Abstract: An example computing device comprises a memory to store control instructions, and a processor to: perform a first authentication of the control instructions using a first key; and in response to receipt of a command to enable a second authentication of the control instructions, add a second key to a one-time programmable portion of the memory, wherein the command is signed using the first key, the second key to perform a second authentication of the control instructions with the first key to perform the first authentication of the control instructions.

Abstract: Various aspects of the present disclosure relate to attribute-based credentials for resource access. An apparatus, such as a UE, generates one or more credentials comprising one or more first public keys and one or more attributes associated with a service request. The apparatus communicates a credential issuance request comprising at least a portion of the one or more credentials, and receives, based at least in part on the credential issuance request, one or more signed credentials comprising one or more encrypted root keys and one or more encrypted subscription identities associated with the service request.

Abstract: An adapter provides an expansion function to an information handling system. The adapter includes an adapter application specific integrated circuit (ASIC), a memory device, and a control unit. The adapter ASIC provides the expansion function. The memory device stores firmware for the adapter ASIC. The control unit validates the firmware.

Abstract: A method includes building a firmware image to execute on a bootloader of a system on chip (SoC), the firmware image including first encryption public and private keys, and digitally signing the firmware image with a second encryption private key. The signed firmware image is encrypted with a symmetric encryption key, which in turn is encrypted with a second encryption public key. The encrypted signed firmware image and the encrypted symmetric encryption key are sent to the SoC to cause the SoC to (1) decrypt the encrypted symmetric encryption key to produce the symmetric encryption key using a third encryption private key from a first asymmetric key pair, (2) decrypt the encrypted signed firmware image to produce the signed firmware image using the symmetric encryption key, and (3) verify a digital signature of the signed firmware image using a third encryption public key from a second asymmetric key pair.

Abstract: A memory controller can operate to provide various data protection schemes without a need of a cache. A unit of data transfer between the memory controller and memory devices can correspond to a size of data corresponding to a host read and/or write command. The memory controller operating without a cache can still ensure data integrity of the memory system to be compliant with standardized requirements and/or protocols, such as trusted execution engine security protocol (TSP).

Abstract: A first detection unit (121) executes object detection for a subject image. A processing unit (130) generates a painted-out image per bounding box of the subject image by painting out the bounding box of the subject image. A second detection unit (122) executes, per painted-out image, object detection for the painted-out image. A determination unit (140) determines whether an adversarial example patch attack has been conducted, on a basis of a score value of each bounding box of the subject image and a score value of each bounding box of a painted-out image group.

Abstract: A sender system is equipped with an optical transmitter that transmits an encoded optical signal at a predetermined strength via an LOS communication channel, and a key distillator that generates a cryptographic key from a random bit sequence of the optical transmitter by a key distillation processing via the authenticated public communication channel. A legitimate receiver is equipped with an optical receiver that receives the optical signal from the optical transmitter via the LOS communication channel, and a key distillator that generates a cryptographic key from the random bit sequence from the optical receiver through a key distillation processing via the authenticated public communication channel.

Abstract: A SCADA web HMI client device comprises a processor and a memory. The memory stores a user access level, image data for an HMI screen, and screen access authority information, all received from a web server. The screen access authority information includes an operation access level of the HMI screen and operation permission/prohibition of the HMI screen by the web browser. The processor draws the HMI screen in an operable state on the web browser in a case where the user access level is greater than or equal to the operation access level and where operation of the HMI screen by the web browser is permitted. The processor draws the HMI screen in an inoperable state on the web browser in a case where the user access level is less than the operation access level or operation of the HMI screen by the web browser is not permitted.

Abstract: Disclosed herein are systems and methods for detecting malware in scripts. A method includes: monitoring, at a first computing device, an execution flow of at least one portion of a script; computing a fingerprint that represents the execution flow; determining whether the fingerprint is present in a local fingerprint database that includes a plurality of entries for known scripts; in response to determining that the fingerprint is not present in the local fingerprint database, transmitting the fingerprint to a central database server including a universal fingerprint database; in response to receiving an indication that the fingerprint is not present in the universal fingerprint database, scanning the at least one portion of the script for malware; and blocking the script in response to determining that the at least one portion of the script includes malware based on the scanning.

Abstract: Systems and methods are provided for validation and enforcement of the use of factory-provisioned boot restrictions for the operation of an (Information Handling Systems). During factory provisioning of the IHS, a factory-signed certificate is uploaded to the IHS that identifies the factory-installed hardware of the IHS and any boot restrictions on individual factory-installed hardware, such as restrictions on a hardware component to boot using only factory-provision firmware or the component is to be disabled. Upon deployment of the IHS, validation procedures use an inventory from the certificate to validate the detected IHS hardware as factory-installed. The validation procedures use the boot restriction from the certificate to confirm the detected IHS hardware components are each configured for operation according to the boot restrictions.

