Abstract: Cybersecurity active defense in data storage systems are disclosed herein. An example system includes a file system, and an architecture installed on the file system, the architecture being configured to protect the file system in a zero trust manner from a malicious attack by a source system, the architecture including a controller that is configured to determine file-level operations of files in the file system that are indicative of a malicious event, block a user account or machine address interacting with the files, prevent data exfiltration or data corruption of the files, and provide an alert to an administrator regarding the files.

Abstract: A method operable by a computing device for configuring access for a limited user interface (UI) device to a network service via a local network access point is disclosed. The method comprises the steps of: obtaining from the limited UI device a device identifier via a first out-of-band channel. The device identifier is provided to the network service via a secure network link. A zero knowledge proof (ZKP) challenge is received from the network service. Configuration information is provided to the limited-UI device via a second out-of-band channel, the configuration information including information sufficient to enable the limited-UI device to connect to the local network access point. The ZKP challenge is provided to the limited-UI device via the second out-of-band channel.

Abstract: Session resumption for cryptographic communications is provided. Session data and encrypted early data are received from a client. A key is derived using the session data and a one-time pad. The early data is decrypted using the derived key.

Abstract: There is disclosed in one example a hardware computing platform, including: a processor; a memory; a network interface; and a security module, including instructions to cause the processor to: receive a request to download a file via the network interface; download a first portion of the file into a buffer of the memory; analyze the first portion for malware characteristics; assign a security classification to the file according to the analysis of the first portion; and act on the security classification.

Abstract: The present disclosure relates to a PUF apparatus for generating a persistent, random number. The random number is determined by selecting one or more PUF cells, each of which comprise a matched pair of capacitors that are of identical design, and determining a value that is accurately and reliably indicative of a random manufacturing difference between them, based in which the random number is generated. The random manufacturing differences between the capacitors creates the randomness in the generated random number. Furthermore, because the random manufacturing difference should be relatively stable over time, the generated random number should be persistent.

Abstract: Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.

Abstract: In one example, a cloud printing server may include a processor and a memory coupled to the processor. The memory may include a blockchain management component to register an image forming apparatus with a blockchain associated with multiple entities of a blockchain network, create a distributed ledger relating to the blockchain, create a ledger entry including information indicating operational state and configuration data of the image forming apparatus in the distributed ledger, and transmit an instance of the distributed ledger to the multiple entities including the image forming apparatus.

Abstract: A term-based encrypted retrieval privacy (TERP) data retrieval system performs data retrieval from a data repository server. The system includes a client processor included with a data requesting client and a server processor included with the data repository server. The client processor determines a vector forest that is shared with the data repository server, which includes forest vectors assigned with a respective vector ID, and generates a query including an encrypted ciphertext table that cross-references the vector IDs with a corresponding ciphertext entry. The server processor receives the query, and selects a given document from the data repository server that has assigned thereto at least one nearest neighbor vector among the forest vectors. The server processor compares a nearest neighbor vector ID of the nearest neighbor vector to the vector IDs included in the encrypted ciphertext table, and generates an encoded search result based on the encrypted ciphertext entries.

Abstract: An information processing device (10) includes a selection receiving unit (110) that receives an input indicating selection of at least one countermeasure among a plurality of countermeasures applicable to a terminal, an operating information specifying unit (120) that specifies a type of operating information corresponding to the countermeasure applicable to the terminal, an operating information acquisition unit (130) that acquires operating information of the type specified by the operating information specifying unit (120), a remaining terminal specifying unit (140) that specifies remaining terminals where a security risk remains when the countermeasure received by the selection receiving unit (110) is applied based on terminal-specific countermeasure information indicating a countermeasure applicable to each terminal against the security risk, a prediction unit (150) that predicts the number of remaining terminals at a future time based on the operating information acquired by the operating information a

Abstract: Methods that can embed opt-in permission for an artificial intelligence (AI) service are provided. One method includes implementing, by a processor, an access level of a plurality of access levels for user sensor data. The method further includes, based on the implemented access level, generating, from a set of raw sensor data received from a set of sensors, a set of sensor data for a user of an apparatus and gaining insight about the user of the apparatus via an AI service utilizing the set of sensor data. Here, implementing the access level provides to the user of the apparatus an embedded opt-in permission for the AI service. Systems and apparatus that can include, perform, and/or implement the methods are also provided.

Abstract: During factory provisioning of an Information Handling System (IHS), a key injection authorization certificate is stored that authorizes key injection by a renter of the IHS. An IHS owner retains capabilities for specifying the use of boot code of successive renters of the IHS. Upon a transfer of control or ownership of the IHS, a key injection request certificate provided by the renter is validated and use of the key injection request certificate is authorized for transferring cryptographic credentials to the IHS. The key injection authorization certificate specifies an identity of the IHS that is authorized for key injection by the renter and the key injection request certificate specifies an identity of the IHS that is requested for key injection by the renter. Transfer of credentials is authorized when the two certificates are both valid and the identity of the IHS specified in the two certificates is the same.

