Abstract: Provided is a method for providing a response to a user query for domain-related information of a domain. The method can include obtaining, at a client over a network, the user query for the domain-related information, and identifying one or more thick services based on thin data for the domain. The method can also include providing, by the client, the user query to the identified one or more thick services and obtaining a first answer to the user query from the one or more thick services. Furthermore, the method can include providing a second answer to a user based on the first answer.

Abstract: Implementations are described herein for unlocking a wireless device using image analysis and liveliness detection. A wireless device may capture, using a camera of the wireless device, an image of a person that is interacting with the wireless device. The wireless device may transmit a first signal using a first antenna and may receive a second signal using a second antenna. The wireless device may determine whether the image corresponds to a stored image. The wireless device may determine whether the second signal indicates a movement of the person or a depth characteristic of the person. The wireless device may selectively unlock the wireless device based on whether the image matches a stored image of the plurality of the stored images and based on whether the second signal indicates at least one of the movement of the person or the depth characteristic of the person.

Abstract: Systems and methods for account association with voice-enabled devices are disclosed. For example, a voice-enabled device situated in a managed environment, such as a hotel room, may be taken by a temporary resident or guest of the environment. Upon determining that the device has been removed from the environment, a device identifier associated with the device may be dissociated from components and/or services associated with environment and/or systems related thereto, and the device identifier may be associated with a user account of the user.

Abstract: A storage device includes a non-volatile memory, and a memory controller, wherein the memory controller encrypts plaintext to generate a homomorphic ciphertext with a first level among homomorphic ciphertexts with different levels, stores the homomorphic ciphertext with the first level in the non-volatile memory, and provides the homomorphic ciphertext with the first level in response to a request received from a host. The homomorphic ciphertext with the first level has a smallest length among the homomorphic ciphertexts with different levels.

Abstract: A data processing method, including: obtaining a challenge sequence of challenge-response pairs, and generating, by a physical unclonable function, an original response sequence corresponding to the challenge-response pairs; generating a first index parameter according to the challenge sequence, and obtaining feature bit information in the original response sequence according to the first index parameter; converting the challenge sequence to generate a second index parameter, and updating the first index parameter according to the second index parameter and the feature bit information; obtaining new feature bit information in the original response sequence according to the updated first index parameter; and repeatedly generating second index parameters, updating the first index parameter according to the second index parameters and the latest obtained feature bit information, and obtaining multiple pieces of feature bit information, to generate a target response sequence according to the multiple pieces of fe

Abstract: A method is provided for changing and recovering personalization data of a trusted software in a secure element and changing and restoring diversified data. The method includes the steps of providing an update agent in the secure element; storing personalization data in the installed software; performing a Full Reflash to recover or update a software or operating system comprising the steps of first securing personalization data to a memory of the update agent before, in following step, recovering or loading a software image into the secure element. The method includes as a final step personalizing the software image by the personalization data secured during the first step of the Full Reflash.

Abstract: A method performed by a node of a blockchain network, comprising: accessing the locking script from a first transaction on the blockchain; receiving a second transaction not yet on-chain, the second transaction comprising an unlocking script; extracting from the first transaction or another transaction on the blockchain, a portion of code formulated in a second language other than a first language used for the locking and unlocking scripts; running the extracted portion of code in the second language, wherein as a result thereof the code generates at least one value; writing this value to a storage location readable by the locking script; and running the locking script together with the unlocking script in order to validate the second transaction, wherein the unlocking script is configured to read the first value from said storage location, and a condition for validation according to the locking script is dependent on the first value.

Abstract: A secure technology for allowing two communication devices intending to execute encrypted communication to have a common initial solution. A large number of user devices all have a function of generating the same solution under the same condition when the user devices have the same initial solution, and can execute encrypted communication through use of a synchronized solution successively generated from the same initial solution. Each of two server devices generates synchronization information which is not the initial solution itself and which is required by the two user devices intending to execute the communication to generate the same initial solution, and transmits the synchronization information to the two user devices each of which executes predetermined calculation on the two pieces of synchronization information, to thereby generate the same initial solution. After that, the two user devices execute the encrypted communication based on the same initial solution.

Abstract: Various techniques for providing a DNS automated intelligence solution are disclosed. In some embodiments, a DNS Automated Intelligence System (DAISy) is disclosed that includes a system designed to create threat intelligence for use in protective DNS, or DNS Detection and Response systems which control access to internet resources at a DNS resolver. The disclosed DAISy solution includes the ingestion of raw source data, the curation and refinement of this source data into specialized data sets used for identifying threats, active processes to increase visibility into internet domain names, and can also include human-in-the-loop acceleration that allows for rapid automation, and a modular incorporation of DNS-specific signatures for identification of suspicious domain names. The disclosed DAISy solution is self-sustaining, automated, and incorporates human guidance.

Abstract: The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc., This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.

