least one virtualized network function impacted by the attack.

Abstract: System and method to produce an anonymized electronic data product having an individually-determined threshold of re-identification risk, and adjusting re-identification risk measurement parameters based on individual characteristics such as geographic location, in order to provide an anonymized electronic data product having a sensitivity-based reduced risk of re-identification.

Abstract: Disclosed are examples of searching for content associated with multiple applications. In various examples, a first application can obtain a search query and maintain a list of applications available to provide content. The first application can send a request to a second application identified in the list, the request including a key that indicates the first application is authorized to request the second application to search for content. The first application can obtain a search result from the second application based on the request and present the search result in a user interface in the first application.

Abstract: An interconnection unit includes a first connector configured to be coupled to an electronic device. There is a second connector configured to be coupled to a power station and to provide a path to the electronic device via the first connector. There is a low pass filter coupled between the first connector and the second connector and configured to allow the electronic device to receive power from the power station while maintaining data security of the electronic device.

Abstract: An anomaly detection method includes: extracting, for each of a plurality of learning packets obtained, all possible combinations of N-grams in the payload included in the learning packet; counting a first number which is the number of occurrences of each combination in the payloads of the learning packets; calculating, as anomaly detection models, first probabilities by performing smoothing processing based on a plurality of the first numbers; and when the score calculated for each of a plurality of packets exceeds a predetermined threshold that is based on the anomaly detection models stored in a memory, outputting information indicating that the packet having the score has an anomaly.

Abstract: An authorization code response is transmitted to a client, and the client uses a parameter included in the authorization code response and a parameter included in the authorization code response transmitted by a transmitting unit to verify that the authorization code response corresponds to an authorization code request.

Abstract: Implementations of the present specification include a computer-implemented method for achieving a consensus among a number of network nodes of a blockchain network. The blockchain network includes a primary node and one or more backup nodes. The method includes receiving a transaction request by the primary node, sending a number of first messages to the backup nodes by the primary node, receiving second messages from the backup nodes by the primary node, reconstructing the transaction request based on data in the second messages by the primary node, sending a third message to the backup nodes by the primary node, and executing the transaction request in response to receiving a predetermined number of third messages.

Abstract: Disclosed herein are a terminal apparatus, a server apparatus, and a method for FIDO universal authentication using a blockchain. The method includes sending, by the terminal apparatus, a FIDO service request for any one of FIDO registration, FIDO authentication, and FIDO deregistration for an application service provided by the server apparatus to the server apparatus; verifying, by the blockchain, a FIDO service response message, which is created as a result of local authentication of a user in the terminal apparatus in response to the FIDO service request; and processing, by the server apparatus, the FIDO service request based on whether the FIDO service response message is successfully verified by the blockchain.

Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.

Abstract: Systems and methods for using encryption keys to manage data retention are described. In one embodiment, the systems and methods may include receiving data such as user data from a host of the storage drive, encrypting the data using an encryption key, writing the encrypted data to the storage drive, and retaining the encrypted data on the storage drive based at least in part on a validity of the encryption key.

Abstract: Described is an automatic anomaly detector that receives a time-series of normal and abnormal activities that include features related to entities within a computing system. A feature coherence graph for the features is constructed, with the graph then clustered such that feature spaces of entities are expanded to include features that live within a same cluster but belong to separate entities. The feature spaces are unified by mapping representations of the features spaces into a Euclidean space of feature vectors. The feature vectors related to each feature are then aligned. Sets of clusters of related abnormal activities are then generated by regressing each feature vector over only those features that it possesses. The sets of clusters are used to detect anomalous behavior. The system then identifies a node within the computer system generating the anomalous behavior and initiates an action to minimize a threat posed by the node.