Abstract: A method of operating a first node to generate a secret key for encrypting wireless transmissions between the first node and a second node. The method comprises receiving a first training signal comprising a plurality of subcarriers from the second node and constructing a matrix from the frequency responses of each of the plurality of subcarriers of the first training signal at the first node. A singular value decomposition of the matrix is computed; and a secret key is derived from one or more singular vectors of the singular value decomposition.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for classification of unknown samples using agglomerative clustering.

Abstract: A secured virtual container is enabled to securely store personal data corresponding to a user, where such data is inaccessible to processes running outside the secured virtual container. The secured virtual container may also include an execution environment for a machine learning model where the model is securely stored and inaccessible. Personal data may be feature engineered and provided to the machine learning model for training purposes and/or to generate inference values corresponding to the user data. Inference values may thereafter be relayed by a broker application from the secured virtual container to applications external to the container. Applications may perform hyper-personalization operations based at least in part on received inference values. The broker application may enable external applications to subscribe to notifications regarding availability of inference values. The broker may also provide inference values in response to a query.

Abstract: Methods, systems, and computer-readable media for secure offline transmission of a plurality of data segments from a sending device to one or more receiving devices. The sending device and the one or more receiving devices may communicate via an offline local network. A secure, encrypted container may be created at the receiving device to temporarily cache the received data segments one at a time and the encrypted storage container prevents access by one or more applications of the receiving device to data stored therein based on storage instructions from the sending device. The encrypted container may be configured to store the data segments such that less than all of the data segments are stored at the receiving device at any one time.

Abstract: Aspects of subject technology provide systems and methods for generation and distribution of a stable identifier associated with multiple aliases of a user account. The stable identifier may be provided to various electronic devices by a server, responsive to requests associated with communications to those devices from one of the associated aliases. In this way, messaging applications can utilize the stable identifier to merge conversations from a single user having multiple aliases, and secure access to a secure device can be provided to an authorized user, even if the authorized user attempts access from an unauthorized account alias.

Abstract: Techniques for preventing ransomware from encrypting files on a target machine are disclosed. In some embodiments, a system/process/computer program product for preventing ransomware from encrypting files on a target machine includes monitoring file system activities on a computing device; detecting an unauthorized activity associated with a honeypot file or honeypot folder; and performing an action based on a policy in response to the unauthorized activity associated with the honeypot file or honeypot folder.

Abstract: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.

Abstract: A computer-implemented method comprising: establishing, by an operation device, a wireless communication with a remote device; authenticating, by the operation device, the wireless communication with the remote device; receiving, at the operation device, a first command to perform a first operation; establishing a first maximum delay period using an estimated time delay, wherein the estimated time delay comprises an authentication delay, an encryption delay, or a combination thereof; determining, by the operation device, that the first command is received within a first maximum delay period; performing, by the operation device, the first operation; receiving, at the operation device, a second command to perform a second operation; establishing a second maximum delay period using the estimated time delay; determining, by the operation device, that the second command is received within a second maximum delay period; and performing, by the operation device, the second operation instructed in the second command.

Abstract: A method for securing an integrated circuit chip includes obtaining a first value from a first storage area in the chip, obtaining a second value from a second storage area in the chip, generating a third value based on the first value and the second value, and converting a first opcode command obfuscated as a second opcode command into a non-obfuscated form of the first opcode command based on the third value. The first value corresponds to a physically unclonable function (PUF) of the chip. The second value is a key including information indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command. The third value may be an inversion flag indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command.

