Abstract: The present application relates to devices and components including apparatus, systems, and methods to provide object story data structures.

Abstract: Systems and methods are described for rotating keys in a trust store to be used by a group of peer devices for secure communications between the peers in the group. In some examples, a service, such as an identify authority service, may make a determination that a set of peers that individually trust at least one public key from a group of public keys satisfies a set of conditions. As a result of the determination, the service may update the plurality of public keys by at least removing at least one public key from the group of public keys and indicate the updated plurality of public keys to at least one of the peers in the group. The service may remove the at least one public key from the group upon determining that less than a threshold number of peers in the group use the at least one public key.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: In an embodiment a method includes compiling, by a processor in a compiling phase, a software program intended to be executed by the processor, the processor having secure and non-secure access right level execution contexts, and/or privileged and non-privileged access right level execution contexts and generating, in the compilation phase, instructions in machine language having an exclusively secure access right level when the instructions are intended to be executed in the secure access right level execution context, and instructions having a non-privileged access right level when the instructions are intended to be executed in the non-privileged access right level execution context.

Abstract: A method for securing the transmission of at least one data packet along a data path of a telecommunications network is disclosed. According to such a method, a security device performs: obtaining a variance delay representative of a difference between an actual end-to-end transit delay of the at least one data packet along the data path and an expected end-to-end transit delay of the at least one data packet along the data path; and securing the transmission by implementing at least one security action based on the variance delay.

Abstract: An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to perform, as part of a PR configuration sequence for a new partial reconfiguration (PR) persona corresponding to a PR bitstream, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation.

Abstract: The present disclosure relates to cross-device interaction methods and terminal devices. In one example method, a first device determines that a user identity of the first device is the same as a user identity of a second device. The first device obtains a target user of a task being executed by the second device. The first device determines, based on the target user of the task being executed by the second device, that a target contact of an application currently used by the first device is the target user. The first device sends information to the target user.

Abstract: A method for authenticated asset assessment is provided. The method involves executing a scan assistant on an asset to allow a remote scan engine to execute one or more scan operations on the asset for determining a state of the asset. The scan assistant may verify the identity of the scan engine by checking that a certificate received from the scan engine is signed with a private key associated with the scan engine. In some embodiments, the authentication may be performed as part of a TLS handshake process that establishes a TLS connection between the scan engine and the scan assistant. Once the scan engine is authenticated, the scan engine may communicate with the scan assistant according to a communication protocol to collect data about the asset. Advantageously, the disclosed technique reduces security risks associated with authenticated scans and improves the performance of authenticated scans.

Abstract: A first password is received by a password encoder which uses the first password to generate a first key. This first key is used to modify weights and biases of an encoder to result in a modified encoder. Further, weights and biases of a decoder operating in tandem with the encoder based can be modified based on a second key to result in a modified decoder. First data is received which encapsulates second data in a hidden compartment. The first data is encoded by the modified encoder to result to generate an embedding. The modified decoder decodes the embedding to result in a representation of the second data which, in turn, can be provided to a consuming application or process. The first data can be input into the encoder and the decoder prior to those components being modified to result in a representation of the first data.

Abstract: A computer implemented method for anonymously showcasing qualifications, including talents, knowledge, skills, and experience. The method can include steps to allow a user to input personal information, store the personal information in a searchable database, allow the user to identify which personal information elements are accessible by interested, allow each interested party to search accessible information elements, allow each interested party to request access to inaccessible information elements, notify the user of a request for access to inaccessible information elements by a specific interested party, and allow the user to selectively grant access to inaccessible information elements to the specific interested party. The user can, in this manner, maintain complete control of personal information and ensure anonymity. Correspondingly, the interested party can evaluate users without bias.

Abstract: Malicious redirects in a redirect chain as a result of loading a web address are detected and blocked. A suspicion score is determined for a subject redirection domain based at least in part on the subject redirection domain's web address, and a rate of occurrence of the subject redirection domain in redirect chains leading to a malicious landing domain is calculated. Loading the subject redirection domain is blocked if the suspicion score exceeds a suspicion threshold or the rate of occurrence of the subject redirection domain exceeds a rate of occurrence threshold.

