Abstract: Systems and methods for authenticating identification information are disclosed. For example, a system may include an Automated Teller Machine (ATM). An ATM may comprise a user interface. The user interface may comprise a joystick. The user interface may be configured to receive joystick input from a user. The ATM may comprise at least one memory storing instructions. The ATM may comprise at least one processor configured to execute the instructions to perform operations. The operations may comprise receiving identification information from the user. The operations may comprise receiving the joystick input. The operations may comprise extracting a joystick sequence from the joystick input. When the joystick sequence is within a predetermined threshold from a stored joystick sequence corresponding to the identification information, the operations may comprise authenticating the user for an ATM operation.

Abstract: A data storage device and method for reliable watermarking are provided. In one embodiment, a data storage device is provided comprising a memory and a controller. The controller is configured to determine whether a watermarking operation to be performed on the data is to be performed by the controller or by the memory; in response to determining that the watermarking operation is to be performed by the controller, performing the watermarking operation; and in response to determining that the watermarking operation is to be performed by the memory, instruct the memory to perform the watermarking operation. Other embodiments are provided.

Abstract: Systems and methods are provided for receiving input data to be processed by an encrypted neural network (NN) model, and encrypting the input data using a fully homomorphic encryption (FHE) public key associated with the encrypted NN model to generate encrypted input data. The systems and methods further provided for processing the encrypted input data to generate an encrypted inference output, using the encrypted NN model by, for each layer of a plurality of layers of the encrypted NN model, computing an encrypted weighted sum using encrypted parameters and a previous encrypted layer, the encrypted parameters comprising at least an encrypted weight and an encrypted bias, approximating an activation function for the level into a polynomial, and computing the approximated activation function on the encrypted weighted sum to generate an encrypted layer. The generated encrypted inference output is sent to a server system for decryption.

Abstract: An authorization process employs a network ID as a possession factor for a secure account, such as a bank account or e-mail account, and determines one or more risk indicators associated with the possession factor. The authorization process is successfully completed when a risk score that is based on the risk indicators is less than a certain risk threshold. The risk indicators include a device history of the network ID and/or at least one attribute of a cellular account associated with the network ID. The device history identifies other mobile devices and/or SIM cards, if any, that have been previously activated with the network ID, while the one or more attributes can further indicate potentially fraudulent activity associated with the cellular account through which wireless services for the network ID are currently provided.

Abstract: An apparatus of a computing system, a computer-readable medium, a method and a system. The apparatus comprises processing circuitry including a core, and a communication controller coupled to the core to communicate with a memory of the computing system, wherein the memory is to define a leak zone corresponding to a plurality of memory addresses including data therein, the leak zone having an identifier; and the processing circuitry is to: decode instructions including a starting leak barrier, an ending leak barrier, and a sequence of code between the starting and ending leak barriers, the sequence of code including the identifier for the leak zone, the identifier to indicate the sequence of code is to be executed only on the data within the leak zone; and execute the sequence of code only on the data within the leak zone based on the leak barriers and on the identifier.

Abstract: An interface for a threat management facility of an enterprise network supports the use of third-party security products within the enterprise network by providing access to relevant internal instrumentation and/or a programmatic interface for direct or indirect access to local security agents on compute instances within the enterprise network.

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client device may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.

Abstract: First transistor logic is arranged by a first logic provider in circuit form and provides a minimum of functionality of the semiconductor device employed to bring up the semiconductor device, wherein the minimum of functionality is encrypted using a first encryption key. Second transistor logic is arranged by a second logic provider, different than the first logic provider, in circuit form to include security keys capable to perform cryptographic capabilities using a second encryption key. The second transistor logic further includes functionality that completes the semiconductor device as a chip device and is ready to process secure communication signals.

