Abstract: A system for noise profile generation includes a customer gateway communicatively coupled to one or more end devices over a communication medium, at least one noise information node communicatively coupled to the customer gateway and programmed to extract noise information present on a communication path from the customer gateway to at least one of the one or more end devices, a noise profile database storing one or more noise profiles, and a noise profile generator. The noise profile generator includes at least one processor and non-transitory computer readable media having a set of instructions executable by the at least one processor to retrieve the extracted noise information associated with the communication path, determine whether the at least one noise characteristic of the extracted noise information matches with one or more noise profiles and identify at least one noise source on the communication path.

Abstract: Systems and methods of generating a security key for an integrated circuit device include generating a plurality of key bits with a physically unclonable function (PUF) device. The PUF can include a random number generator that can create random bits. The random bits may be stored in a nonvolatile memory. The number of random bits stored in the nonvolatile memory allows for a plurality of challenge and response interactions to obtain a plurality of security keys from the PUF.

Abstract: Method for authenticating at least one ventilator with at least one remote station, wherein the ventilator can connect itself via at least one interface to the remote station, at least one authentication file is stored on the ventilator, the authentication file contains at least one signature code of a signing authority, and a public keycode of the signing authority is known to the remote station, the ventilator sends the authentication file to the remote station when establishing the connection to the remote station, the remote station checks the signature code of the authentication file using the public keycode as to whether the signature code originates from the signing point and the ventilator is authenticated when the remote station recognizes the signature code as originating from the signing authority.

Abstract: To achieve an improvement in security in encryption of an image signal obtained through imaging by an array sensor. A sensor device includes: an array sensor in which a plurality of pixels including light-receiving elements for visible light or invisible light are arrayed 1-dimensionally or 2-dimensionally; and an encryption unit configured to encrypt a read signal from the pixels of the array sensor. By encrypting a read signal, it is possible to achieve an improvement in security by enabling the image signal not to be stored in plain text in a memory.

Abstract: The disclosed computer-implemented method for dynamic formjacking protection may include identifying a sensitive data input field element on a webform loaded in a browser, creating a secure isolated container overlaid on the identified sensitive data input field element, and collecting, via the secure isolated container, real input data intended for the sensitive data input field element. The method may also include inserting dummy data into the sensitive data input field element and intercepting a form submit request from the webform to a destination. The method may further include determining whether the destination is a trusted destination, and when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination. The method may also include sending the form submit request to the destination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.

Abstract: A computer-implemented method can include: a computer program file open request providing read access to text or binary plaintext file data residing on a data storage means; processing the plaintext file data in an input data buffer area following a computer program file data read operation to improve performance by creating a multiplicity of processing threads to perform concurrent, usually non-overlapping encryption processing operations; and an encryption program constructing a previously constructed complex of Pseudo Random Number Generator (PRNG) means to provide on-demand Pseudo Random Number (PRN) values.

Abstract: In general, this disclosure describes techniques for replacing target cryptographic primitives in executable binary files with other, potentially more secure, cryptographic primitives. In some examples, a computing system for augmenting cryptographic executables includes a locator to determine if an executable program in an executable binary file includes a target cryptographic primitive. The computing system can include a patch generator to generate patch instructions in response to a determination by the locator that the executable program includes the target cryptographic primitive. The patch instructions cause the executable program to execute a replacement cryptographic primitive instead of the target cryptographic primitive. A rewriter engine of the computing system can modify, based on the patch instructions, the executable program to generate a modified executable binary file.

Abstract: Embodiments detect identity attacks by comparing usage of compromised passphrases or other weak credentials in failed sign-in attempts to access restriction conditions. A restriction threshold amount of weak credential failed sign-ins (WCFSI) or a WCFSI increase indicates an identity attack, such as a password spray attack. Going beyond the mere number of failed sign-ins by also considering credential strength allows embodiments to detect attacks sooner than other approaches. An embodiment may also initiate or impose defenses by locking accounts, blocking IP addresses, or requiring additional authentication before access to an account is allowed. Weak credentials may include short passwords, simple passwords, compromised passwords, or wrong usernames, for instance. Password strength testing may be used for attack detection in addition to preventive use on passwords proposed by authorized users. Familiar and unfamiliar traffic source locations may be tracked, as sets or individually.

Abstract: Example subscription information configuration methods and a communications device are described. One example method includes receiving a first device identifier by a network device from a first terminal device in a first access mode and receiving a second device identifier from a second terminal device in a second access mode. The network device determines whether the first device identifier matches the second device identifier to identify legality of the first terminal device. If the first device identifier matches the second device identifier, it indicates that the first terminal device is a legal terminal device. The network device sends subscription information of the first terminal device to the first terminal device in the first access mode, so that the first terminal device successfully accesses a network by using the subscription information.

