Abstract: Various aspects of methods, systems, and use cases for multi-entity (e.g., multi-tenant) edge computing deployments are disclosed. Among other examples, various configurations and features enable the management of resources (e.g., controlling and orchestrating hardware, acceleration, network, processing resource usage), security (e.g., secure execution and communication, isolation, conflicts), and service management (e.g., orchestration, connectivity, workload coordination), in edge computing deployments, such as by a plurality of edge nodes of an edge computing environment configured for executing workloads from among multiple tenants.

Abstract: A client-side electronic device includes a receiver, a processor, and a memory. The receiver communicates with a message server over a communication medium of a communication network. The memory stores computer-executable instructions, which, when executed by the processor, cause the device to receive, from the message server, a broadcast message, a timestamp associated with the broadcast message, and a first digital signature of the broadcast message and a second digital signature of the timestamp. The executed instruction further cause the device to verify an integrity of the broadcast message based the first or second digital signatures, determine a freshness of the broadcast message based on the received timestamp, calculate a trust state of the broadcast message based on the integrity verification and the freshness determination, and store the broadcast message in the memory along with the calculated trust state.

Abstract: A virtual firewall configured with two interfaces assigned different security zones switches between Layer 3 routing and bump-in-the-wire (BITW) modes between sessions. After receiving a packet from a one-arm load balancer, an inner header is determined based on decapsulation which removes an outer header. A route lookup is performed based on the inner header to determine whether to communicate packets of the session with Layer 3 routing or according to the BITW model. The result of the route lookup indicates an egress interface. If the ingress and egress interfaces are the same, the firewall operates according to the BITW model for the session. If the egress and ingress interfaces are different, the firewall routes packets of the session with Layer 3 routing. Upon detection of subsequent packets, the firewall operates according to the determined mode for the session without performing additional inner header route lookups for operation mode determination.

Abstract: An ownership management system records an article ID, which is unique information for identifying an article, and an owner ID, which is information indicating an owner of the article, on a blockchain in association with each other, and generates a two-dimensional code from a hash value acquired from the blockchain at the time of recording, the article ID, and the owner ID. The ownership management system accepts the two-dimensional code, extracts the hash value, the article ID, and the owner ID from the accepted two-dimensional code acquires the article ID and the owner ID recorded on the blockchain by using the extracted hash value, determines a matching relationship between the article ID and the owner ID extracted from the two-dimensional code, and outputs the extracted article ID and the owner ID when it is determined that the matching is made.

Abstract: Provided are a method and device employing a smart contract to realize identity-based key management. The method comprises: running a smart contract, and executing a key management process, wherein the key management process comprises: when a key of a target user requires an update and the target user is not a supervised user, generating a master public key and a master private key pertaining to the target user; acquiring, from a blockchain, identity information of the target user; generating a first target private key according to the master public key and the master private key pertaining to the target user and the identity information of the target user; and replacing a current private key of the target user with the first target private key.

Abstract: Implementations of the subject technology provides analyzing a recording of content within a field of view of a device, the analyzing including recognition of a set of objects included in the content. The subject technology identifies a subset of the set of objects that are indicated as corresponding to protected content. The subject technology generates a modified version of the recording that obfuscates or filters the subset of the set of objects. Additionally, the subject technology provides the modified version of the recording to a host application for playback.

Abstract: Upon an attempt to access a service of a third-party server, full-duplex password-less authentication provides a one-time password to the user displayed at the client device and at a mobile device associated with the user. The user verifies the access by comparing the one-time password displayed at the mobile device and the one-time password displayed at the client device. In some embodiments, the one-time password is displayed as a picture while in other embodiments, a combination of a picture the one-time password is displayed as a picture and a set of alphanumeric characters for ease in making the comparison. The user determines whether to accept or deny the authentication sequence after a simple visual comparison.

Abstract: A learning with errors (LWE) instance management method according to an embodiment may include obtaining, from one or more user devices among a plurality of user devices, one or more learning with errors (LWE) instances and one or more extended LWE instances including reuse tags associated with the LWE instances, storing the one or more extended LWE instances, receiving, from a first device among the plurality of user devices, a request for an LWE instance produced by a second device among the plurality of user devices, and identifying, based on a reuse tag included in each of the one or more extended LWE instances, a target extended LWE instance including an LWE instance produced by the second device among the one or more extended LWE instances, and providing the LWE instance included in the target extended LWE instance to the first device.

Abstract: Technologies are shown for secure management of personal information data involving storing personal information data in a personal information data block and committing the personal information data block to a personal information data blockchain and authorizing access to the personal information data by a platform entity by storing a platform identifier corresponding to the platform entity in authorized access data. An access request is received from the platform entity that includes the platform identifier for the first platform entity. If the platform identifier is verified to be in the authorized access data, the personal information data is obtained from the personal information data blockchain and returned to the platform entity. In some examples, the authorized access data includes permissions that identify portions of the personal information data that the platform entity can access. In other examples, the authorized access data is secured on an authorized access data blockchain.

Abstract: A method for enhancing detection of fraudulent data is provided that includes the step of analyzing, by an electronic device, voice biometric data captured while the user was speaking to determine whether the captured voice biometric data exhibits anomalies associated with fraudulent voice audio data. Moreover, the method includes the steps of analyzing circumstances under which the voice biometric data was captured, analyzing mannerisms of the user while the voice biometric data was captured, and calculating a risk score based on at least the results of the analyses. Furthermore, the method includes the steps of comparing the risk score against a threshold value, and in response to determining the risk score fails to satisfy the threshold value generating an alert having a risk level corresponding to the risk score.

