Abstract: An apparatus and system for authenticating features for download to an image scanning apparatus has a client computing device generate an image of a symbol that encodes authentication data. The client computing device hashes a communication parameter of its transceiver, digitally signs the hash value with a private key from public-private key pair, and encodes the hash value, digital signature and the unencrypted communication parameter into the symbol. The image scanning apparatus captures an image of the symbol, decodes the symbol, verifies whether the unencrypted communication parameter corresponds to the hash of the communication parameter, and a public key stored in the memory of the barcode reader corresponds with the private key used to sign the hash value. If the communication parameter corresponds with the hash value and the signature corresponds with the public key, the barcode reader enables its transceiver to download the feature from the client computing device.

Abstract: Some embodiments provide a novel method for monitoring network requests from a machine. The method captures the network request at various layers of a protocol stack. At a first layer of a protocol stack, the method tags a packet related to the network request with a tag value, maps the tag value to a set of tuples associated with the packet, and sends a first set of data related to the packet to a security engine. At a second layer of the network stack, the method determines whether the packet has been modified through the network stack, and sends an updated second set of data to the security engine when the packet has been modified.

Abstract: An apparatus, for information processing, is configured to execute an embedding process that includes finding equipment based on equipment information described as an attribute of an input field of a form screen and dynamically embedding an equipment control module corresponding to the equipment, execute a data acquisition process that includes acquiring data from the equipment by using the equipment control module as input data to the input field of the form screen, and execute an information output process that includes associating the data acquired from the equipment with an input field descriptor to identify the input field and storing the data in a first storage area and a second storage area, wherein the first storage area is a storage area in which editing of stored data is possible and the second storage area is a storage area in which editing of stored data is prohibited.

Abstract: Software activation using a picture-based activation key. In some embodiments, a method may include presenting, on a display of the network device, a request for a user to enter a picture-based activation key in order to activate a software application on the network device. The method may also include receiving, at the network device, the picture-based activation key that includes pictures. The method may also include confirming, at the network device, that the received picture-based activation key is a valid picture-based activation key for the software application. The method may further include, in response to confirming that the received picture-based activation key is a valid picture-based activation key for the software application, activating the software application on the network device.

Abstract: A malicious content detection (MCD) system and a computerized method for manipulating time uses a time controller operating within the MCD system in order to capture the behavior of delayed activation malware (time bombs). The time controller may include a monitoring agent located in a software layer of a virtual environment configured to intercept software calls (e.g., API calls or system calls) and/or other time checks that seek to obtain a “current time,” and time-dilation action logic located in a different layer configured to respond to the software calls by providing a “false” current time that indicates considerably more time has transpired than the real clock.

Abstract: Various examples of methods and systems are provided for an attack detection system that can detect attacks in big data systems. The attack detection system can include security modules coupled to data nodes of the big data system. The attack detection system can identify a process executing on the respective data node. A process signature can be generated for the process executing on the data node. A determination of whether a big data system is being attacked can be based at least in part on a comparison of the process signature with at least one other process signature for the same process executing on another security module. The other process signatures are received via secure communication from the other security module.

Abstract: Techniques for memory assignment for guest operating systems are disclosed herein. In one embodiment, a method includes generating a license blob containing data representing a product key copied from a record of license information in the host storage upon receiving a user request to launch an application in the guest operating system. The method also includes storing the generated license blob in a random memory location accessible by the guest operating system. The guest operating system can then query the license blob for permission to launch the application and launching the application in the guest operating system without having a separate product key for the guest operating system.

Abstract: A method evaluates whether a web domain is malicious. The method forms a feature vector, including data from web crawling. The features may include: whether the domain is cached from web crawling; the number of unique publicly accessible URIs hosted on the domain; the number of backlinks referencing the domain; the number of unique domain names in referring backlinks; the number of unique IP addresses in the referring backlinks; the number of unique IP address groups in the referring backlinks; and the proportion of hyperlinks to the domain from popular websites. For multiple classifiers, the method computes a probability that the domain is malicious. Each classifier is a decision tree constructed according to a subset of features and a subset of sample feature vectors. The method combines the individual probabilities to form an overall probability and returns the computed overall probability to the client.

Abstract: A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data, and may be used to provide authentication in addition to, or in lieu of, passwords or cryptographic tokens. Various use cases are disclosed, including: enrollment, authentication, establishing and using a secure communications channel, and cryptographically signing a message.

Abstract: A call path identifier is maintained which is permuted in response to a calling instruction for calling a target function, based on a function return address. The call path identifier is used as a modifier value for authentication code generating and checking instructions for generating and checking authentication codes associated with source values. In response to the authentication code checking instruction, if an expected authentication code mismatches a previously generated authentication code for a source value then an error handling response is triggered. This is useful for preventing attacks where address pointers which are valid in one part of the code are attempted to be reused in other parts of code.

