Abstract: A system with fault injection attack detection can include a circuit block; at least one independent power network; a detector coupled to the at least one independent power network to detect a change in a power characteristic of the independent power network; and sensors coupled to the at least one independent power network and located in an active layer of a chip with the circuit block. The sensors are responsive to at least one type of fault injection attack. In some cases, the sensors can be inverters.

Abstract: The disclosed computer-implemented method for preventing data loss from data containers may include (1) identifying, at a computing device, a process running in a data container on the computing device, (2) intercepting an attempt by the process to exfiltrate information from the computing device via at least one of a file system operation or a network operation, and (3) performing a security action to prevent the intercepted attempt. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed are an apparatus and a method for providing security and an apparatus and a method for executing security to protect a code of a shared object.

Abstract: A system and method consistent with the present disclosure allows for a single NMS system to manage data access and control for N number of customer domains and associated users. In particular, an NMS consistent with the present disclosure may include a configuration that partitions the optical communication system by domain. For each domain, partitioning can further define per-user access constraints and privileges including access to specific equipment by, for instance, fiber pair designation, wavelength designation, specifically identified hardware elements, component categories, or any combination thereof. The NMS system may utilize a proxy server approach to authentication, e.g., using RADIUS, that allows for each party/customer to maintain separate authentication databases and equipment-specific constraints.

Abstract: The present disclosure provides systems and methods for organizations to use security date to generate a risk scores associated with potential compromise based on clustering and/or similarities with other organizations that have or may have been compromised. For example, indicators of compromise can be used to create a similarity score rank over time that may be used as a similarity and risk measurement to generate a continual/dynamic score, which can change and/or be updated as new data is created or arrives to detect or prevent threats and/or malicious attacks.

Abstract: Systems, and methods are provided to provide cloud-based coordination of customer premise service appliances. A system can include a cloud-based service platform, which includes a coordination server and a cloud-based service appliance, and an on-premise service appliance. The coordination server is configured to establish a service session, select a service appliance, and control a sequence of operations on the selected service appliance. Establishing the service session can include establishing a service session with a first client in response to a service request received from the first client, the first client associated with an account including a service policy. Selecting the service appliance can include selecting the cloud-based service appliance or the on-premise service appliance, based on the service policy, to handle the service request.

Abstract: A method for enrolling a user of a vehicle to a first server, wherein the vehicle includes a system having at least a user interface. The method provides a wireless connection between the vehicle and the first server; sends user data to the first server in response to user actuation on the user interface; and receives at the user interface an enrollment confirmation from the first server.

Abstract: A device may obtain user activity data associated with a plurality of processes being run by the device, where the user activity data identifies user interactions with one or more user input devices, where the plurality of processes is associated with a plurality of process identifiers, and where the user activity data is associated with the plurality of process identifiers. The device may detect an attempt, initiated by a first process having a first process identifier, to access a data file of a file system, and may compare the first process identifier and the plurality of process identifiers to determine whether the first process is associated with a first user interaction included in the user activity data, and may selectively grant the first process access to the data file based on determining whether the first process is associated with the first user interaction.

Abstract: The present disclosure relates to techniques for automated and adaptive cloud security management. Embodiments provide for, at an electronic device configured to interface with a cloud computing environment, initiating one or more transactions in the cloud computing environment using a first identifier to cause a first service of the cloud computing environment to generate a first set of data including the first identifier and a second identifier, and a second service of the cloud computing environment to generate a second set of data including a third identifier and a fourth identifier. Embodiments also provide for automatically determining whether the first identifier corresponds to the third identifier, and, in accordance with a determination that the first identifier corresponds to the third identifier, associating the second identifier and the fourth identifier to generate a linkage between the first and second services.

Abstract: A medical device includes a network interface, a processor unit, a memory unit, an actuator physiologically acting on a patient and/or a sensor interface detecting a sensor signal indicative of a patient physiological parameter. The network interface receives a sender network identity data message, a sender authorization level and a sender change request to change an actuator operating parameter and/or a predefined alarm detection value. The memory unit provides a predefined minimum authorization level. The processor unit determines an actual authorization of the sender to change the operating parameter and/or to predefine a value on the basis of the sender authorization level and of the predefined minimum authorization level as well as to change the operating parameter as a function of the result of the determination and/or to perform a detection of an alarm generation state as a function of the indicated predefined value and of the sensor signal.

Abstract: A dynamic lockout technique for mobile computing devices is provided. A mobile computing device having a user interface in an active mode identifies foreign computing devices that are connected to a shared network. The mobile computing device determines determining that each foreign computing device is a recognized device, and in response, determines whether a paired device is in proximity to the mobile computing device based on a signal transmitted by the paired device. The mobile computing device maintains the active mode if the paired device is in proximity. The mobile computing device identifies a new foreign computing device that is connected to the shared network. The mobile computing device activates a lockout mode for the user interface while the paired device is in proximity to the mobile computing device if the new foreign computing device is an unrecognized device in proximity to the mobile computing device.