Abstract: An encryption device includes: a parameter generating circuit configured to generate an encryption parameter including a number of initial valid bits based on an operation scenario; an encryption circuit configured to generate a cipher text by encrypting a plain text received from the outside, based on the encryption parameter; an operation circuit configured to generate a final cipher text by performing a plurality of operations on the cipher text according to the operation scenario and tag, to the final cipher text, history information of the operations performed on the final cipher text; and a decryption circuit configured to generate a decrypted plain text by decrypting the final cipher text and output a number of reliable bits of the decrypted plain text based on the history information.

Abstract: Cryptographic processor chips, systems and associated methods are disclosed. In one embodiment, a cryptographic processor is disclosed. The cryptographic processor includes a first cryptographic processing module to perform a first logic operation. The first cryptographic processing module includes first input circuitry to receive ciphertext input symbols. A first pipeline stage performs a first operation on the ciphertext input symbols and generates a first stage output. On-chip memory temporarily stores the first stage output and feeds the first stage output to a second pipeline stage in a pipelined manner. The second pipeline stage is configured to perform a second operation on the first stage output in a pipelined manner with respect to the first pipeline stage.

Abstract: Systems and methods discussed herein are directed to a method within a wireless communication network that includes, based at least in part on sending a login associated with a phone number, receiving a code at an electronic device associated with the phone number. A hash code corresponding to the code at an app executing on the electronic device associated with the phone number is received and an input is received. Based at least in part on the input, the input is hashed to provide a hashed code. The hashed code is compared with the hash code and it is determined if the hashed code matches the hash code. Based at least in part on determining the hashed code matches the hash code, the hash code is forwarded to a location associated with the login. The location may comprise one of a website or an app.

Abstract: Some storage systems are configured with VDL (valid data length) type controls that are implemented on a per cluster basis and, in some instances, on a sub-cluster basis, rather than simply a per file basis. In some instances, per-cluster VDL metadata for the storage clusters is stored and referenced at the edge data volume nodes of a distributed network for the storage system rather than, and/or without, storing or synchronizing the per-cluster VDL metadata at a master node that manages the corresponding storage clusters for the different data volume nodes. Sequence controls are also provided and managed by the master node and synchronized with the edge data volume nodes to further control access to data contained in the storage clusters.

Abstract: Systems and methods of correcting errors in encrypted communication between a server and client devices using keyless encryption schemes are disclosed. Client devices with arrays of physical-unclonable-function devices respond to challenges from a server. Characteristics of the arrays are stored by the server during a secure enrollment process. To send an encrypted message, the server generates a message digest, extracts data from the stored arrays on the basis of the message digest, applies error correction codes to the message, encrypts the message with the extracted data, and sends the message to a client. The server may receive a handshake containing all or part of the message digest, measures its PUF, and decrypts and decodes the message.

Abstract: Embodiments relate to progressively validating access token. In response to intercepting an initial call for a transaction for a service from a client, a token is validated for the initial call of the transaction for the service, the validating including contacting an authentication sever and locally storing a time to live received for the token. In response to intercepting at least one successive call for the transaction for the service from the client, it is determined that the token for the at least one successive call is valid based on the time to live locally saved. The at least one successive call for the transaction for the service is permitted to pass without contacting the authentication sever.

Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems based on machine-learned user behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture behavioral parameters associated with the client computing device and may evaluate the behavioral parameters using a behavioral profile associated with the user account to determine a behavioral deviation score. Based on the behavioral deviation score, the computing platform may select an authentication action from a plurality of pre-defined authentication actions. Subsequently, the computing platform may generate commands directing an account portal computing platform to allow access, conditionally allow access, or prevent access based on the selected authentication action.

Abstract: A method and an apparatus for generating a secret key for encrypted communication using a synchronized neural network, which includes: generating initial codewords based on a bit string of weight values of the synchronized neural network and transmitting a first partial codeword of the initial codewords to a device of another party; receiving a second partial codeword generated by the device of the other party and combining final codewords based on the second partial codeword received from the device of the party and the bit string of the weight values; performing an error correction on the combined final codewords and transmitting first restoration success information according to the error correction to the device of the other party; and receiving second restoration success information from the device of the other party and generating the secret key based on the restoration success information of the device of the other party, are provided.

Abstract: A method for adaptive control of surgical network control and interaction is disclosed. The surgical network includes a surgical feedback system. The surgical feedback system includes a surgical instrument, a data source, and a surgical hub configured to communicably couple to the data source and the surgical instrument. The surgical hub includes a control circuit. The method includes receiving, by the control circuit, information related to devices communicatively coupled to the surgical network; and adaptively controlling, by the control circuit, the surgical network based on the received information.