Abstract: Embodiments described herein provide a system and method for controlling access to electronic files by linking the files to a file access monitoring system, called the file access monitor in this application. The file access monitor then authorizes the use of the one or more files by performing one or more qualifying steps on the accessing computer system. The file access monitor may be a standalone program or an embedded logic within a closed system like an application, an operating system (O/S), an external device like a printer, a web browser or a web browsing application. Access to electronic files can include the exchange, modification, execution, printing, viewing, listening, copying and replication of these files to name a few. A given protected electronic file is transferred from a sending computer system to a receiving computer system for eventual access. The receiving computer may also become the accessing computer should a user on the receiving computer wish to access the transferred file.

Abstract: Systems and methods for generating transient object references are provided. The systems and methods perform operations including establishing a session between a first entity and a second entity. The operations include identifying an object that the first entity is authorized to access according to a first set of access privileges. The operations include generating a reference associated with the object. The operations include temporarily authorizing the second entity to access the object using the reference according to a second set of access privileges, the second set of access privileges being derived from the first set of access privileges.

Abstract: A method for runtime integrity check, performed by a security core including one or more processors includes storing a first output value, which is generated by using a one-way encryption algorithm based on first data and a first encryption key managed by an encryption key manager accessible by the security core, in a main memory that is a volatile memory in association with the first data, generating a second output value for the first data based on the first data and the first encryption key by using the one-way encryption algorithm, and checking for possible tampering of the first data stored in the main memory by comparing the first output value with the generated second output value.

Abstract: A secure communication system enabling secure transport of information is disclosed. The system comprises a secure network with one or more packet processing units connected by links through an internal communication system. The secure network transports packets of information between credentialed and authenticated agents. Each packet is associated with a visa issued by a visa service. The visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Packet processing units include docks and forwarders. Adaptors serving the agents communicate with the network through tie-ins to docks. The system also includes and admin service, accessible to one more admins, that facilitates configuration and management of the network.

Abstract: A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.

Abstract: Systems, devices, and methods are disclosed for instantaneously decrypting data in an end-to-end encrypted secure messaging session while maintaining forward secrecy and post-compromise security using a double ratchet communication protocol. Unique message keys can be generated in a predictable progression independently on each device, ratcheting keys for each message on an as-needed basis, and a seed key and state for the predictable progression can be updated based on an asymmetric key exchange between the devices, thereby serving as a second ratchet. Message keys can feed a pseudo-random number generator (PRG) to generate the next message key in a progression. A Continuous Key Agreement (CKA) engine can use an asymmetric key pair to generate a shared secret key to feed a Pseudo-Random Function (PRF-PRNG) to reset the state of the PRG and provide a refresh key to the PRG.

Abstract: A method of secure wireless ranging between a verifier node and a prover node comprises performing a measurement procedure resulting in a two-way phase measurement and a round-trip time measurement between the verifier node and the prover node. The measurement procedure comprises the verifier node transmitting on the frequency a verifier packet, the prover node receiving the verifier packet and performing a phase measurement of a verifier carrier signal and a time-of-arrival measurement of a verifier frame delimiter, the prover node transmitting a prover packet, and the verifier node receiving the prover packet and performing a phase measurement of the prover carrier signal and a time-of-arrival measurement of the prover frame delimiter. The method further comprises calculating a distance between the verifier node and the prover node based on the two-way phase measurements and the round-trip time measurements for the plurality of frequencies.

Abstract: Methods, apparatus, and systems for session key generation for AV operation are disclosed. In an embodiment, a vehicle service subscriber system generates an entropy. The vehicle service subscriber system is associated with a vehicle service subscriber. The vehicle service subscriber system transmits a synchronization message to a vehicle service provider system associated with at least one vehicle. The synchronization message includes the entropy. The vehicle service subscriber system receives a salt from the vehicle service provider system. The vehicle service subscriber system verifies that the salt was generated using the entropy. The vehicle service subscriber system calculates session keys using the salt. The vehicle service subscriber system receives a protected message from the vehicle service provider system. The vehicle service subscriber system authenticates the protected message using the session keys. The protected message is used to provide a ride involving the at least one vehicle.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to detect an access request to access a computing resource while in a system management mode (SMM), determine a bit of a lock register is set to enable access to a bitmap associated with the computing resource, the bitmap to indicate an access policy for the computing resource, and determine whether the access request violate the access policy set in the bitmap. Embodiments may also include performing the access request if the access request does not violate the access policy, and causing a fault if the access request does violate the access policy.

