Abstract: A system and method are disclosed for providing a privacy-preserving training approach for split learning methods, including blind learning.

Abstract: A system may include a first automated teller machine (ATM) and a second ATM, wherein the first ATM and the second ATM are in communication via a local area network. The first ATM obtains a user input value, generate an encryption key based on the user input value, and generates encrypted authentication information based on the encryption key. The first ATM also obtains a first biometric reading, updates a user record based on the first biometric reading, and stores the encrypted authentication information at the first ATM in association with the user record. The second ATM obtains a second biometric reading and a duplicate value, retrieves the encrypted authentication information associated with the user record based on the second biometric reading, generates a decryption key based on the duplicate value, and decrypts the encrypted authentication information to retrieve the authentication information.

Abstract: Systems and methods are provided to build a machine learned exploitability risk model that predicts, based on the characteristics of a set of machines, a normalized risk score quantifying the risk that the machines are exploitable by a set of attacks. To build the model, a training dataset is constructed by labeling characteristic data of a population of machines with exploitation test results obtained by simulating a set of attacks on the population. The model is trained using the training data to accurately predict a probability that a given set of machines is exploitable by the set of attacks. In embodiments, the model may be used to make quick assessments about how vulnerable a set of machines are to the set of attacks. In embodiments, the model may be used to compare the effectiveness of different remediation actions to protect against the set of attacks.

Abstract: A biometric matching process is disclosed. The biometric matching process may be used to obtain access to a resource managed by an access device using only biometric information. In some embodiments, a biometric template is stored in relation to a user device and/or account information, and is obscured. Upon receiving a request for access to a resource from an access device, the system may identify a number of user devices in proximity to the access device. Biometric templates associated with each of those user devices may be compared to a biometric template received from the access device. Upon identifying a match, the system may provide the access device with account information stored in relation to the matched biometric template. The access device may then complete a transaction using the provided account information and grant access to the requested resource.

Abstract: A system for authorizing a serverless application function having a plurality of tenants, each tenant may include one or more entities that share a common access to a processing space and a data store. The system includes a gateway that receives a request from a tenant, an authorization component that access a public key assigned to the tenant, and a serverless processor that generates public and private keys for the tenant. The serverless processor also generates an access token for the first tenant that is signed using the private key and requests a transaction token from the authorization component using the access token. The authorization component transmits a transaction token to the serverless processor, which is used to make further requests to a virtual environment.

Abstract: Presented herein are techniques for automatically generating information about risks associated with browser extensions used by browsers in an enterprise network for purposes of determining whether to whitelist a browser extension in response to a request from a user. A request to install a browser extension is obtained from a user device of a plurality of user devices associated with an organization, wherein the request comprises an extension identifier for the browser extension. A risk score is generated for the browser extension based on risk values for each of one or more permissions requested by the browser extension. The risk score is compared to a threshold value to determine whether the browser extension satisfies risk standards of the organization, and if so, the browser extension is automatically added to a whitelist of permitted extensions for future installation on the plurality of user devices.

Abstract: An information handling system includes a baseboard management controller and a media controller. The baseboard management controller includes a memory, and an immutable attribute of the baseboard management controller is fused in the memory during a factory process of the information handling system. The baseboard management controller generates a first seed value based on the immutable attribute, generates a first key value based on the first seed value, and provides the first key value. The media controller includes a secure memory and a processor. The processor receives the first key value from the baseboard management controller, and stores, during the factory process, the first key value in the secure memory. The first key value cryptographically links the secure memory to the baseboard management controller.

Abstract: The present teaching relates to a method, system, and programming for encrypted searching. One or more keywords are obtained from a user. A uniform resource locator (URL) is generated, wherein a portion of the URL includes the one or more keywords encrypted via a first key. The URL is transmitted to a search server. In response to a time-related criterion associated with the URL being satisfied, one or more search results are obtained from the server, and in response to the time-related criterion associated with the URL being violated, a search box is obtained in response to transmitting the URL.

Abstract: Disclosed herein is a data storage device with storage medium that stores encrypted user content data. A cryptography engine uses a cryptographic key to decrypt the encrypted user content data. An access controller receives, from a user device, a request to register the user device and generates a challenge for a manager device. The manager device is located remotely from the data storage device. The controller sends, to the user device, the challenge for the manager device; receives, from the user device, a response calculated by the manager device to approve the request to register; calculates the cryptographic key based at least partly on the response calculated by the manager device; and creates and stores authorization data associated with the user device. The authorisation data indicates the cryptographic key, to register the user device with the data storage device.

