Abstract: A resistor mesh with distributed sensing points is provided in a security chip as an anti-tamper shield. An analog multiplexing circuit is configured to receive a pair of digital selection values created by an algorithm processing circuit, and produce a respective differential voltage formed by a pair of voltages obtained at a pair of selected sensing points within the resistor mesh corresponding to the pair of digital selection values. Each differential voltage is converted into a corresponding digital output value. An algorithm processing circuit is configured to receive a respective digital output value associated with each pair of digital selection values and derive a binary value based on a subset of the digital output values, wherein the binary value is unique to the security chip.

Abstract: A security level of data generated by an application may be communicated from the application layer to the network layer and that security level used to determine of several available network connects for transmitting the data. A method of communicating may include associating the plurality of network connections with security levels to form associations, the associations indicating security levels of data that may be transmitted over each of the plurality of network connections; receiving, at the network layer, data for transmission; determining, at the network layer, a security level for the data; determining, at the network layer, at least one network connection of a plurality of network connections to transmit the data based, at least in part, on the security level; and transmitting the data packet over the at least one network connection.

Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.

Abstract: A connection management apparatus of a relay system specifies, when terminal identification information for identifying a target terminal is acquired from a client terminal, a first relay apparatus that relays communication, and specifies connecting information for the client terminal to connect to the first relay apparatus. The connection management apparatus stores the specified connecting information and the terminal identification information in a storage in association with each other, and notifies the client terminal of the specified connecting information. When the specified first relay apparatus receives access based on the connecting information from the client terminal, the specified first relay apparatus relays the communication between the client terminal and the target terminal on the basis of the terminal identification information associated with the connecting information.

Abstract: Systems and methods for vehicle message signing are provided. A method includes obtaining, by a vehicle computing system of an autonomous vehicle, a computing system state associated with the vehicle computing system and a message from at least one remote process running a computing device remote from the vehicle computing system. The message is associated with an intended recipient process running on the vehicle computing system. The method includes determining an originating sender for the message. The originating sender is indicative of a remote process that generated the message. The method includes determining a routing action for the message based on a comparison of the originating sender and the computing system state. The routing action includes at least one of a discarding action or a forwarding action to the intended recipient process. The method includes performing the routing action for the message.

Abstract: A method and system for security flow analysis of application code comprising: detecting data flows in a code base; and extracting an information flow, comprising determining a primary data flow by identifying a data flow that contains exposed data, and extending the primary data flow through descriptor data flows, wherein the descriptor data flows are associated with the set of data tracked by the primary data flow; wherein the information flow is a high level flow description that exposes the application code vulnerabilities based on the primary data flow and all associated descriptor data flows.

Abstract: Methods, apparatus, systems and articles of manufacture for communicating encrypted data via a virtual private network are disclosed. An example computer system disclosed herein includes a memory including instructions that, when executed, cause one or more processors to establish a first tunnel and a second tunnel between a VPN client and a VPN server. The instructions further cause the one or more processors to access a request message to be sent via the VPN and determine, in response to a payload being formatted using a first protocol, whether a packet associated with the request message includes an encrypted server name indication (SNI). The instructions further cause the one or more processors to, in response to the packet including the encrypted SNI, encrypt the header of the request message to form an encrypted header, create an encrypted message including the encrypted header and the payload of the request message, and transmit the encrypted message through the first tunnel.

Abstract: Managing data in a distributed computing environment, such as a cloud computing platform for healthcare. The platform selects a set of hierarchical resources deployed in the distributed computing environment, wherein the set of hierarchical resources comprises a resource member. The platform converts the set of selected hierarchical resources to a localized schema. The platform determines a score for the resource member based on the proximity of the resource member to the healthcare privacy dictionary, wherein the proximity is determined using the localized schema. The platform updates the set of hierarchical resources based on the determined score. The platform controls access to a resource member based on the score determined based on a proximity of a localized schema representation of the resource member to a healthcare privacy dictionary.

Abstract: A method for operating at least one log-analytics detection platform for detecting security threats associated with a client network, comprising: obtaining, via a communication network, log files from a client network, each log file comprising a log record associated with a channel and including an outbound communications log; extracting a channel feature set for said channels from said log files, said channel feature set comprises data pertaining to an associated entity, at least one channel feature being behavior of communication over a channel; aggregating said channel associated features for each of the channels into a data repository; generating a risk factor characterized by an entity score for said least one entity associated with entities of said channels; and blocking of communication for said entity when said risk factory is indicative of said entity being a security threat.

Abstract: A method of improving integrity of a computer system includes executing certifiable and qualifiable software applications. The certifiable software application is composed of static program instructions executed sequentially to process input data to produce an output, and the qualifiable software application uses a model iteratively built using a machine learning algorithm to process the input data to produce a corresponding output. The certifiable software application is certifiable for the computer system according to a certification standard, and the qualifiable software application being non-certifiable for the computer system according to the certification standard. The method also includes cross-checking the output by comparison with the corresponding output to verify the output, and thereby improve integrity of the computer system.