Abstract: A method for securing a recording of multimedia content in a storage medium of a first electronic device, the method including an encryption operation which consists of: for each item of multimedia content to be encrypted, generating a random key within the first electronic device; encrypting the multimedia content by the random key in order to obtain encrypted multimedia content; encrypting, by a user key, the random key so as to obtain a first encrypted random key; encrypting the first encrypted random key by a root key specific to the first electronic device in order to obtain a second encrypted random key; and storing the second encrypted random key and the encrypted multimedia content in the storage medium.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a trusted execution environment (TrEE) associated with a potentially untrusted requestor. In one aspect, a targeting protocol head may receive a request for protected data from a potentially untrusted requestor associated with a TrEE, and an attestation statement of the TrEE. The targeting protocol head may retrieve the protected data, and obtain a targeting key of the TrEE from, for example, the request in the case of clean room provisioning, or the attestation statement. The targeting protocol head may generate targeted protected data by encrypting the protected data with the targeting key, and provide the targeted protected data to the potentially untrusted requestor, where a private targeting key of the TrEE is required to decrypt the targeted protected data.

Abstract: An example operation may include one or more of creating, by a blockchain node, a validation database in a memory, simulating each of one or more transactions, determining that each transaction in a new block may be validated using the validation database, validating each transaction in the new block using the validation database, and committing the new block to the blockchain. The validation database includes data corresponding to a predetermined number of most recent blocks of a state database for a blockchain.

Abstract: A method for calculating a number of proof-of-work to measure how much work has been done in one block mining, includes the following steps: using a low hash, wherein the low hash value corresponding to a low nonce is not greater than a predetermined target value; using a high hash, wherein the high hash value corresponding to a high nonce is higher than the same target value; and calculating the number of proof-of-work according to the low hash value and the high hash value. The low hash value is the lowest hash value in one block mining. The high hash value is the highest hash value in the same block mining.

Abstract: A first device specifies a privacy specification. The privacy specification includes at least a safe zone and a precision parameter may also be specified. A second device, such as an untrusted server, uses the privacy specification to provide guidance to the first device on how to perturb sensitive data. The first device then uses the guidance to transform sensitive data and provides it to the second device. The data transformation permits the first device to share sensitive data in a manner that preserves the privacy of the first user but permits statistics on aggregated data to be generated by an untrusted server.

Abstract: Techniques for verifying message authenticity is provided. In some implementations, a verification request to verify authenticity of a first message is received from a user computing device. The verification request includes a first user identifier and verification information. A delivery message record is obtained. The delivery message record includes a plurality of entries associated with one or more messages sent to one or more user computing devices. Each entry includes a user identifier and feature information of a respective message of the one or more messages. At least one entry that has a second user identifier matching the first user identifier is identified. In response to determining that the feature information of the identified at least one entry matches the verification information from the verification request, a verification message is provided to the user computing device. The verification message indicates that authenticity of the first message is verified.

Abstract: A computer-implemented method includes receiving, by an application executing on a computing device, a first environment with a first identifier, in response to a first request comprising an authentication code. The method further includes associating, by the application, the first identifier with the authentication code, sending, by the application, a second request comprising the first identifier and the authentication code, and in response to sending the second request, receiving, by the application, a second environment with a second identifier. The second environment is a version snapshot of the first environment.

Abstract: In order to allow automatic installation of a newly-supplied wireless device (2) such that it can communicate with the internet (9) through an access point (7), the new device (2) is configured so that on initial installation it operates in access point mode. A remote service provider (4) is provided with authentication information (406) and generates to instructions to the access point (7) to monitor for a broadcast beacon from the target wireless device (2). When it detects the beacon, the access point (7) switches to client mode to establish a secured wireless network connection (8) between the access point (7) and the new wireless network device (2), with the access point (7) operating in a client mode. By reversing the roles in this way, the provider of the new device (2) can arrange for automatic connection to the access point (7) without having to programmed the device (2) with any password or other data relating to the customer's access network.

Abstract: The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side channel attack, such as a Meltdown or Spectre type attack by selectively introducing a variable, but controlled, quantity of uncertainty into the externally accessible system parameters visible and useful to the attacker. The systems and methods described herein provide perturbation circuitry that includes perturbation selector circuitry and perturbation block circuitry. The perturbation selector circuitry detects a potential attack by monitoring the performance/timing data generated by the processor. Upon detecting an attack, the perturbation selector circuitry determines a variable quantity of uncertainty to introduce to the externally accessible system data. The perturbation block circuitry adds the determined uncertainty into the externally accessible system data. The added uncertainty may be based on the frequency or interval of the event occurrences indicative of an attack.