Abstract: A video capturing device configured to capture video data, the image capturing device comprising: an image processing pipeline configured to generate a video stream from the captured video data; an encryption key activating module configured to, upon request, activate an encryption key and deactivate any previously activated encryption key used for encrypting the video stream, such that only one encryption key is activated to be used for encryption of the video stream at each instance in time; an encryption scheduler module configured to, at a predetermined time interval, instruct the encryption key activating module to activate an encryption key; an event handling module configured to, as a response to receiving indications of a detected event, instruct the encryption key activating module to activate an encryption key; an encryption module configured to encrypt the video stream using the one activated encryption key.

Abstract: A proxy computer system receives content intended for a client computer from a third-party network service, where the content includes an encrypted portion. The proxy computer system makes a determination as to whether the encrypted portion is to be decrypted for the client computer, where the determination is made based at least in part on a historical analysis of the client computer. The proxy computer system sends the content to the client computer in a form that is based on the determination.

Abstract: The disclosed technologies include receiving a request from a second computing device to verify ownership of a blockchain address. A challenge content is generated and sent to the requestor. A signature is received comprising a hash of the challenge content generated using a private key. A public key corresponding to the private key is obtained, and the signature is validated using the public key. In response to validating the signature, a characteristic is associated with a user associated with the blockchain address.

Abstract: A method of splitting a data stream into a set of data segments may include receiving the data stream, wherein the data stream may include data packets; selecting a segment time period and a time domain; subdividing the time domain into a set of time blocks, each one of the set of time blocks having a duration of the segment time period; identifying a set of starting data packets corresponding to the set of time blocks; identifying a set of finishing data packets corresponding to the set of starting data packets; identifying a last one of the set of finishing data packets being a last data packet of a last one of the set of time blocks; and identifying the set of data segments based on the corresponding set of starting data packets and the corresponding set of finishing data packets.

Abstract: A method and apparatus for encrypting data includes: acquiring a first data unit included in a media frame to be encrypted, wherein the first data unit includes a boundary portion and a content portion, the boundary portion including boundary information for identifying a starting boundary of the first data unit, and the content portion including content data of the first data unit; encrypting the content data included in the content portion of the first data unit to acquire a second data unit, wherein a boundary portion of the second data unit includes the boundary information, and a content portion of the second data unit includes a data length of the content data and encrypted data acquired by encrypting the content data.

Abstract: Embodiments of the present disclosure enable users of a data sharing system to build native applications that can be shared with other users of the data sharing system. The native applications can be published and discovered in the data sharing system like any other data listing, and consumers can install them in their local data sharing system account to serve their data processing needs. A provider may define an installation script for installing an application and create a share object to which the installation script may be attached. In response to an imported database being created in a consumer account based on the share object, a native application framework may automatically execute the installation script in the consumer account and may create a set of database roles to manage execution of the application in the consumer account.

Abstract: A method for securing one or more cells of a dynamic random-access memory (DRAM) device embedded in a system includes: (1) triggering, by one of a boot loader, an operating system (OS) and an application, a system management interrupt (SMI), (2) invoking, by a basic input/output system (BIOS), a BIOS SMI handler, (3) converting a physical address of secure data to a DRAM address using a reliability, availability and serviceability (RAS) protocol of a BIOS, and (4) performing a write protect operation on the secure data present in the DRAM device by issuing a device-supported security command in a BIOS SMI service routine.

Abstract: A method of authenticating data received from a user device by a service provider may include receiving user credentials from the user device via a secure communication channel; upon verifying the user credentials, providing to the user device via the secure channel a permission token, where the permission token includes at least a shared secret, where a data within the permission token is not observable to the user device and a shared secret data outside the data of the permission token, the shared secret data observable to the user device; and receiving a request from the user device via a non secure communication channel, where the request may include at least the permission token and a hash digest formed using at least a portion of the shared secret data.

Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.

Abstract: A terminal device may acquire first connection information including a plurality of parameters, and send the first connection information to a communication device by using a first wireless connection and not via an access point. The first connection information is used in the communication device to execute a process for establishing a wireless connection with a target access point. The terminal device may receive a failure notification indicating that the process has failed from the communication device by using the first wireless connection and not via an access point in a case where the process in the communication device has failed, and display a cause screen indicating that the process has failed due to the specific parameter on a display unit in a case where the failure notification is received from the communication device.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.