Abstract: Methods and systems for managing distributed systems are disclosed. The distributed systems may include any number of data processing systems that may contribute to the functionality of the distributed system. To contribute to the functionality of the distributed system, each of the data processing systems may need to be configured to positively contribute to one or more functions. To manage configuration of data processing system, intermediate representations of roles may be used to flexibly manage system configuration. The roles may be taken on by independent and dependent data processing systems.

Abstract: Aspects of the disclosure relate to providing a secure collaboration between one or more PCIe accelerators and an enclave. An example system may include a PCIe accelerator apparatus. The PCIs accelerator apparatus may include the one or more PCIe accelerators and a microcontroller configured to provide a cryptographic identity to the PCIe accelerator apparatus. The PCIe accelerator apparatus may be configured to use the cryptographic identity to establish communication between the PCIe accelerator apparatus the enclave.

Abstract: A request to contact a service provider may be received from a client machine. The request may be associated with an identity claim and including a service identifier. The identity claim may be validated via a distributed identity service that includes a plurality of identity nodes in communication via a network. Validating the identity claim may include determining a designated network identifier associated with a distributed identity account shared among the plurality of identity nodes. A service query that includes the service identifier and the designated network identifier may be sent to a plurality of customer relations management services. A communication session may be established between a service provider remote computing system and the client machine. The service provider may store customer relations management information at a designated one of the plurality of customer relations management services.

Abstract: Provided a method for setting up an authorization verification for a first device, for example a field device in an automation system, wherein the first device is configured by configuration data transmitted to the first device from a configuration module that is detachably connected to the first device and, for example, is implemented in the form of an SD card or a USB stick, having: detection of a connection of a configuration module to the first device, reading configuration module-specific device information from the configuration module, requesting configuration module-specific authorization verification for the configuration model-specific device information from the first device in an authorization device, and storing the requested configuration module-specific authorization verification on a security storage unit of the first device.

Abstract: A blockchain smart contract rewriting framework system has a vulnerability detection tool, a rewriter tool, and a deployment component. The deployment component obtains a permission to upgrade the smart contract, which granted by a smart contract creator/owner. The contract rewriting framework system retrieves the smart contract from the blockchain network, and passes it to the vulnerability detection tool. The vulnerability detection tool detects a vulnerability in the smart contract, and determines a type of the vulnerability and an instruction location of the vulnerability. The rewriter tool rewrites the smart contract to include a patch for fixing the vulnerability, a patched smart contract being generated by the rewriter tool based on the type of the vulnerability and the instruction location of the vulnerability.

Abstract: An allowed client server, that is authorized to access a resource server over a given port, receives a client request, from a client computing system, to access the resource server. The allowed client server authenticates and authorizes the request, using an authentication and authorization mechanism, and selects a port with which to communicate with the client computing system. The identity of that port is provided to the client computing system, and a port forwarding mechanism forwards traffic between the client computing system and the resource server, through the client-facing port and to the given port on the resource server.

Abstract: Certain aspects of the present disclosure provide techniques for privacy preserving sharing and validation of sensitive information in a computing environment. An example method generally includes generating a hashed value of a sensitive data item. A set of modulo values is calculated for the hashed value of the first sensitive data item using a set of prime numbers between an upper bound number and a lower bound number. A request to validate the first sensitive data item is transmitted to a target computing system. The request includes the set of prime numbers and the set of modulo values. An indication of whether a match was found for each respective modulo value in the set of modulo values is received from the target computing system, and a request associated with the first sensitive data item is processed based on the indication.

Abstract: There is a need for more effective and efficient secure data transmission. This need can be addressed by, for example, solutions for secure data transmission that utilize per-user-functionality secret shares. In one example, a method includes generating a hashed user identifier based on a received user identifier; transmitting the hashed user identifier to an external computing entity; and receiving a data retrieval secret share from the external computing entity, wherein: (i) the data retrieval secret share is selected from a plurality of per-user-functionality secret shares, (ii) the plurality of per-user-functionality secret shares are generated based on a secret value, (iii) the secret value is generated based on the hashed user identifier, (iv) the secret value is used to generate a user data private key, and (v) the external computing entity is configured to encrypt user-provided data using the user data private key prior to transmission of the encrypted user-provided data.

Abstract: A source device being associated with an account uses playback of a media content item to cause a target device to become associated with the account. The target device enters an association mode and records a portion of the playing content. The target device provides the recording to a server that identifies the song (e.g., using a music fingerprint service) and uses the identification of the song to find the account that caused playback of the identified song. With the account identified, the server provides credentials of the account to target system. The target device accesses content or services using the account. As confirmation of receiving the credentials, the server causes playback of the content to transition to from the source device to the target device.

Abstract: A method, system, and digital recording medium provides for convenient and trustworthy user authentication with a computing device combining four authentication factors through use of a remote authentication system (RAS). An identity token (Device-ID) cryptographically bound to the user's computing device is generated as a first authentication factor. A password known only to the user is a second factor. Cryptographic signatures generated from the user's biometric minutiae is a third factor. A random challenge received from the RAS is a fourth factor.