Abstract: An encryption method includes an operation method of an encryption system and is a method of encrypting encryption target information.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: An approach for operating at least one touch-sensitive, flat input device of a complete device, the input device being connected via a message-based bus connection to a control device of the complete device, and messages containing touch datasets describing touch data events being transmitted to the control device, which evaluates the messages for input information for an application program implemented by the control device, wherein when a security function in the control device that queries sensitive input information is accessed, the touch datasets are transmitted from the input device to the control apparatus via the bus connection in encrypted form until the associated input process has ended.

Abstract: Several methods may be used to exploit the natural physical variations of sensors, to generate cryptographic physically unclonable functions (PUF) that may strengthen the cybersecurity of microelectronic systems. One method comprises extracting a stream of bits from the calibration table of each sensor to generate reference patterns, called PUF challenges, which can be stored in secure servers. The authentication of the sensor is positive when the data streams that are generated on demand, called PUF responses, match the challenges. To prevent a malicious party from generating responses, instructions may be added as part of the PUF challenges to define which parts of the calibration tables are to be used for response generation. Another method is based on differential sensors, one of them having the calibration module disconnected. The response to a physical or chemical signal of such a sensor may then be used to authenticate a specific pair of sensors.

Abstract: There is disclosed in one example a malware analysis server, including: a hardware platform including a processor and a memory; a machine learning model; a store of known objects previously classified by the machine learning model; and instructions encoded within the memory to instruct the processor to: receive a test sample; apply the machine learning model to the test sample to provide the test sample with classified features; compute pairwise distances between the test sample and a set of known objects from the store of known objects; select a group of near neighbor samples from the set of known objects; select a group of far neighbor samples from the set of known objects; and generate an explanation for the test sample according to the near neighbor samples and far neighbor samples.

Abstract: Disclosed is a process for testing a suspect model to determine whether it was derived from a source model. An example method includes receiving, from a model owner node, a source model and a fingerprint associated with the source model, receiving a suspect model at a service node, based on a request to test the suspect model, applying the fingerprint to the suspect model to generate an output and, when the output has an accuracy that is equal to or greater than a threshold, determining that the suspect model is derived from the source model. Imperceptible noise can be used to generate the fingerprint which can cause predictable outputs from the source model and a potential derivative thereof.

Abstract: Embodiments of the present invention provide a system for securing and allowing access to electronic data in a data storage container. The system is configured for identifying initiation of a connection with an data storage container, determining establishment of the connection with the data storage container, instantaneously crawling into the data storage container to access data that is associated with the data storage container, instantaneously performing one or more operations associated with the data, storing information associated with the one or more operations in a data store, identifying initiation of a connection with an entity system, determining establishment of the connection with the entity system, instantaneously transferring the information associated with the one or more operations to the entity system, and performing one or more actions, via one or more applications stored on the entity system, utilizing the information associated with the one or more operations.

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.

Abstract: Implementations are directed to methods for detecting and identifying advanced persistent threats (APTs) in networks, including receiving first domain activity data from a first network domain and second domain activity data from a second network domain, including multiple alerts from the respective first and second network domains and where each alert of the multiple alerts results from one or more detected events in the respective first or second network domains. A classification determined for each alert of the multiple alerts with respect to a cyber kill chain. A dependency is then determined for each of one or more pairs of alerts and a graphical visualization of the multiple alerts is generated, where the graphical visualization includes multiple nodes and edges between the nodes, each node corresponding to the cyber kill chain and representing at least one alert, and each edge representing a dependency between alerts.

Abstract: Improving execution of application program instructions by receiving code having a security classification, determining that the code is untrusted according to the security classification and inserting instructions for a cache flush associated with executing the code.

Abstract: Dynamic directory service object creation and certificate management can be performed. In response to discovering a device connected to a network, a corresponding directory service object can be automatically created, and a digital certificate can be automatically acquired and deployed on the device to facilitate authentication. Further, actions can be logged, and notifications generated based on logged actions. Time involved in deploying and configuring directory services is reduced, efficiency is improved, and there is less of a chance for errors associated with manual configuration.

Abstract: A computer-readable medium comprises instructions that, when executed, cause a processor to execute an untrusted workload manager to manage execution of at least one guest workload.