Abstract: The goal of detecting modifications, such as unauthorized modifications for example, of the code and/or behavior of an embedded device (e.g., unexpected/unauthorized remote reprogramming, re-flashing), changes to code at run-time (e.g.

Abstract: An encryption method is provided. According to the encryption method, a scaling factor may be reflected in a message and then, a homomorphic ciphertext may be generated using a public key. The generated ciphertext is, when decryption is performed, generated in a form that a result value obtained by adding an error value to a value obtained by reflecting the scaling factor in the message is restored. Accordingly, a homomorphic ciphertext capable of being computed in a ciphertext state can be effectively generated.

Abstract: The profiling and fingerprinting of communication and control (C&C) infrastructure is disclosed herein. An initial C&C profile is transmitted to a first network monitoring system. The initial C&C profile includes a domain corresponding to a C&C channel, and a pattern corresponding to the C&C channel. At least in part in response to information received from a second network monitoring system, the initial C&C profile is revised. An updated C&C profile is transmitted to the first network monitoring system.

Abstract: A control device performs an admissions control process with a first device to determine whether the first device is authorized to communicate over the communication fabric that supports memory semantic operations.

Abstract: Provided is a method for establishing and maintaining a user loyalty metric to accesses a plurality of robotic device functions including: receiving biometric data associated with a user; authenticating the user; providing a time access memory, wherein the time access memory comprises a plurality of memory cells; assigning a predetermined time slot to each of the plurality of memory cells, wherein each of the plurality of memory cells is available for writing only during the predetermined time slot, after which each memory cell is made read-only; storing the biometric data of the user if the user is authenticated within a currently available memory cell of the time access memory; increasing the user loyalty metric if the user is authenticated; and, providing access to the plurality of robotic device functions in accordance with the user loyalty metric.

Abstract: A secured storage system includes a non-volatile memory and a controller. The non-volatile memory is configured to store a first data item and a respective first version identifier assigned to the first data item. The controller is configured to receive a second data item accompanied by a second version identifier and a signature, for replacing the first data item in the non-volatile memory, to authenticate at least the second version identifier using the signature, to make a comparison between the stored first version identifier and the second version identifier, and to replace the first data item with the second data item only in response to verifying that (i) the second version identifier is authenticated successfully, and (ii) the second data item is more recent than the first data item, as indicated by the comparison between the stored first version identifier and the authenticated second version identifier.

Abstract: Systems are provided for facilitating the disclosed methods for performing event storage and diagnostic processing within a hybrid cloud environment. Event records are gathered and batched at an on-premises server. The event records are also appended with correlation vector data that enables the event records to be correlated with other events. The batch of event record batches are signed with a security key associated with a cloud storage container and the on-premises server is restricted to writing the batch of event records to the container. In some instances, the size of the batch is based on a duration of time for collecting records, which can be adjusted to accommodate for missing data.

Abstract: There is a provided a digital identity network interface system that may include a communications module and a processor. The processor may be configured to: receive a signal representing a digital identity request, the digital identity request defining one or more scopes associated with the request, at least one of the scopes identifying a data type associated with the request; generate a query based on the scopes by translating at least one of the scopes into a query having a query format associated with a digital identity network, the digital identity network storing data associated with a plurality of users; send a signal representing the query to the digital identity network; send a link to an authorization device; after successful authentication, obtain data associated with the digital identity request from the digital identity network; and release at least some of the data.

Abstract: Access to a provider's restricted resources for users who are not directly associated with the provider but who are permitted to access the restricted resources based on the users' affiliation with a third-party subscriber is provided. An example affiliation is a university student's (user's) affiliation with a university (third-party subscriber). A user's identity can be authenticated by the third party, and the user's access entitlements can be authorized by the third party based on the third party's authorization policies and by an authorized distributor of the restricted resources of which the third party is a subscriber based on the distributor's authorization policies. An access decision is made by a policy enforcement service based on the authorization access decisions made by the third party and by the authorized distributor. The provider allows the user access to its otherwise restricted resources based on a permit decision made by the policy enforcement service.

Abstract: An exemplary system, method and computer-accessible medium for determining a starting point of a header field(s) in a network packet(s) can be provided, which can include, for example receiving the network(s) packet, determining a header location of the header field(s) in the network packet(s), determining a delimiter location of a delimiter(s) in the network packet(s), and determining the starting point of the header field(s) based on the header and delimiter locations. The header location can be determined using a header finder module. The delimiter location can be determined using a delimiter finder module. The header and delimiter locations can be determined using a plurality of comparators arranged into a plurality of sets.

Abstract: A proof-of-work system where a first party (e.g., a client computer system) may request access to a computing resource. A second party (e.g., a service provider) may determine a challenge that may be provided to the first party. A valid solution to the challenge may be generated and provided for the request to be fulfilled. The challenge may include a message and a seed, such that the seed may be used at least in part to cryptographically derive information that may be used to generate a solution to the challenge. A hash tree may be generated as of generating the solution.

