Abstract: The present disclosure describes embodiments of a device with memory and a processor. The memory is configured to store integrated circuit (IC) trim and redundancy information. The processor is configured to extract bits from the IC trim and redundancy information, perform a hashing function on the extracted bits to generate hashed bits, and in response to statistical properties of the hashed bits meeting one or more criteria, output the hashed bits. In some embodiments, the memory that stores the IC trim and redundancy information can be different from other memory used by the device for other operations (e.g., accessing user data and program data that have been written into system memory).

Abstract: Methods, apparatus, and computer program products for computing device digital certificates that include a geographic extension are disclosed herein. One method includes a processor managing a digital certificate for a first computing device, in which the digital certificate includes a geographic extension, and populating the geographic extension with a distance value that enables the digital certificate to be validated via the populated geographic extension. Apparatus and computer program products that include hardware and/or software that can perform the methods for computing device digital certificates that include a geographic extension are also disclosed herein.

Abstract: A client-side electronic device includes a receiver, a processor, and a memory. The receiver communicates with a message server over a communication medium of a communication network. The memory stores computer-executable instructions, which, when executed by the processor, cause the device to receive, from the message server, a broadcast message, a timestamp associated with the broadcast message, and a first digital signature of the broadcast message and a second digital signature of the timestamp. The executed instruction further cause the device to verify an integrity of the broadcast message based the first or second digital signatures, determine a freshness of the broadcast message based on the received timestamp, calculate a trust state of the broadcast message based on the integrity verification and the freshness determination, and store the broadcast message in the memory along with the calculated trust state.

Abstract: A method of configuring a client device at a customer premises is provided. An electronic message is received from a vendor of a client device with customer premise equipment (CPE) at the customer premises or a portable communication device. The electronic message provides configuration information for the client device. The configuration information includes a password and an access name of a service for use in configuring the client device via communications with a remote configuration server. The service is made available at the customer premises via the CPE or the communication device so that the client device automatically pairs to the service and is authenticated with the password to the configuration server via Internet connectivity capability of the CPE or portable communication device so that the client device may be configured. The client device has firmware preprogramed to automatically and securely access the service, when detected, at the customer premises.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for mitigating computing latency associated with proving of possession of network endpoints. One system includes (i) a user device, e.g., a smartphone or a personal computer, (ii) a proof of possession service running on one or more computers, and (iii) an authorization service running on one or more computers.

Abstract: An estimation device includes: a collection section configured to collect related information when cyber threat intelligence of a maliciousness estimation target is input, the related information being related to the cyber threat intelligence and other cyber threat intelligence different from the cyber threat intelligence; a feature generation section configured to generate a feature based on the related information, the feature representing a feature of the cyber threat intelligence; a graph information generation section configured to generate graph information based on the related information and the other cyber threat intelligence, the graph information indicating a graph in which each of the cyber threat intelligence and the other cyber threat intelligence is a node and a relationship between the nodes is an edge; and an estimation section configured to estimate the maliciousness of the cyber threat intelligence by a graph convolutional neural network using the feature of the cyber threat intelligence wh

Abstract: A peripheral device package for use in a host computing device has a plurality of compute elements and a plurality of resources shared by the plurality of compute elements. A datastructure is stored in a hidden memory of the peripheral device package. The data structure holds metadata about ownership of resources of the peripheral device package by a plurality of user runtime processes of the host computing device which use the compute elements. At least one of the user runtime processes is a secure user runtime process. The peripheral device package has a command processor configured to use the datastructure to enforce isolation of the resources used by the secure user runtime process.

Abstract: Disclosed is an operating method of a storage device, which includes detecting virus/malware, performing an authentication operation with a host device when the virus/malware is detected, and entering a recovery mode when the authentication operation indicates that authentication is successful.

Abstract: A method is disclosed. The method includes transmitting, to a token service computer, a request message comprising a token requestor identifier associated with the token requestor and a service provider computer identifier associated with the service provider computer. The method also includes receiving a response message comprising the token and/or a cryptogram, generating an authorization request message comprising the token and the cryptogram, and transmitting the authorization request message to a processing computer in communication with a token service computer.

Abstract: A collation system 20, which is provided with a client 30 and a server 40, the client 30 includes: a random number generation unit 31 which generates a random number; a concealed information storage unit 32 which stores concealed information generated by concealing registered information and the generated random number using a concealment key; and a concealed index computation unit 33 which, on the basis of the collation information input for collation with the registered information and the concealed information, computes a concealed index, generated by concealing an index indicating closeness between the registered information and the collation information; the server 40 includes a determination unit 41 which uses a release key corresponding to the concealment key and the random number transmitted from the client 30 to determine whether or not the index can be acquired from the concealed index transmitted from the client 30.

