Abstract: A computer-implemented method for advancing speculative execution in microarchitectures is disclosed. A non-limiting example of the computer-implemented method includes receiving, by a processor, a test scenario including a first load instruction from a first memory location flagged with a delay notification and a speculative memory access instruction from a second memory following the first load instruction. The method executes, by the processor, the first load instruction from the first memory location and delays a return of data from the first memory location for a number of processor cycles. The method executes, by the processor, the speculative storage access instruction from the second memory location during the delay in returning the data from the first memory location.

Abstract: This disclosure relates generally to a method and system for biometric verification. Conventional biometric verification method and system performs one or more computations in non-encrypted domain, thereby leading to security threats. The disclosed method includes performing computations such as enrollment and verification feature vector computation, dimensionality reduction of said feature vectors, and comparison of dimensionally reduced encrypted feature vectors to obtain matching scores indicating the extent of match therebetween between in encrypted domain using fully homomorphic encryption, thereby leading to secure biometric verification.

Abstract: Systems and methods are disclosed for secure debug architecture. For example, an integrated circuit (e.g., a processor) for executing instructions includes a processor core configured to execute instructions; a debug interface comprising two or more conductors with input/output drivers configured to, when enabled, transmit and receive signals between the processor core and an external host device via the two or more conductors; and wherein the integrated circuit is configured to: receive a request from a host device for access to the integrated circuit via the debug interface; responsive to the request, generate a random number; transmit the random number from the integrated circuit to the host device via the debug interface; receive, from the host device via the debug interface, input data that has been encrypted using the random number as a key; and decrypt the input data using the random number as a key.

Abstract: An information security system that incorporates time, feedback, and/or varying trust in analyzing and responding to attacks. A solution can defer processing of a request for a period of time, which can be sufficient to allow the request to be approved or disproved. The solution can be configured to automatically approve or disprove the request after the period of time if no affirmative response is received. Trust for an entity can be periodically determined and can automatically decay over time. Feedback can be used as part of the approval/disproval process and/or to reevaluate trust.

Abstract: A secure update is provided from a server to an end-point device. The server registers digital information, such as a name or a software package, and a verifiable key, such as a cryptographic hash, derived from the digital information. A publicly accessible transaction log stores the verifiable key in a block and provides an identifier of the block to the server. An end-point device receives the digital information and the identifier, and computes a separate verifiable key. The end-point device retrieves the verifiable key from the block of the publicly accessible transaction log, and compares the retrieved verifiable key to the separate verifiable key to determine whether the digital information has been compromised.

Abstract: The disclosure is generally directed to a method and apparatus for encrypting and decrypting data on an integrated circuit. In various implementations, the apparatus includes an on-chip high performance bus bridge that transparently encrypts and decrypts data between the embedded microprocessor(s) and off-chip system memory. In some implementations, the apparatus is optimized to the transactions generated by the processor's cache controller (e.g., optimized for cache line size) and optimized to the bus protocol being used. This provides code protection with minimal effect on system performance latency and throughput. The implementation of multiple cryptographic engines allows for encryption of a complete cache line while incurring only a single latency for the first cipher rounds to be completed.

Abstract: Described is a lattice cryptography processor with configurable parameters. The lattice cryptography processor includes a sampling circuit configured to operate in accordance with a Secure Hash Algorithm 3 (SHA-3)-based pseudo-random number generator (PRNG), a single-port random access memory (RAM)-based number theoretic transform (NTT) memory architecture and a modular arithmetic unit. The described lattice cryptography processor is configured to be programmed with custom instructions for polynomial arithmetic and sampling. The configurable lattice cryptography processor may operate with lattice-based CCA-secure key encapsulation and a variety of different lattice-based protocols including, but not limited to: Frodo, NewHope, qTESLA, CRYSTALS-Kyber and CRYSTALS-Dilithium, achieving up to an order of magnitude improvement in performance and energy-efficiency compared to state-of-the-art hardware implementations.

Abstract: The update progress of a basic input/output system (BIOS) is displayed on a display screen. A first chipset lock is applied to a first region of a shared serial peripheral interface (SPI) chip of the BIOS of a computer system containing a first program of instructions. A system management memory mode lock is applied to a second and a third region of the shared SPI chip containing a second and third programs of instructions respectively. The second program of instructions is updated, and control of the BIOS is transferred to the updated second program of instructions. The updated second program of instructions updates the first program of instructions. The BIOS update progress visual is displayed on the display screen of the computer system while updating the first program of instructions.

Abstract: An authentication process that provides secure and verified access to content, such as content presented on websites. At a first instance, users may be validated using a first token, at a second instance, users may be validated or authorized using the first token and an email address, and at a third instance, users may be validated or authorized using the first token, the email address, and the second token. Therein users are authenticated and provided access to the websites. During the authentication process and the during separate instances (or times), if the multiple token(s) are invalid and/or the email address is associated with an unauthorized user, access to the website may be denied.

Abstract: An integrated circuit including: a plurality of physically unclonable function (PUF) cells each configured to generate a cell signal having a unique value; a selector configured to output a first signal obtained by not inverting a cell signal output by a PUF cell selected from the plurality PUF cells and a second signal obtained by inverting the cell signal; and a key generator configured to generate a security key in response to the first signal or the second signal, wherein the selector includes a first conversion circuit configured to generate the first signal and a second conversion circuit having the same structure as the first conversion circuit and configured to generate the second signal.