Abstract: The disclosed computer-implemented method for categorizing security incidents may include (i) generating, within a training dataset, a feature vector for each of a group of security incidents, the feature vector including features that describe the security incidents and the features including categories that were previously assigned to the security incidents as labels to describe the security incidents, (ii) training a supervised machine learning function on the training dataset such that the supervised machine learning function learns how to predict an assignment of future categories to future security incidents, (iii) assigning a category to a new security incident by applying the supervised machine learning function to a new feature vector that describes the new security incident, and (iv) notifying a client of the new security incident and the category assigned to the new security incident. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems for electronic devices and platforms that are configured to communicate with a wave pattern are disclosed herein. Such an electronic device may be configured to be placed on a platform. The electronic device may convert a message to be transmitted to a wave pattern. The wave pattern may be a series of vibrations, electronic pulses, or light flashes. The electronic device may then vibrate, send pulses, or flash and the platform may communicate such data to one or more other electronic devices. A receiving electronic device may detect the wave pattern and determine the message from the received wave pattern and respond accordingly.

Abstract: Embodiments of the disclosure relate to a system including a terminal having a Web browser, a client, a resource server, and an authorization server. According to some embodiments, the client creates a redirect URL indicating a transmission destination of an authorization code used for obtaining an access token for each customer tenant, and the client that has received a request for starting a coordination from a Web browser transmits the redirect URL of a customer tenant specified from information transmitted by the Web browser to the resource server together with a client creation reservation.

Abstract: Operation of an industrial asset control system may be simulated or monitored under various operating conditions to generate a set of operating results. Subsets of the operating results may be used to calculate a normalization function for each of a plurality of operating conditions. Streams of monitoring node signal values over time may be received that represent a current operation of the industrial asset control system. A threat detection platform may then dynamically calculate normalized monitoring node signal values based at least in part on a normalization function in an operating mode database. For each stream of normalized monitoring node signal values, a current monitoring node feature vector may be generated and compared with a corresponding decision boundary for that monitoring node, the decision boundary separating normal and abnormal states for that monitoring node. A threat alert signal may then be automatically transmitted based on results of those comparisons.

Abstract: An update management method causes an external tool, capable of transmitting an update message to update data such as shared keys within electronic control units (ECUs) making up an onboard network, to update shared keys and the like within the ECUs, while reducing the risk of all ECUs being unauthorizedly rewritten in a case where secret information given to the external tool is leaked. The update management method receives and verifies update authority information indicating authority of the external tool. In a case that an update message instructing updating of shared keys or the like of one or multiple ECUs has been transmitted from the external tool, if the verification is successful and the update authority information indicates that the transmission of the update message is within the range of authority of the external tool, the update is executed at the ECU, and otherwise, update at the ECU is inhibited.

Abstract: A method of configuring a target domain providing a cryptographic identity for authenticating commands to be executed by an electronic device comprises receiving a domain configuration command, and authenticating the command based on a cryptographic identity provided by an authenticating domain which is an ancestor of the target domain in a hierarchical chain of trust. When authenticated, at least one target domain constraint specified by the command is combined with at least one future constraint specified by the authenticating domain to generate a combined constraint set to be satisfied by commands to be authenticated by the target domain. The combined constraint set is stored for the target domain. This approach provides a balance between security and scalability of the chain of trust.

Abstract: Example computing devices described herein enable computation of a machine learning model on distributed multi-party data that is vertically partitioned, in a privacy preserving fashion. The computing device computes at a party a sum of local data owned by the party, wherein the local data is vertically partitioned into a plurality of data segments, each data segment representing a non-overlapping subset of data features; transforms a cost function of a data analytics task to a gradient descent function, wherein the cost function comprises a summation of a plurality of cost function values; anonymizes aggregated data shards received from a mediator; updating local model parameters based on the aggregated data shards; and performs privacy-preserving multi-party analytics on the vertically partitioned local data based on a learned global analytic model. It leverages a secure-sum protocol that provides strong security guarantees against collusion and prior-knowledge attacks.

Abstract: An MIC verification method in D2D communications and a D2D communications system include: a monitoring UE receives a discovery announcement message from an announcing UE, in which the discovery announcement message carries a 32-bit MIC, and the MIC is a signature value obtained when the announcing UE conducts, by using a private key, a digital signature on a current time and a time window in the discovery announcement message; and the monitoring UE verifies the correctness of the MIC by using a public key of the announcing UE to determine whether the discovery process is successful.

Abstract: Methods and apparatus to provide user-level access authorization for cloud-based filed-programmable gate arrays are disclosed. An example apparatus includes a field-programmable gate array (FPGA) including a first memory and a second memory different from the first memory. The first memory stores a bitstream. The second memory stores a first user tag associated with the bitstream. The example apparatus further includes a kernel having an FPGA driver operatively coupled to the FPGA. The FPGA driver is to receive a command associated with accessing the FPGA from a user-executed application. The FPGA driver is further to identify a second user tag associated with the command. The FPGA driver is further to determine whether the command is to be accepted based on the second user tag.

Abstract: A method, a system and a terminal device for inferring a malicious code rule based on a deep learning method. The method comprises: performing twice training on a known malicious code character string by utilizing a deep learning method based on a word2vec thought, thus obtaining a character string having maximum correlation with the malicious code character string, and further obtaining a character string rule of a malicious code. The method infers a malicious code rule having a low false alarm rate and a high coverage rate by fully utilizing the feature of a malicious sample, thereby optimizing an existing virus detection engine, and increasing detection efficiency of a malicious code.