Abstract: The disclosed technologies include receiving a request from a second computing device to verify ownership of a blockchain address. A challenge content is generated and sent to the requestor. A signature is received comprising a hash of the challenge content generated using a private key. A public key corresponding to the private key is obtained, and the signature is validated using the public key. In response to validating the signature, a characteristic is associated with a user associated with the blockchain address.

Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

Abstract: A Transport Layer Security (TLS) handshake can be terminated early—i.e., before certificate validation—to reduce server-side demand, which can be particularly advantageous in counteracting Denial-of-Service (DOS) attacks and the like. To this end, an endpoint may provide a one-time password (OTP) in the client hello message during the initial steps of a TLS handshake or similar connection protocol. A gateway, upon receiving the client hello message, may generate its own OTP for comparison with the OTP in the client hello message. The endpoint and gateway may advantageously generate the OTP based on a secret provided by a threat management facility with a preexisting secure connection to the two entities. If the OTP provided in the client hello message and the OTP generated on the gateway are the same, then the TLS handshake may continue; otherwise, the Transmission Control Protocol (TCP) connection will be terminated by the gateway.

Abstract: The subject disclosure provides systems and methods for companion device authentication. A user of a first device may not have access to a service that can be provided by the first device. The service may be a streaming service, a cloud-based service, or the like. Companion device authentication can allow the user, or another user, to authorize access to the service at the first device, using a companion device to the first device. The first device and the companion device may exchange communications to nominate the companion device prior to notifying a user of the companion device of a companion device authentication request for the first device.

Abstract: A system and method for authenticating an application that employs cryptographic keys and functions is provided with white box cryptography employed to secure the application, and to secure communications with the application. The white box includes a transformation of the application and the keys. A secure channel between the white box and a crypto token is used for communications. In some cases, the transformed keys can be employed in authenticating the white box to the crypto token. The presence of a valid crypto token can be periodically determined. In the presence of a valid crypto token, the white box can provide a verifiable message to a remote server. The remote server can verify the message and initiate a service.

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

Abstract: Embodiments related to using a foundational model for network packet traces. A technique includes receiving network traffic of a network and extracting features from the network traffic, the features having a function related to communications in the network. The technique includes generating tokens from the features, each of the features corresponding to a respective one of the tokens, training a machine learning model by inputting the tokens, the machine learning model being trained to output contextual embeddings for the tokens, and using the contextual embeddings to determine an anomaly in the network traffic.

Abstract: Methods for network aware endpoint data loss prevention (DLP) in web transactions are performed by systems and devices, which includes implementing DLP on endpoint devices and focuses on web traffic events from web browsers, while also associating the events to the network source entity. File download and upload events are intercepted from the operating system by a file system filter that determines the process creating events is a web browser based on process identifiers and comparing process names and process executable signatures. A uniform resource locator (URL) from a current tab or session is retrieved for the web browser. Policies for events are evaluated via a policy server or via cache, and additional data from the file is provided for policy decisions when necessary. DLP actions taken via the file system filter to block or allow events, including encrypting file data, are based on the policy decisions.

Abstract: Certain aspects involve using a set of machine learning modeling models for predicting attempts to tamper with records using a fraudulent dispute. A tampering prediction system receives a request from a target entity to modify event data for a historical event, including information about the target entity and the event. The system generates a first score by applying a first set of machine learning models to the information from the request and information about the target entity obtained from a database. They system computes a second score by applying a second machine learning model to event data retrieved from the database. The second machine learning model has been trained using labeled training data and is augmented with a model that has been trained using unlabeled training data. The system generates an overall score for the request based on the first score and the second score.

Abstract: Systems and methods for security-based device control are disclosed. For example, a presence-based trigger event is detected and one or more suggestion models are utilized to determine whether a security-based device control suggestion should be sent. Multiple suggestions are arbitrated, and a user device is selected for receiving the suggestion based on multiple inputs. The format of the suggestion is also determined and the suggestion is either automatically output on the selected device or a notification of the suggestion is provided.

