Abstract: A method and apparatus is provided for wear leveling of a storage medium in an electronic device. Wear leveling is achieved by mapping each logical memory address to a corresponding physical memory address. The mapping information is consistent over an on-period of a power cycle, but changes from one power cycle to another. The mapping information, such as a key value for example, may be stored in non-volatile memory such as, for example, a correlated electron random switch (CES) storage element. The mapping may be obtained by manipulating bits of the logical address to obtain the physical address.

Abstract: Communication network architectures, systems and methods for supporting a network of mobile nodes. As a non-limiting example, various aspects of this disclosure provide communication network architectures, systems, and methods for supporting a dynamically configurable communication network comprising a complex array of both static and moving communication nodes (e.g., the Internet of moving things). More specifically, systems and methods for self and automated management of certificates in a network of moving things that may include autonomous vehicles.

Abstract: Techniques are disclosed in which a secure circuit controls a gating circuit to enable or disable other circuitry of a device (e.g., one or more input sensors). For example, the gating circuit may be a power gating circuit and the secure circuit may be configured to disable power to an input sensor in certain situations. As another example, the gating circuit may be a clock gating circuit and the secure circuit may be configured to disable the clock to an input sensor. As yet another example, the gating circuit may be configured to gate a control bus and the secure circuit may be configured to disable control signals to an input sensor. In some embodiments, hardware resources included in or controlled by the secure circuit are not accessible by other elements of the device, other than by sending requests to a predetermined set of memory locations (e.g., a secure mailbox).

Abstract: Computer implemented systems and methods are presented comprising a platform coordinating data flows between data acquisition, data transformation and data delivery nodes, whilst protecting the identities of all entities whose data is being acquired, transformed, stored, and/or delivered. Metadata usage from different data transformation flows enables the platform to facilitate value distribution back to nodes and data subjects that contributed to output, enabling individual companies and/or data subjects subscribed to the platform to assess how and by whom their data is utilized in order to produce specific outputs, with the personal data of all entities being de-identified.

Abstract: Disclosed embodiments relate to systems and methods for automatically and transparently detecting potential compromises or unauthorized use of endpoint computing devices. Techniques include engaging, at a security server, in an agentless management session with an application running on an endpoint computing device; controlling, at the security server and through the agentless management session, a user-facing session of the application; receiving, at the security server, an indication of anomalous activity or loss of a proximity between at least one of: the one or more personal computing devices associated with the user and the endpoint computing device, or the one or more personal computing devices associated with the user and the user; and implementing a control action in the agentless management session, based on the received indication.

Abstract: A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

Abstract: A system for web application security includes an interface and a processor. The interface of a web server is to receive a pending request made to the web server using an in-line request process. The processor of the web server is to provide information regarding the pending request to an agent process; and in the event that an instruction to block the pending request is received from the agent process at the in-line request process within a time constraint, block the pending request using the in-line request process.

Abstract: Various embodiments relate to a key protocol exchange that provide a simple but still secure key exchange protocol. Security of key exchange protocols has many aspects; providing and proving all these properties gets harder with more complex protocols. These security properties may include: perfect forward secrecy; forward deniability; key compromise impersonation resistance; security against unknown key share attack; explicit or implicit authentication; key confirmation; protocol is (session-)key independent; key separation (different keys for encryption and MACing); extendable, e.g. against DOS attacks . . . (e.g. using cookies, . . . ); support of early messages; small communication footprint; and support of for public-key and/or password authentication.

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.

Abstract: Systems, methods, and software are disclosed herein to execute functionalities of a blockchain operating system. A transactional request for an operating system instruction is received from a user device in a distributed network of nodes. The transactional request is authenticated in the distributed network of nodes based on data associated with the transactional request. A blockchain is then evaluated for one or more scripts associated with the transactional request. In response, the operating system instruction is generated based on the one or more scripts. The operating system instruction is then transferred to the user device in the distributed network or nodes.

Abstract: In some examples, a programmable device may load configuration data into a configuration storage to configure programmable logic of the programmable device. The programmable device may include a key generation logic that may read at least a portion of the configuration data from the configuration storage. The key generation logic may generate a cryptographic key based at least in part on the at least a portion of the configuration data read from the configuration storage.