Abstract: This method comprises opening (82) a secure connection between a connected building object and a remote controller, implementing a first security certificate of the connected object and a second security certificate of the remote controller, and receiving via said secure connection (42) a command to perform at least one action issued by the remote controller, followed by the steps of: extracting (86) a value from a predetermined field of the second security certificate, referred to as the remote controller's access authorisation value; checking (90), in a structure for storing associations between access authorisation values and sets of authorised commands, that said received command belongs to a set of at least one authorised command associated with said access value; and if the check is positive, executing (92) at least one action associated with the received command.

Abstract: The disclosure reduces a memory footprint of a hash table that employs chaining as a collision avoidance solution. The methods and systems disclosed herein enable the use of chaining collision handling while reducing a memory footprint by storing parts of a tag and a link list pointer associated with a linked list that contain useful information, without storing parts of the tag and pointer that do not contain useful information. The linked list pointer and a hash key are packed together without reducing either size, and without using additional memory overhead.

Abstract: One or more embodiments initialize a signature validation object in a secure element (SE) platform runtime environment and utilize the signature validation object to perform signature validation operations. A system accesses an authentication path that includes a set of hash values corresponding to a set of nodes of a tree structure associated with a hash-based signature protocol utilized to generate a digital signature. The system computes a root hash value corresponding to a root node of the tree structure based on the set of hash values of the authentication path. The system verifies the root hash value against a root public key associated with the digital signature. The system determines that the digital signature is valid responsive at least in part to successfully verifying the root hash value against the root public key.

Abstract: A system and method is described that reduces a likelihood that a privileged account at a system (e.g., device, network, and/or application) for a user is compromised. For example, the privileged account for the user at the system is disabled in response to being created. The user can provide a request for at least one elevated right at the system corresponding to a request to use the privileged account at the system. An identity of the user is authenticated in response to receiving the request to confirm that the user is requesting the privileged account at the system. The privileged account for the user is enabled at the system to allow the user to perform at least one action that the user was not previously allowed to perform.

Abstract: Techniques for a host system or a user to verify the authenticity of a storage device or a logical sub-unit (e.g., a partition) of the storage device are disclosed. A storage device stores one or more first secret keys and a host device stores one or more second keys. A respective first secret key and a respective second key are used in a verification process that verifies the authenticity of the storage device prior to accessing the storage device.

Abstract: A method, network node and non-transitory computer readable media having stored thereon instructions for correlating a remote attestation quote with a virtualized network function (VNF) resource allocation event. The method comprises obtaining a set of VNF components (VNFCs) that require remote attestation. The method comprises obtaining an attestation quote for each VNFC of the set of VNFCs, the attestation quote ensuring that instances of each VNFC are used in a legitimate context. The method comprises correlating each attestation quote with the VNF resource allocation event.

Abstract: Systems and methods for implementing a SIEM triage action analysis feedback loop are disclosed. An embodiment of the present invention is directed to analyzing Security Information and Event Management (SIEM) triage actions through a SIEM platform configured to receive interactions from analysts through a user interface or application programming interface and extract case state information before and after execution of each interaction, an action log database configured to store action logs, wherein each action log comprises metadata associated with an interaction and the extracted case state information, and an analytic platform configured to automatically analyze the action logs to identify patterns in analyst behavior and case characteristics, generate notifications based on the identified patterns, and automatically update SIEM case generation processes based on the identified patterns.

Abstract: A method comprises: at a workstation with a biometric keyboard that has keys with fingerprint readers: accepting a login to the workstation by a first user; receiving, from the fingerprint readers, first fingerprint readings indictive of first fingerprints of the first user responsive to typing on the keys by the first user; upon first determining the first fingerprint readings match known first fingerprints for the first user, authenticating the first user as an authorized user; receiving, from the fingerprint readers, second fingerprint readings indicative of second fingerprints of a second user responsive to typing on the keys by the second user; and upon second determining that the second fingerprint readings do not match the known first fingerprints of the first user, automatically logging-out the first user to prevent the first user from using the workstation.

Abstract: Validation of a firmware image on a client device is disclosed. Information corresponding to one or more addresses of an image stored on a client device is periodically requested via an application program interface (API) configured to provide access to the image on the client device. The requested information from the image on the client device is compared with the image stored on the server image with stored validation information corresponding to a valid version of the image. An indication is generated if the information from the image on the client device does not match the stored validation information.

Abstract: Systems and techniques may be used for enhancing privacy and security within a geofencing system. An example technique may include monitoring for at least one media capture violating a personal geofence associated with a first user device, and detecting that the at least one media capture violates the personal geofence associated with the first user device, the at least one media capture including at least one of a photo, video, or audio captured by a second user device. The example technique may include, in response to detecting that the at least one media capture violates the personal geofence associated with the first user device, notify the first user device, by the server, of the at least one media capture occurring within the personal geofence associated with the first user device.