Abstract: A system for dynamic data modification and correction is provided. The system comprising: a memory device with computer-readable program code stored thereon; a communication device connected to a network; a processing device, wherein the processing device is configured to execute the computer-readable program code to: monitor a first data storage location for an artifact stored in the first data storage location, the artifact comprising unobscured private data; move the artifact to a second data storage location based on identifying the unobscured private data; generate a context rule set for the artifact based on an artifact type and one or more data fields of the artifact; modify the artifact to remove the unobscured private data based on the context rule set; and reintroduce the modified artifact to the first data storage location.

Abstract: Systems and methods for management and configuration of personal digital privacy and security. A list of protected accounts is received, where each protected account is an online user account associated with a user. For each protected account of the list, a privacy configuration is generated, based at least in part on one or more user-specific privacy rules. A login session for the protected account is accessed, without transmitting or receiving the user's password for the protected account. Based on the accessed login session for the protected account, a plurality of current status indicators are determined for a plurality of privacy settings associated with the protected account. The current status indicators are analyzed to generate updated configuration settings for one or more of the privacy settings of the protected account, and the updated configuration settings are applied to the protected account.

Abstract: Provided are methods and systems for performing secure analytics using term generations and a homomorphic encryption. An example method includes receiving, by at least one server from a client, a term generation function, a hash function, a public key of a homomorphic encryption scheme, and a homomorphically encrypted list of indices, wherein the list of indices is generated using the term generation function and the hash function, applying, by the server, the term generation function, the hash function, and the public key to a data set to determine a further homomorphically encrypted list of indices, extracting, by the server and using the homomorphically encrypted list of indices and the further homomorphically encrypted list of indices, data from the encrypted data set to obtain an encrypted result, and sending the encrypted result to the client to decrypt the encrypted result using a private key of the homomorphic encryption scheme.

Abstract: An example apparatus includes a packaging container, and any of a label and an electronic tag detachably connected to the packaging container and including an electrical code set for electrical authentication upon removal of any of the label and the electronic tag from the packaging container and being affixed to a device associated with the packaging container, wherein the electrical authentication is to validate the packaging container and the device as original equipment manufacturer components. Any of the label and the packaging container is altered upon removal of the label from the packaging container.

Abstract: Disclosed is a method for checking the setting of predefined security functions of a field device of process and automation technology, wherein the predefined security functions relate to an access to a function of the field device by an unauthorized person. The method includes: identifying a user; starting by the user a query about the actual setting of the security functions predefined at the measuring point; comparing actual setting of the predefined security functions with a target setting of the predefined security functions defined by the stipulated security level; and outputting an electronic report about the matching or deviation of the actual setting from the target setting of the predefined security functions. Depending on the matching or deviation of the actual setting from the target setting of the predefined security functions, different steps are carried out.

Abstract: The described technology provides for plural application processes including at least one application in a browser to reliably acquire device information that can be used by other processes to accurately determine whether the plural applications are running on the same client device and/or are associated with aspects of the same client device. The more reliable determination of the devices associated with respective application processes can be used for various purposes such as, for example, user access management capabilities such as improved single sign-on (SSO) capability and/or improved multiple login prevention (MLP) capability.

Abstract: Examples described herein provide a computer-implemented method that includes detecting an anomaly associated with an object of a computer system and determining an importance classification of the object. An object relationship of the object is determined with respect to one or more other objects of the computer system. An impact score of the anomaly is determined based on the importance classification and the object relationship. An anomaly report is output with the impact score.

Abstract: Embodiments of the prevent invention provide a network access authentication method and device. The method comprises: receiving an authentication request message sent by a first serving network, wherein the authentication request message carries a user equipment pseudonym identifier generated by a user equipment; determining whether a local user equipment pseudonym identifier is asynchronous with the user equipment pseudonym identifier generated by the user equipment; and obtaining, if the determination result is yes, an encrypted international mobile subscriber identity (IMSI) to carry out network access authentication on the user equipment. The embodiments of the present invention can solve the problem that a network access process in the related art does not provide a processing method for the case where the user equipment pseudonym identifier in the user equipment is asynchronous with the user equipment pseudonym identifier in a home network.

Abstract: At least one machine readable medium comprising a plurality of instructions that in response to being executed by a system cause the system to send a unique identifier to a license server, establish a secure channel based on the unique identifier, request a license for activating an appliance from a license server over the secure channel, receive license data from the license server over the secure channel; determine whether the license is valid, and activate the appliance in response to a determination that the license data is valid.

Abstract: An electronic control unit comprises circuitry to receive a combined signal via a vehicle bus of a vehicle, wherein the combined signal contains a combination of a data signal and a watermark signal, which can be a radio frequency (RF) signal or an analog baseband signal, wherein the data signal includes a message, circuitry to extract a watermark from the watermark signal, circuitry to verify the watermark based on a comparison of the watermark with a pre-defined watermark, circuitry to extract the data signal from the combined signal and obtain the message from the data signal, and circuitry to authenticate the message based on the verification of the watermark.