Abstract: As vehicles collect more data in autonomous or semi-autonomous operation, the collected data such as video, navigation and telemetry data, can containing personally identifiable information (PII). The PII may be governed by specific handling requirements or privacy policies. In order to comply with these requirements and policies a method, system and computer readable memory are provided for determining a location of a vehicle to enable determination of an enforcement policy associated with the location of the vehicle. The enforcement policy defines one or more PII objects that are to be filtered from the vehicle data. The PII objects contained within the vehicle data can then be filtered such that the PII objects are not identifiable. The filtered data can then be stored or transmitted to a remote location.

Abstract: Upon accepting a start-up request or logout request of a login application, an information processing apparatus according to this embodiment controls to display a blank screen that does not input to a display unit or ignore input via a UI screen displayed on the display unit before the login application is started up or logout processing is completed.

Abstract: A fingerprint recognition-based application starting method and device. A sensing unit (102) is provided below a fingerprint recognition area of a display unit (101), so that when a user operates an application icon on the screen, fingerprint information of the user can be acquired, and then the acquired fingerprint information is compared with preset fingerprint information, to start an application or perform unlocking. Compared with an existing approach for a mobile apparatus to start an application by means of fingerprint recognition, the present invention improves the operability of application icons on a screen and enhances user experience, and can also effectively reduce the overall thickness of a mobile apparatus, making the mobile apparatus thinner and lighter to meet the market demands.

Abstract: A method and system for authenticating customers on call are disclosed. The method includes providing a notification to a customer on an electronic device associated with the customer. The notification is provided in response to the customer placing a call for seeking an interaction with an agent of an enterprise. The notification is configured to trigger authentication of the customer using an application on the electronic device. A status of the authentication of the customer is received from the application on the electronic device and, if the status of the authentication of the customer is a success, the call is connected to the agent to facilitate the interaction between the customer and the agent.

Abstract: Disclosed herein are systems and methods for detecting malicious files based on file fragments. In one aspect, an exemplary method comprises, extracting data fragments from a file, for each extracted data fragment, determining a category selected from a list of categories that includes at least: trusted, malicious, and untrusted, when a number of data fragments categorized as being malicious is below a predetermined threshold, avoiding categorization of the file as malicious, and when a number of data fragments categorized as being malicious reaches or exceeds the predetermined threshold, determining whether at least one malicious file detection rule having criteria for detecting a malicious file is found, when at least one malicious file detection rule whose criteria is met is found, categorizing the file as a malicious file, and when no malicious file detection rule whose criteria is met is found, avoiding categorization of the file as a malicious file.

Abstract: A method for privacy control in release of protected information includes: receiving, from a first system, a decryption key, request identifier, and a payload identifier by a second system; storing, in the second system, a blockchain comprised of blockchain data values, each blockchain data value including a registration identifier and encrypted data set; identifying, by the second system, a specific blockchain data value where the registration identifier matches the payload identifier; decrypting, by the second system, the encrypted data set in the specific blockchain data value using the decryption key; and transmitting, by the second system, the decrypted data set to a third system using the request identifier.

Abstract: An anonymous attestation cryptographic protocol is provided for enabling a target (device 4) to attest to a predetermined property of the device without needing to reveal its identity to a verifier (8). When obtaining a credential from an issuer (6) to attest to the predetermined property, the credential is validated by an intermediary device (2) which is a separate consumer electronics device to the target device (4) itself. This allows the relatively processor-intensive calculations required for validating the credential to be performed on a separate device (2) from the device (4) for which the attestation has been made, allowing anonymous attestation protocols to be used for lower powered target devices such as sensors in the internet of things.

Abstract: A computer-implemented method for populating a privacy-related data model by: (1) providing a data model that comprises one or more respective populated or unpopulated fields; (2) determining that at least a particular one of the fields for a particular data asset is an unpopulated field; (3) at least partially in response to determining that the at least one particular field is unpopulated, automatically generating a privacy questionnaire comprising at least one question that, if properly answered, would result in a response that may be used to populate the at least one particular unpopulated field; (4) transmitting the privacy questionnaire to at least one individual; (5) receiving a response to the questionnaire, the response comprising a respective answer to the at least one question; and (6) in response to receiving the response, populating the at least one particular unpopulated field with information from the received response.

Abstract: The present disclosure relates to methods, systems, and computer program products for generating an asset remediation trend map used in remediating against an attack campaign. The method comprises receiving attack kill chain data. The attack kill chain data comprises steps for executing an attack campaign on one or more assets associated with a computing device. The method further comprises parsing the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device. The method determines based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations. In addition, the method sequences the one or more remediation operations to form an asset remediation trend map. In one implementation, the asset remediation trend map indicates steps for remediating the attack campaign.

Abstract: The present disclosure relates to methods, systems, and computer program products for generating an attack kill chain for threat analysis. The method comprises receiving a first security event captured by a first security operation associated with a computing device, and receiving a second security event captured by a second security operation associated with the computing device. The first security event and the second security event are associated with an attack campaign. The method further comprises mapping the first security event to first security data in an attack repository, and mapping the second security event to second security data in the attack repository. The method also comprises determining based on the mapping, one or more attack execution operations for executing the attack campaign associated with the first security event and the second security event. Additionally, the method sequences the one or more attack execution operations to form an attack kill chain.