Abstract: Described herein is a system, method, and non-transitory computer readable medium related to a service provider using a third party identity provider to authenticate a user with improved security. An authentication token is received from the identity provider, and can be verified against internal configuration information. The internal configuration information includes data that is not included in the authentication token, and therefore, is not vulnerable to some security attacks, such as a man-in-the-middle attack. After the authentication token is verified, the internal configuration information and authentication token may be used to create a custom identifier, referred to as an identity ID. The identity ID may be used by the service provider to verify user access to resources.

Abstract: This document describes techniques and apparatuses directed at stateful hash-based signing with a single public key and multiple independent signers. Upon obtaining a Leighton-Micali signature (LMS) randomized parameter, a provisioning server may share the LMS randomized parameter among multiple signers. Next, the provisioning server may associate a unique, starting leaf index number to each signer and notify each of the signers. The signers may then create a random SEED for Leighton-Micali one-time signature (LM-OTS) signatures and generate local LM-OTS and LMS public keys. After generating the local public keys, the signers may share local LMS public keys with the provisioning server. Upon receipt of the local LMS public keys, the provisioning server may then order the local LMS public keys and generate a common LMS public key. The provisioning server can then provision the ordered list, the common LMS public key, and a Merkle tree path to each of the signers.

Abstract: The present disclosure describes a micro-enclave (?enclave) framework including ?enclave operations, which are library functions that split off from normal code execution. The ?enclaves contain a mix of stateful and stateless operations, including such steps as reading or writing various hardware registers or resource counters in operating system, timer setup, deferring preemption events by a small value within a threshold set by the operating system, and the like. The operations in a ?enclave, even though performed at a user level privilege, are compiled by a separate compilation sequence and installed unforgeably as static and unforgeable procedure collections that do not yield control to an operating system scheduler.

Abstract: A cloud security method implement web security at the application level by monitoring network traffic and detecting cloud activities related to web applications, and then classifying the detected cloud activities to map certain security-related cloud activities into activity categories to enable security policy to be applied. The application-level cloud security method enables policy enforcement rules to be established for cloud activity categories. The security policies are then applied based on activity categories.

Abstract: A measurement device comprising: a processor; and a memory configured to store a program executed by the processor cause the measurement device to: first advertisement process for establishing a communication between a host device and a communication device by transmitting first advertisement information to the communication terminal, the first advertisement information including first state information indicating a state of the host device and first boding information indicating whether an encryption key used for the communication with the communication terminal is stored or not, in response to disconnection of the communication with the communication terminal, second advertisement process for re-establishing the communication between the host device and the communication terminal by transmitting second advertisement information after the encryption key is shared between the host device and the communication device, the second advertisement information including second boding information indicating that the

Abstract: A security system comprises a personal digital key (PDK), a reader and a computing device. The PDK is a portable, personal transceiver that includes a controller and one or more passwords or codes. The computing device includes a detection engine, vault storage and a set up module. The detection engine detect events relating to the access of any files and third-party systems by the computing device and receives information from the reader as to whether the PDK is present/linked. The detection engine controls whether a user is able to access any of the functionality provided by the computing device based upon whether the PDK is in communication with the reader or not. The present invention also includes a number of methods such as a method for initializing the security system, a method for setting up a computing device, and a method for controlling access to computing resources.

Abstract: Approaches in accordance with various illustrative embodiments provide for the generation of synthetic communications for use in training and fine-tuning threat detection models for various categories of recipients. In at least one embodiment, guidelines can be determined for a category of recipient that can be used to generate multiple types of content using generative artificial intelligence (AI), as may include text, image, and file content. A training communication can be generated using these types of content, such as to generate an email message that corresponds to a potential spear phishing attack. The generated messages can be checked for quality, and any messages that are caught by existing filters can be deleted or regenerated so that only high quality examples of spear phishing are provided as output.

Abstract: In one embodiment, a method includes scanning, by a first device, a code from a second device and determining, by the first device, information comprising a peer identifier and a first certificate hash using the code. The method also includes initiating, by the first device, a connection with the second device using the peer identifier and receiving, by the first device, a second certificate hash from the second device via the connection. The method further includes validating, by the first device, the second certificate hash using the first certificate hash, establishing a session with the second device, and transferring, by the first device, account information to the second device via the session.

Abstract: A system and method for codeword substitution are provided. Embodiments provide a way to enhance privacy when communicating over the phone. A user has predefined codewords that map to various kinds of sensitive information that they would prefer not to say audibly on the phone. When the user is on the phone and asked to give the sensitive information, the system would detect the codeword while muting the codeword and automatically provide the sensitive information to the provider on the other end. Anyone near the member would be unable to hear this sensitive information. The system may include a codeword setup module to associate codewords with sensitive information, a codeword detecting module to identify codewords, and a codeword substitution module to provide the sensitive information over the phone when the codewords are detected. This approach keeps the sensitive information safe from eavesdroppers.

Abstract: A service providing system provides a service allowed to be logged in to from each of a plurality of user terminals. At least one processor is configured to execute predetermined authentication for each of the user terminals under a state in which the service has been logged in to from the user terminal. The at least one processor performs a setting relating to the service for each of the user terminals based on whether the authentication has been executed from the user terminal. The service is provided to each of the user terminals based on the setting of the user terminal.