Abstract: A firmware verification system is suitable for a secure boot stage. The firmware verification system comprises a non-volatile firmware list storage device. The non-volatile firmware list storage device is configured to store a firmware list; wherein each entry corresponds to a firmware stored in a flash memory in a microcontroller, and each entry includes a plurality of fields. The bootloader reads the entries. According to the contents of the fields in each entry, the bootloader determines the correctness of the public key and the correctness of the digital signature for each firmware in the microcontroller.

Abstract: This disclosure describes systems, methods, and devices related to security for multi-link operations. A multi-link device (MLD) may establish a first communication link between a first device of the MLD and a first device of a second MLD, and a second communication link between a second device of the MLD and a second device of the second MLD. The MLD may generate a group-addressed message. The MLD may protect the group-addressed message using a first key or a first integrity key. The MLD may protect the group-addressed message using a second key or a second integrity key. The MLD may send, using the first communication link, the group-addressed message protected using the first key or the first integrity key, and may send, using the second communication link, the group-addressed message protected using the second key or the second integrity key.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

Abstract: This application discloses a communication method, and relates to the communications field. In the method, a fixed mobile interworking function (FMIF) receives an access request message that carries first authentication information of a fixed network device and that is sent by a broadband network gateway (BNG), where the first authentication information is generated by the BNG based on a dial-up packet sent by the fixed network device, and the first authentication information includes an identifier of the fixed network device. The FMIF encapsulates the first authentication message in a message format supported by a control plane interface between the FMIF and a core network device, to obtain a second authentication message; and the FMIF sends the second authentication message to the core network device through the control plane interface. The core network device performs authentication on the fixed network device based on the second authentication message.

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate applying a reinforcement learning policy to available actions are described. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a state encoder that maps, based on one or more encoding parameters, a state of an environment on to one or more qubits of a quantum device. The system can further comprise a variational component that combines a reinforcement learning policy with a sampling of the one or more qubits, resulting, based on one or more variational parameters, in a probability distribution of a plurality of available actions at the state of the environment.

Abstract: In some implementations, a system may transmit information that identifies behavioral data to be collected by a user device in connection with completion of a digital maze via user interaction with a user device. The maze may include starting and finishing points and an authentication path therebetween. The maze may include digital landmarks, a subset of which may be along the authentication path. The system may receive the behavioral data, and may provide the behavioral data and a task identifier identifying the maze as a feature set that is input to a machine learning model. The system may receive an output from the machine learning model, and may cause a recommended action to be performed with respect to verifying an identity of a user of the user device based on the output.

Abstract: A role-based access control method and system provide for receiving a request to provide an access to a resource, identifying a plurality of permissions associated with the request, authorizing the request including determining the plurality of permissions are granted for the identity, generating a serialized token to represent the plurality of permissions, and passing the serialized token to the first service to perform the providing of the access to the resource.

Abstract: Methods and systems are disclosed that include producing cleansed subject information from subject information, determining whether a subject can be identified as an identified subject, and, in response to a determination that the subject can be identified as the identified subject, receiving a change proposal with regard to the identified subject (where receiving the change proposal comprises receiving substantiating information) and determining whether the change proposal should be approved based, at least in part, on an analysis the cleansed subject information and the substantiating information.

Abstract: Systems, methods, and non-transitory computer-readable media for managing data in view of data controls are provided. A request can be received from a client located in a jurisdiction to utilize a portion of data with a service. Based on a rule applicable to the jurisdiction, it can be determined that the service to utilize the portion of data is unavailable in the jurisdiction. To comply with the rule, a virtualized instance of the service can be deployed on hardware in the jurisdiction.

Abstract: In the field of payment terminals, a new generation of feature-rich payment terminals is emerging. These payment terminals are mass-produced and the level of security provided for data entry operations is low because the primary function of these communication terminals is not the entry of sensitive data. As a result, the data relating to payment transactions entered via these payment terminals are entered with a level of security that is not adequate as regards the sensitivity of the data entered. Accordingly, a communication terminal is provided, which secures data entered via a user interface of a communication terminal, by transmitting them among a stream of dummy data, and by encrypting all data, those actually entered by a user and the dummy data, before the transmission thereof to a secure data processing device.