Abstract: Disclosed embodiments relate to website hosting implemented in a server environment. Operations include co-hosting, on a hosting server, a plurality of websites generated by a plurality of users; making available to the plurality of users common editing tools; preventing at least some of the plurality of users from altering co-hosted specific websites generated by others of the plurality of users; generating an interface for enabling the at least one subset of the plurality of users to upload to the hosting server plugin code associated with plugins for the co-hosted specific websites generated by the at least one subset of the plurality of users; storing the user-uploaded plugin code; and securely enabling, using an isolation mechanism, at least one of execution of front-end plugin functionality code at the client or execution of back-end plugin functionality code at the plugin server.

Abstract: A method includes determining, by a tracker controller of a hardware security module, that a first processor has submitted a first request to access a computing resource. The method also includes determining, by the tracker controller, whether the first request and a second request both request access to the same computing resource. The second request is submitted by a second processor. The method also includes preventing access to the computing resource based on a determination that the first request and the second request do not request access to the same computing resource. The method also includes permitting access to the computing resource based on a determination that the first request and the second request both request access to the same computing resource.

Abstract: Systems and methods are provided for sending and receiving encrypted submessages. Messages could be partitioned into a plurality of submessages based on the content of a message, and such submessages could be individually encrypted and sent over a network. The partitioning could be based on various standards and/or heuristics. In the sending process, submessages could be designated to travel over different networks and networks of different types. Such submessages could then be received and reassembled in spite containing overlapping content with respect to each other, having to contend with copies of submessages, and having accompanying related content (e.g., advertisements) and non-related content (e.g., random bits). Moreover, the sending process could also be performed in real time or in a batched manner, depending on the implementation.

Abstract: A Personated Reality Ecosystem System enables real-time interactions between Users and Personated Virtual Assistants (PVA) acting on behalf of the User. The PVA is a computer-generated character, an animated virtual human, combined with artificial intelligence and a unique digital identity that is authenticated and authorized using blockchain technologies. A PVA when initially created is not unique hence is referred to as a GenericPVA. A GenericPVA can undergo a process that makes it unique transforming it into a UniquePVA. The PVA looks, behaves, communicates, thinks, reasons and learns, like a human being displayed on a computer screen or other visual representation. UniquePVAs are paired with Users utilizing secure blockchain technologies ensures the UniquePVA only accepts orders from the User they are paired with.

Abstract: Malicious activity data is obtained, that is indicative of attempted attacks on a computing system. Clusters of targets are identified and it is determined whether the malicious activity preferentially targets one cluster of targets over other. Also, low prevalence attacks are identified and it is determined whether a low prevalence attack has a high concentration in one or more of the target clusters. If the malicious activity either preferentially targets a cluster, or a low prevalence attack has a high concentration in a cluster, then the attack is identified as a targeted attack, so that remediation steps can be taken.

Abstract: The invention relates to a method for transmitting data implemented between a terminal and an integrated circuit, said terminal and said integrated circuit communicating by means of an interface for transmitting and receiving data. According to the invention, said method comprises at least one iteration of the following steps, implemented by the terminal, generating (10) a command intended for said integrated circuit, said command comprising a command header; encrypting (20) said command (CX), delivering an encrypted command (CC); creating (20) a second command (CY), said command comprising a command header and data, said data being constituted at least partly by said encrypted commands (CC); transmitting (40) said second command (CY) to said integrated circuit.

Abstract: A performance monitoring unit in a processor is programmed to issue an interrupt when a context switch occurs within an operating system if the currently executing thread belongs to a process that is subject to the malware prevention mechanism of the present invention. The interrupt enables a module that identifies mispredictions by the branch prediction unit of the processor and analyzes the address of the branch that was not predicted correctly. If the address of the branch is not contained on an existing whitelist of permissible branch addresses, and alert is generated and/or a protective action is taken. Such protective actions may include thread suspension, thread termination, process suspension, or process termination.

Abstract: A method for providing a brain computer interface that includes detecting a neural signal of a user in response to a calibration session having a time-locked component and a spontaneous component; generating a user-specific calibration model based on the neural signal; prompting the user to undergo a verification session, the verification session having a time-locked component and a spontaneous component; detecting a neural signal contemporaneously with delivery of the verification session; generating an output of the user-specific calibration model from the neural signal; based upon a comparison operation between processed outputs, determining an authentication status of the user; and performing an authenticated action.

Abstract: Apparatus and method for hashing a message, comprises using an array of individually selectable memristor cells. The memristor cells are subject to write disturb that affects cells neighboring a selected cell so that a write operation into one cell has a knock-on effect on the neighbors. The array is initiated into a known stable state so that these changes to neighboring cells are predictable according to proximity to the currently selected cell. An inserter sequentially mixes bits with the hash so far to insert bits into successively selected cells of the memristor array and forms a succession of memristor array states including the knock on effects on the neighboring cells. A final resulting memristor array state following input of the bits forms the hash of the message.