Abstract: A computer security system with enhanced whitelisting includes user interfaces that accept user inputs to create and modify a set of rules that define which programs are allowed to execute on one or more target systems. Upon an attempt to run a program, the set of rules are used to determine if the program is allowed to run. If any rule indicates that the program is allowed to run, the program is run. Otherwise, a user interface is presented to either block execution of the program or to create a new rule that would allow execution of the program this time and in the future.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: Enforcing shadow stack violations for dynamic code. A thread is executed at a processor, which includes generating a portion of dynamic code for execution by the thread, identifying a range of memory addresses where the portion of dynamic code is loaded in memory, and initiating execution of the portion of dynamic code. Based at least on execution of the thread, an exception triggered by a mismatch between a first return address popped from a call stack corresponding to the thread and a second return address popped from a shadow stack corresponding to the thread is processed. Processing the exception includes (i) determining whether the second return address popped from the shadow stack is within the identified range of addresses, and (ii) based on having determined that the second return address is within the range of addresses, initiating a shadow stack enforcement action.

Abstract: A computing system and method to implement a three-dimensional virtual reality world having user created virtual objects. During the creation of a virtual object, a user of the virtual reality world identifies components and/or resources of the virtual object, such as a mesh model defining the shape of the virtual object, an image specifying the appearance of the virtual object, and a script defining the run time behavior of the virtual object. The computer system examines the components and/or resources duration the creation process of the virtual object to detect and/or address security threats and/or performance hurdles. Before the approval of the publication of the virtual object in the virtual world, the computer system performs a simulation of the rendering of the virtual object to detect security threats and evaluate performance impacts.

Abstract: A method performed by a user device may include obtaining biometric information relating to a user of the user device using a biometric sensor of the user device; determining that the biometric information is valid; generating a biometric indicator indicating that the biometric information is valid; providing a request for a callback from an entity, wherein the request includes the biometric information indicating that the biometric information is valid; and receiving the callback from the entity, wherein the callback is received based on the biometric information indicating that the biometric information is valid, and wherein the callback is associated with an entity identifier that is not provided to the user.

Abstract: Disclosed herein are methods, systems, and processes for automated log entry identification and alert management. A log statement that includes a log format string and is part of program code associated with a computer program is accessed at a log management server. The execution of the log statement generates a log string that is associated with a trigger pattern of an alert configuration. A fixed part of the log format string that remains unchanged during execution of the log statement when the program code associated with the computer program is executed is extracted and a template is generated for the log statement to track changes to the fixed part of the log format string that causes a mismatch between the trigger pattern of the alert configuration and the log string. The template is then stored.

Abstract: Various embodiments include processing devices and methods for integrity verification of a news item. A processor of a network element may obtain an electronic news item that is ready for publication, and may determine a fingerprint using one or more portions of the electronic news item. The processor may determine for the electronic news item a record including the determined fingerprint and a second fingerprint of a previous electronic news item. The processor may store the determined record in a publicly available digital ledger, embed the determined fingerprint in the electronic news item, and publish the electronic news item. A computing device may obtain the published news item and may use the embedded fingerprint in the record that is stored in the digital ledger to verify the integrity of the electronic news item.

Abstract: An information processing apparatus according to the present disclosure includes a fingerprint information acquisition unit that acquires fingerprint information, a determination unit that determines an action of a finger on the basis of the fingerprint information, and a processing unit that performs specified processing predetermined depending on the action on the basis of the determined action. This configuration makes it possible to perform a desired operation depending on the operation even with a compact apparatus, thereby enhancing user convenience.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example method includes determining, by decoding circuitry, a set of optical path lengths to use for measurement. The example method further includes receiving, by the decoding circuitry, a set of time-bin qubits. The example method further measuring, by the decoding circuitry and based on the determined set of optical path lengths, the set of time-bin qubits to generate a set of bits. The example method further includes generating, by session authentication circuitry, a session key based on the generated set of bits.

Abstract: Technology related to detecting and/or mitigating malicious client-side scripts is disclosed. In one example, a method includes sending a request for a page of a client application. In response to the request for the page, the page and a supervisory script of the page are received. The supervisory script of the page of the client application can be executed within a client environment. The supervisory script can override an operation associated with an architected application programming interface (API) of the client environment. During rendering of the page, a call to the architected API of the client environment can be serviced by performing a modified operation that is different than the architected operation associated with the architected API.