Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: Secure electronic devices and methods are disclosed. A method may include: using a transceiver, a computer program capturing a current connectivity fingerprint comprising at least one current wireless network or device in a current environment for an electronic device; the computer program retrieving a home connectivity fingerprint for a home environment comprising at least one home wireless network or device that fingerprint was captured when the electronic device was in a home environment; the computer program comparing the current connectivity fingerprint to the home connectivity fingerprint; and the computer program storing the current connectivity fingerprint in response to a threshold number of the current wireless networks or devices in the current connectivity fingerprint are not present of the home connectivity fingerprint.

Abstract: A wireless User Equipment (UE) performs quantum authentication with a wireless communication network. The wireless UE receives qubits that were generated by the wireless communication network and determines polarization states for the qubits. The wireless UE exchanges cryptography information with the wireless communication network. The wireless UE and the wireless communication network both generate cryptography keys based on the polarization states and the cryptography information. The wireless UE generates authentication data based the cryptography keys. The wireless UE wirelessly transfers the authentication data to the wireless communication network. The wireless communication network authenticates the wireless UE based on the authentication data and the cryptography keys.

Abstract: Methods and apparatus to protect sensitive information on media processing devices are disclosed. An example media processing device includes a processing engine configured to process a media processing instruction received at the media processing device, wherein the media processing instruction includes a command and data to cause a component of the media processing device to perform a function; and a data protector configured to determine whether the command is a data protection command; and when the command is the data protection command, modify the function to provide protection to the data.

Abstract: Techniques for preventing ransomware from encrypting files on a target machine are disclosed. In some embodiments, a system/process/computer program product for preventing ransomware from encrypting files on a target machine includes monitoring file system activities on a computing device; detecting an unauthorized activity associated with a honeypot file or honeypot folder; and performing an action based on a policy in response to the unauthorized activity associated with the honeypot file or honeypot folder.

Abstract: Methods, apparatus, and processor-readable storage media for automatically discovering and securely identifying connected systems are provided herein. An example computer-implemented method includes discovering a set of one or more systems connected via at least one network using one or more domain name server (DNS) service discovery techniques; identifying at least one of the one or more systems of the discovered set by processing cryptographic data associated with at least a portion of the one or more systems using one or more digest access authentication techniques; and performing one or more automated actions based at least in part on the at least one identified system.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: A processing unit, where the processing unit one of a group of processing units of a system, includes a processor; and memory including instructions, which when executed by the processor while avoiding interrupting a controller that does not belong to the group of processing units, cause the processor to: perform at least one iteration of the steps of: (a) entering a trusted mode, (b) selecting a selected job to be executed by the processing unit, (c) retrieving access control metadata related to the selected job, (d) entering, by the processing unit, an untrusted mode, (e) executing the selected job by the processing unit while adhering to the access control metadata related to the job, and (f) resetting the processing unit.

Abstract: Systems and methods for sharing content between devices are disclosed. To request a shared piece of media content, a playback device generates and sends a request to content server. The playback device includes information in the request that indicates the playback capabilities of the device. The content server receives the request and determines the playback capabilities of the playback device from the information in the request. The content server then determines the assets that may be used by the playback device to obtain the media content and generates a top level index file for the playback device that includes information about the determined assets. The top level index file is then sent to the playback device that may then use the top level index file to obtain the media content using the indicated assets.

Abstract: Enforcing shadow stack violations at module granularity, rather than at thread or process granularity. An exception is processed during execution of a thread based on code of an application binary, which is enabled for shadow stack enforcement, that calls an external module. The exception results from a mismatch between a return address popped from the thread's call stack and a return address popped from the thread's shadow stack. Processing the exception includes determining that the exception resulted from execution of an instruction in the external module, and determining whether or not the external module is enabled for shadow stack enforcement. Based at least on these determinations, execution of the thread is terminated when the external module is enabled for shadow stack enforcement, or the thread is permitted to continue executing when the external module is not enabled for shadow stack enforcement.

Abstract: Systems and techniques for multi-layer user authentication with live interaction are described herein. An authentication request may be received from a user for secure data stored in a computing system. Contextual data may be received that is associated with authentication information received from the user. It may be determined that the user has passed a first authentication process based on a match between the authentication information and reference authentication information stored in a user profile for the user. A risk score may be generated for the authentication request based on the contextual data and the authentication data. A second authentication process may be identified based on the risk score. A set of secondary authentication information may be received. Data associated with the authentication request may be transmitted upon authentication of the user via the second authentication process based on the set of secondary authentication data.