Abstract: An incorrect transmission, of a record of data to a distributed ledger system, can be prevented. A first signal can be received. The first signal can include a first instruction to cause the record to be transmitted to the system. One or more items of information in the record can be determined. A delay of time to be elapsed, before a transmission of the record to the system, can be set in response to a receipt of the first signal and a determination of the one or more items. The transmission of the record to the system can be caused to occur after the delay has elapsed. The transmission of the record to the system can be prevented in response to a receipt of a second signal before the delay has elapsed. The second signal can include a second instruction that supersedes the first instruction.

Abstract: A set of virtual machines (VMs) with different guest operating systems installed is initially booted and prepared to facilitate rapid creation, or “forking,” of a child VM(s) for malware analysis of a software sample. Because malicious code may be packaged for a specific operating system version, subsets of the VMs may have different versions of the same guest operating system installed. Upon detection of a sample indicated for malware analysis, a child VM(s) running the appropriate guest operating system is created based on a corresponding one(s) of the set of VMs. A process in which the corresponding VM(s) has been booted is forked to create a child process. A child VM which is a copy of the VM booted in the parent process is then created in the child process. The sample is then sandboxed in the child VM for analysis to determine if the sample comprises malware.

Abstract: Systems and methods for establishing an arbitration agreement for an agreement can include creating, by a first computing system associated with a first party, an ArbitrationInformation attribute comprising the arbitration agreement. The method includes signing, by the first computing system, the ArbitrationInformation attribute with the first computing system's digital signature; creating, by the first computing system, a first SignedData message comprising the ArbitrationInformation attribute and information indicative of the agreement; and transmitting, by the first computing system, the first SignedData message to a second computing system associated with a second party different than the first party and on a different network node than the first party.

Abstract: The present disclosure describes embodiments of a device with memory and a processor. The memory is configured to store integrated circuit (IC) trim and redundancy information. The processor is configured to extract bits from the IC trim and redundancy information, perform a hashing function on the extracted bits to generate hashed bits, and in response to statistical properties of the hashed bits meeting one or more criteria, output the hashed bits. In some embodiments, the memory that stores the IC trim and redundancy information can be different from other memory used by the device for other operations (e.g., accessing user data and program data that have been written into system memory).

Abstract: Methods, apparatus, and computer program products for computing device digital certificates that include a geographic extension are disclosed herein. One method includes a processor managing a digital certificate for a first computing device, in which the digital certificate includes a geographic extension, and populating the geographic extension with a distance value that enables the digital certificate to be validated via the populated geographic extension. Apparatus and computer program products that include hardware and/or software that can perform the methods for computing device digital certificates that include a geographic extension are also disclosed herein.

Abstract: A client-side electronic device includes a receiver, a processor, and a memory. The receiver communicates with a message server over a communication medium of a communication network. The memory stores computer-executable instructions, which, when executed by the processor, cause the device to receive, from the message server, a broadcast message, a timestamp associated with the broadcast message, and a first digital signature of the broadcast message and a second digital signature of the timestamp. The executed instruction further cause the device to verify an integrity of the broadcast message based the first or second digital signatures, determine a freshness of the broadcast message based on the received timestamp, calculate a trust state of the broadcast message based on the integrity verification and the freshness determination, and store the broadcast message in the memory along with the calculated trust state.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for mitigating computing latency associated with proving of possession of network endpoints. One system includes (i) a user device, e.g., a smartphone or a personal computer, (ii) a proof of possession service running on one or more computers, and (iii) an authorization service running on one or more computers.

Abstract: A method of configuring a client device at a customer premises is provided. An electronic message is received from a vendor of a client device with customer premise equipment (CPE) at the customer premises or a portable communication device. The electronic message provides configuration information for the client device. The configuration information includes a password and an access name of a service for use in configuring the client device via communications with a remote configuration server. The service is made available at the customer premises via the CPE or the communication device so that the client device automatically pairs to the service and is authenticated with the password to the configuration server via Internet connectivity capability of the CPE or portable communication device so that the client device may be configured. The client device has firmware preprogramed to automatically and securely access the service, when detected, at the customer premises.

Abstract: An estimation device includes: a collection section configured to collect related information when cyber threat intelligence of a maliciousness estimation target is input, the related information being related to the cyber threat intelligence and other cyber threat intelligence different from the cyber threat intelligence; a feature generation section configured to generate a feature based on the related information, the feature representing a feature of the cyber threat intelligence; a graph information generation section configured to generate graph information based on the related information and the other cyber threat intelligence, the graph information indicating a graph in which each of the cyber threat intelligence and the other cyber threat intelligence is a node and a relationship between the nodes is an edge; and an estimation section configured to estimate the maliciousness of the cyber threat intelligence by a graph convolutional neural network using the feature of the cyber threat intelligence wh

Abstract: A peripheral device package for use in a host computing device has a plurality of compute elements and a plurality of resources shared by the plurality of compute elements. A datastructure is stored in a hidden memory of the peripheral device package. The data structure holds metadata about ownership of resources of the peripheral device package by a plurality of user runtime processes of the host computing device which use the compute elements. At least one of the user runtime processes is a secure user runtime process. The peripheral device package has a command processor configured to use the datastructure to enforce isolation of the resources used by the secure user runtime process.