Abstract: A communication device may be configured to receive a sending request by executing communication at a network layer or above of an Open System Interconnection reference model. The communication device may be configured to, in a case where the sending request is received, send a public key by executing communication at the network layer or above. The communication device may be configured to, after the public key has been sent, receive an authentication request. The communication device may be configured to, in a case where the authentication request is received, send an authentication response. The communication device may be configured to, after the authentication response has been sent, receive first connection information. The communication device may be configured to, in a case where the first connection information is received, establish a second wireless connection with an external device by using the first connection information.

Abstract: A semiconductor chip includes an electronic hardware circuitry device that includes a plurality of partitionable hardware resources that each includes a corresponding resource allocation state. The electronic hardware circuitry includes a logic control circuit to control access to the plurality of hardware resources based on the respective resource allocation states of the hardware resources and based on input from one or more authorized agents. The semiconductor chip further includes a processor core to implement a plurality of software applications belonging to a first group or to a second group, each of the plurality of applications configured to access and interact with at least one corresponding hardware resource assigned to the respective application, implement assigning software agents each authorized and configured to cause the electronic hardware circuitry device to assign one or more unassigned hardware resources only to one or more of the software applications belonging to certain groups.

Abstract: Described herein are methods, techniques and systems for a user to conduct authentication via inertial measurement unit data collected by the user's smartphone and video data collected by a drone recording the user operations for mutual authentication, as well as to prevent attacks of the authentication data, wherein correlation can be easily extended to using other information, such as noises, illuminance, GPS, and how the phone flashlight flashes.

Abstract: A system to detect an abnormal classic authorizations, such as in a classic authorization system of a resource access management system, and take action is described. The system determines an anomaly score in from a model applied to a classic assignment event. An indicator score is determined from the classic assignment event applied to domain-based rules. The security action is taken based on a combination of the anomaly score and the indicator score.

Abstract: Techniques are described herein that are capable of registering a user device with a cloud-based management service using an intermediate cloud storage. For instance, the intermediate cloud storage may store an encrypted data blob including information that identifies the user device. The intermediate cloud storage or a registration system may decrypt the encrypted data blob so that the registration system may use the decrypted data blob to register the user device with the cloud-based management service. For instance, the registration system may retrieve the encrypted or decrypted data blob from the intermediate cloud storage by providing a requisite secret to the intermediate cloud storage. The requisite secret may be provided to the registration system by the user device (e.g., via a matrix barcode, such as a QR code).

Abstract: A method, a system, and a non-transitory computer readable program code are disclosed for offline authentication of users for access to web applications. The method includes requesting, by a processor, access for a user to one or more relying party applications; receiving, by the processor, a redirection request from the one or more relying party applications to retrieve an authentication token for the user from an identity service provider; determining, by the processor, that the identity service provider is not available to provide the authentication token for the user; retrieving, by the processor, the authentication token for the user from a trusted source; forwarding, by the processor, the authentication token for the user retrieved from the trusted source to the one or more relying parties; and receiving, on the processor, authentication from the one or more relying parties for the user to access the one or relying party applications.

Abstract: The present application discloses a method, system, and computer system for storing, reading and/or encrypting personal identifiable information (PII). The method includes obtaining PII data corresponding to a dataset, obtaining a PII key associated with the PII data, and storing, in the dataset, information pertaining to the PII key in association with the PII data.

Abstract: Various embodiments described herein support or provide for data management operations, such as receiving a request to access a webpage; determining that accessing the webpage requires secure access via a secure browser; identifying a virtual machine that is configured to allow access to the webpage; and causing display of the webpage in the secure browser embedded in a local browser of the sender device.

Abstract: A method of identifying an attack comprising receiving an input of one or more images, wherein the one or more images includes a patch size and size, divide the image into a first sub-image and a second sub-image, classify the first sub-image and the second sub-image, wherein classifying is accomplished via introducing a variable in a pixel location associated with the first and second sub-image, and in response to classifying the first and second sub-image and identifying an adversarial patch, output a notification indicating that the input is not certified.