Abstract: Systems and methods that provide NAS security protection for mobile networks. In one embodiment, a network element of a mobile network performs a NAS procedure in multiple phases to establish a NAS communication session with User Equipment (UE) when no NAS security context exists. For a first phase, the network element receives an initial NAS message from the UE populated with a subset of NAS protocol Information Elements (IEs) designated for security-related handling, selects a NAS security algorithm for the NAS security context, and sends a response to the UE that indicates the NAS security algorithm. For a second phase, the network element receives a subsequent NAS message from the UE having a NAS message container that contains the initial NAS message populated with each of the NAS protocol IEs for the NAS procedure, and decrypts the NAS message container of the subsequent NAS message using the NAS security algorithm.

Abstract: Methods, systems, and devices for wireless communications are described. A base station may transmit, to a user equipment (UE), a control message that includes an identification of a set of protection levels corresponding to different degrees of physical layer security for securing communications between the UE and the base station. The base station may transmit, to the UE, an indication of an identified protection level of the set of protection levels to be used by the UE for securing the communications between the UE and the base station. The UE may communicate with the base station in accordance with the identified protection level.

Abstract: In one embodiment, a set of feature vectors can be derived from any biometric data, and then using a deep neural network (“DNN”) on those one-way homomorphic encryptions (i.e., each biometrics' feature vector) can determine matches or execute searches on encrypted data. Each biometrics' feature vector can then be stored and/or used in conjunction with respective classifications, for use in subsequent comparisons without fear of compromising the original biometric data. In various embodiments, the original biometric data is discarded responsive to generating the encrypted values. In another embodiment, the homomorphic encryption enables computations and comparisons on cypher text without decryption. This improves security over conventional approaches. Searching biometrics in the clear on any system, represents a significant security vulnerability. In various examples described herein, only the one-way encrypted biometric data is available on a given device.

Abstract: An apparatus comprises a memory and at least one processor in communication with the memory. The at least one processor is to detect, during a discovery window, a neighboring client station that is to perform peer-to-peer Wi-Fi communication via a Neighbor Awareness Networking (NAN) protocol and establish, via a negotiation after the discovery window, a datapath with the neighboring client station, wherein the negotiation includes an exchange of NAN data path setup attributes in parallel with an exchange of encryption cipher attributes and the encryption cipher is based on a simultaneous authentication of equals (SAE) protocol. The SAE protocol can be used to generate key material to encrypt the datapath.

Abstract: End user presence and absence states are determined at an information handling system by analyzing infrared time of flight sensor presence detection information with configuration settings based upon operating conditions at the information handling system. User presence and absence state accuracy is validated and invalidated to analyze and determine optimal configuration settings for each of plural operating conditions, such as the location of the information handling system, ambient light and the availability of plural infrared time of flight sensors, such as the availability of secondary infrared time of flight sensors integrated in peripheral devices.

Abstract: A data center 5th-Generation (5G) network encrypted multicast-based authority authentication method, system, and device, and a medium. In the present disclosure, authority authentication and data connection are performed on each platform of a data center by 5G network encrypted multicast, and a network encrypted multicast component is configured on the platform of the data center. An encrypted multicast packet is sent to a network by the platform. Connection is completed by handshaking and mutual heartbeat transmission between the platforms. Authority verification is performed through the multicast packet. In this manner, the problem of security risk of traditional authority authentication may be reduced, and the intercommunication speed and efficiency of each platform of the data center may be improved greatly.

Abstract: A method for securely encrypting and decrypting data in a blockchain, wherein a node member of a network involved in executing a state transition function for the blockchain, uses a key derived from a sequence of digits in an irrational number. The irrational number can derive from a ratio and/or a root, and preferably a square root of a non-perfect square. A key might or might not utilize the entirety of the sequence of digits. For example, the key might utilize every other or every third digit in the sequence. A key might alternatively include some or all of the sequence, with one or more additional characters or digits added to the beginning or end of the sequence, or included elsewhere within the sequence. A key might even utilize non-consecutive members of the sequence of digits, or perhaps a reverse or partially reversed sequence.

Abstract: The present disclosure generally relates to the field of security context setup. More specifically, the present disclosure relates to techniques of supporting security context setup in a wireless communication network. A method embodiment relates to supporting security context setup in a wireless communication network, the method comprising initiating (S304), by a radio access network (RAN) element of the wireless communication network, Access Stratum (AS) security context setup for a first Radio Access Technology (RAT) and a second RAT in a common signaling procedure.

Abstract: Systems and methods for managing membership in a private data exchange are provided herein. In one embodiment, the method includes generating a plurality of listings in a data exchange. A first listing of the plurality of listings may include a reference to a first version of shared data within a first database, where the first version is one of a plurality of versions of the shared data within the first database. The method further includes receiving a request from a member of the data exchange for access to the first listing and limiting, by a processing device, access for the member to the first version of the shared data of the first database referenced by the first listing.