Abstract: There are provided systems and methods for split one-time password digits for secure transmissions to selected devices. Authentication credentials and one-time password operations by a service provider, such as an electronic transaction processor for digital transactions, may be compromised by malicious computing attacks or other actions that compromise the security of data and communications. To increase security of the data within a communication and authentication operations, a split one-time password system may be implemented. A user may preset a number of known digits for a one-time password with a profile and/or account. When multifactor authentication is required, randomized digits may be generated using a hash algorithm and may be transmitted to the user with instructions for completion of the one-time password. The user may be required to specifically enter the known digits with the randomized digits to properly pass the multifactor authentication.

Abstract: The present invention is a platform and/or agnostic method and system operable to protect data, documents, devices, communications, and transactions. Embodiments of the present invention may be operable to authenticate users and may be operable with any client system. The method and system are operable to disburse unique portions of anonymous related information amongst multiple devices. These devices disburse unique portions of anonymous information and are utilized by the solution to protect sensitive data transmissions, and to authenticate users, data, documents, device and transactions. When used for authentication, login-related information is not stored in any portion of the solution, users and devices are anonymously authenticated. The solution also permits a user to access secured portions of the client system through a semi-autonomous process and without having to reveal the user's key.

Abstract: The present disclosure, in some embodiments, relates to a data protection method comprising: determining a file comprising content data on a computing system; generating index information for the file; transmitting the index information to a cloud system; executing a corruption operation on the file comprising: dividing the content data of the file into a plurality of data chunks; executing a first encryption operation based on an encryption protocol, on the first data chunk; executing a second encryption operation based on the encryption protocol, on the second data chunk; generating or assigning a first name for the first data and a second name for the second data chunk; and generating a key associated with an order of the first data chunk and the second data chunk.

Abstract: A method and apparatus provides debug information and employs a central debug service in a management environment that issues, to a client debug agent in a client environment, a cryptographically secure signed request for access to debug information that is generated by code executing in the client environment. The request is signed using a private key of a public/private key pair associated with the central debug service. The central debug service receives from the client debug agent, a request that requests the public key of public/private key pair associated with the central debug service and provides the public key of the central debug service to the client debug agent, in response to the request, for verification of approval to access debug information in the client environment. The central debug service receives the requested debug information from the client debug agent, in response to a successful signature verification by the client debug agent.

Abstract: An example operation includes one or more of creating, by a transport, a digital key when the transport is powered on, wherein the digital key relates to an identity of an occupant of the transport, creating, by the transport, a digital sub-key that is related to the digital key, using, by the transport, the digital key during processing of a first set of functions, and using, by the transport, the digital sub-key during processing of a second set of functions that are more critical than the first set of functions.

Abstract: Implementations of the present specification provide a blockchain-based transaction method and apparatus, and a remitter device. The method includes: calculating a transaction amount commitment, a first commitment random number ciphertext, a first transaction amount ciphertext, a second commitment random number ciphertext, and a second transaction amount ciphertext; and submitting transaction data to the blockchain, the transaction data including the transaction amount commitment, the first commitment random number ciphertext, the first transaction amount ciphertext, the second commitment random number ciphertext, and the second transaction amount ciphertext, for the transaction amount commitment, the first commitment random number ciphertext, and the first transaction amount ciphertext to be recorded into a remitter account, and the transaction amount commitment, the second commitment random number ciphertext, and the second transaction amount ciphertext to be recorded into a remittee account.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: Systems and methods of improving the operation of a transaction network and transaction network devices are disclosed. An online purchase autofill plugin includes various modules and engines. The fields of online forms may be identified and the fields of online forms may be automatically filled. The user experience may be improved, and data security enhanced so that the transaction network more properly functions according to approved parameters, such as protecting the integrity of sensitive data.

Abstract: A system includes a device and a payload warehouse. The device receives a user request to initiate a feature of the device. In response to receiving the request, device information is provided to a payload warehouse. The payload warehouse stores an inventory which includes a digital payload. The digital payload includes data, such as a digital certificate, which may be used by the device to implement the user-requested feature. The payload warehouse receives the device information provided by the device and determines an encryption vector based at least in part on the received device information. Using the encryption vector, the digital payload is encrypted. The encrypted digital payload is provided to the device.

Abstract: A session migration method includes sending, by a transmission management apparatus, registration request cancellation information to a subscriber information management apparatus in response to user plane security enforcement information of a packet data unit (PDU) session failing to match user plane encryption protection information of an evolved packet system (EPS). The registration request cancellation information is useable to indicate that the PDU session fails to support migration to the EPS, and the PDU session has been registered with the subscriber information management apparatus.