Abstract: Systems and methods for securing devices using traffic analysis and Software-Defined Networking (SDN). In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory including program instructions stored thereon that, upon execution by the processor, cause the IHS to: receive traffic in a Software-Defined Network (SDN) network; identify, based upon the received traffic, a security threat; and initiate a remediation measure with respect to the security threat.

Abstract: Systems and methods are provided for authenticating a user of a computing device. An example system includes a memory storing instructions, and a processor configured to execute the instructions to receive an authentication request from a user of a computing device, determine a context of the authentication request, determine a physical location of the user, and perform, based on the context of the authentication request and the physical location of the user, an associate proximity detection. The associate proximity detection includes steps to identify an associate based on at least one of the context of the authentication request or the physical location of the user, determine a physical location of the identified known associate, and determine a proximity of the user to the identified known associate. The authentication request may be approved when the determined proximity is within a threshold.

Abstract: In an example, a computer-implemented method includes determining a set of permissions that specifies types of account data of one or more financial accounts to share with a third-party, the one or more financial accounts being associated with a user and held by a financial institution, and generating authorization data that authenticates the third-party and authorizes the third-party to access the types of account data specified by the set of permissions. The method also includes transmitting the authorization data to the third-party, receiving a request for authorization that includes the authorization data and a request for account data of the one or more financial accounts that conforms to the types of account data specified by the set of permissions, authorizing the third-party based on the authorization data, and transmitting the account data that conforms to the types of account data specified by the set of permissions.

Abstract: In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.

Abstract: A method and system for an online help network containing a server and a plurality of terminals are disclosed. The method includes registering users of the plurality of terminals, wherein the plurality of terminals form a peer-to-peer network over which the plurality of terminals communicate with one another without going through the server; determining a question from a user of one of the terminals and a target recipient as one of the server and the peer-to-peer network; receiving an answer to the question from the target recipient; obtaining a risk detection category from the user; obtaining one or more detection patterns associated with the risk detection category; based on the one or more detection patterns, detecting a cyber risk on the terminal of the user with the risk detection category; and prompting the user of the cyber risk detected on the terminal of the user.

Abstract: System and method for accessing a distributed storage system uses a storage-level access control process at a distributed file system that interfaces with the distributed storage system to determine whether a particular client has access to a particular first file system object using an identifier of the particular client and storage-level access control rules in response to a file system request from the particular client to access a second file system object in the particular first file system. The storage-level access control rules are defined for a plurality of clients and a plurality of first file system objects of the distributed storage system to allow the particular client access to the second file system object in the particular first file system object only if the particular client has been determined to have access to the particular first file system object according to the storage-level access control rules.

Abstract: A combined system and not a system separately having a complex system hardware architecture and software with levels of complexity of P2PE, IAM, and BCE. A microcontroller (MC) 64-bit using MC (A) and MC (B) embedded into a device using point-to-point encryption (P2PE) to communicate with the novel IAM blockchain software and a central server database to track all registered and non-registered IoT devices in the BCE. The present invention includes a MC 64-bit method of MC (A) and MC (B) having an advanced encryption standards (AES) strong encryption algorithm (SEA) of 512-bit key utilizing the blockchain ecosystem (BCE), IoT identity to validate transactions between the authentication, and identity of the IoT devices.

Abstract: Activities involving a secure element (SE) in a mobile device include a background operation. When the SE initiates the background operation, it informs the mobile device of an estimated duration. The mobile device thus recognizes that the SE is not in a stuck state, and maintains a clock signal and a power flow to the SE. Firmware updates to the SE include erasing a non-volatile (NV) memory in the SE in parallel with firmware or software updates to other processor systems in the mobile device. Needed data, for example calibration data or cryptographic key data, is preserved by storing data from some processor systems in one or more supplementary security domains (SSDs) in the SE. When a given processor system completes a firmware update, the needed data is restored to the processor system from the SSD.

Abstract: Provided are methods and systems of using division-free duplexing (DFD) in a cable communication network. Techniques for applying DFD in a cable communication network may enable data to be transmitted and received over a coaxial cable without using division duplexing techniques. For example, the cable communication network may include DFD enabled network nodes and each subscriber to the cable network may be equipped with a DFD system configured to operate in a DFD mode. In some embodiments, oppositely propagating signals may be transmitted over one frequency channel, and DFD techniques may be used to recover originally transmitted signals. Further, in some embodiments, DFD techniques may be used with encryption methods to increase the security of data transmitted in the cable communication network.