Abstract: The foundation of Matrix Encryption is a discrete function called the Modified Combinatorial Batch Decimation Function (CBDF-Mod) and its asymmetric inverse (CBDI-Mod). Herein we disclose the nature of Matrix Encryption, an encryption technology built upon these two discrete functions, together with their shared, Secondary Variable Functions. Matrix Encryption implements a block encryption with arbitrary block size dependent upon the length of text to be encrypted, thereby allowing for keys of user desired length and for the surpassing of industry standards of security. A Master Key may be used to generate a Key Set containing keys of appropriate length for any data presented above a minimum length, up to a length corresponding to the length of a message for which the Master Key is appropriate. Matrix Encryption reads and writes numerically encrypted text to text files as designated by the user.

Abstract: The disclosed embodiments relate to secure booting of memory device. The disclosed embodiments generate measurement data associated with a memory device. Next, the disclosed embodiments read a golden measurement from a secure location in the memory device, the golden measurement generated based on a version of the data associated with the memory device, and therefore it is unique to the device. The disclosed embodiments validate the golden measurement value using a public key and determine whether the golden measurement is equal to the measurement data. The golden measurement value can also be saved in a write protected area which can only be changed by a secure write command, therefore, it is imutable by others. Finally, the disclosed embodiments continue a boot process when the golden measurement is equal to the measurement data.

Abstract: An Information Handling System (IHS) includes at least one hardware device in communication with a Baseboard Management Controller (BMC). The hardware device includes executable instructions for establishing a secure communication channel with the BMC, and subsequently receiving a list of allowed commands from the BMC. When a command is received by the hardware device, it determines whether the command is included in the list such that when the command is in the list and the command is received within the secure communication channel, the hardware device performs the command. However, when the command is in the list and the command is received outside of the secure communication channel, the hardware device ignores the command.

Abstract: Examples associated with BIOS access are described. One example device includes receiving data associated with a basic input/output system (BIOS) access request. The data may be received by a print device. The access request may be for a computing device. The method also includes printing a set of instructions for accessing the BIOS of the computing device.

Abstract: A method for securely updating a control unit. The control unit includes a host configured to execute an update program and at least one application program, a memory, which contains the programs and data, and a hardware security module (HSM) which is configured to block and to unblock a write access to the memory. The method includes starting the host and the HSM; blocking the write access by the HSM; starting the update program; determining by the update program whether a request of a caller to carry out an update is present; if a request is present, checking an authorization of the caller by the HSM to carry out an update, the authorization of the caller being confirmed by a confirmation unit differing from the control unit; and if the caller is authorized, unblocking the write access and rewriting at least a portion of the memory by the update program.

Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The system can identify a request to execute an application during the offline period of time. A situational context of the computing device can be determined. A first application restriction can be enforced for the application on the computing device based on the identification of the computing device being in the offline period of time and the situational context. A change in the situational context of the computing device can be identified during the offline period of time based on a detection of a second condition. A second application restriction can be enforced for the application on the computing device during the offline period of time.

Abstract: A System on Chip includes at least two hardware masters, a security circuit, and a communication infrastructure for communication between the hardware masters and the security circuit, the communication infrastructure being based on a given interface communication protocol. Each hardware master is configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service.

Abstract: Methods, systems, and computer-readable media for efficiently detecting threat incidents for cyber threat analysis are described herein. In various embodiments, a computing device, which may be located at a boundary between a protected network associated with the enterprise and an unprotected network, may combine one or more threat indicators received from one or more threat intelligence providers; may generate one or more packet capture and packet filtering rules based on the combined threat indicators; and, may capture or filter, on a packet-by-packet basis, at least one packet based on the generated rules. In other embodiments, a computing device may generate a packet capture file comprising raw packet content and corresponding threat context information, wherein the threat context information may comprise a filtering rule and an associated threat indicator that caused the packet to be captured.

Abstract: Embodiments may provide techniques that that may automatically generate a customized SOC rule set for an organization. For example, in an embodiment, a method may be implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, the method may comprise simulating operation of a security incident and event management system by running a plurality of rules of the system on labeled data, determining fitness metrics of the plurality of rules, selecting at least one rule of the plurality of rules based on the determined fitness metrics; modifying the selected rule to form an updated rule, and repeating running the updated rule on the labeled data, determining fitness metrics of the updated rule, and mutating the updated rule.

Abstract: Input data for an operating system command of an automation process is received. The operating system command is generated based on the received input data. The generated operating system command is parsed to identify one or more metrics. The identified one or more metrics are automatically evaluated to determine a security risk associated with the generated operating system command.

Abstract: A method includes: obtaining, by a database server, security policies associated with a database hosted by the database server; obtaining, by the database server, first database data associated with the database; creating, by the database server, a knowledge distillation model using the security policies and the first database data; obtaining, by the database server, second database data associated with the database; creating, by the database server, a classification model using the second database data and an output of the knowledge distillation model; receiving, by the database server, a client database request to the database; determining, by the database server, a new security policy rule set using the classification model; and applying, by the database server, the new security policy rule set to the client database request.