Abstract: This disclosure describes systems on a chip (SOCs) that prevent side channel attacks (SCAs). An example SoC of this disclosure includes an engine configured to encrypt transmission (Tx) channel data using an encryption operation set configured with a first polynomial, and to decrypt encrypted received (Rx) channel data using a decryption operation set configured with a second polynomial different from the first polynomial. The SoC further includes a security processor configured to multiplex the encryption operation set against the decryption operation set with a varied sequence of selection inputs on a round-by-round basis to generate a mixed sequence of encryption rounds and decryption rounds, and to control the engine to encrypt the Tx channel data and decrypt the encrypted Rx channel data in a combined datapath according to the mixed sequence of encryption rounds and decryption rounds.

Abstract: Using a processor and a memory of a testing system, a set of vulnerability testing instructions is executed relative to an application, causing an output of a set of vulnerabilities from the testing system. By executing a probability model, a first probability of adverse impact corresponding to a first vulnerability in the set of vulnerabilities is computed. The first vulnerability and the first probability of adverse impact are added to a vulnerability repository. Using the first probability of adverse impact and a second probability of adverse impact, a first cumulative probability of adverse impact is calculated. Using the first cumulative probability and a first level of organizational impact corresponding to the application, a first risk category is assigned to the application. Responsive to the first risk category being lower than a second risk category, a system management application is caused to install the application in the computer system.

Abstract: Embodiments of the invention include a communication interface and protocol for allowing communication between devices, circuits, integrated circuits and similar electronic components having different communication capacities or clock domains. The interface supports communication between any components having any difference in capacity and over any distance. The interface utilizes request and acknowledge phases and signals and an initiator-target relationship between components that allow each side to throttle the communication rate to an accepted level for each component or achieve a desired bit error rate.

Abstract: A plurality of scanned backup snapshots are generated. A backup snapshot among a plurality of backup snapshots is selected. At least a portion of the selected backup snapshot is restored in a temporary environment to create a restored instance of at least the portion of the selected backup snapshot. A vulnerability scan of the restored instance of at least the portion of the selected backup snapshot is performed. One or more vulnerabilities of the scanned portion of the selected backup snapshot are tracked. A request associated with identifying a scanned backup snapshot to restore from the plurality of scanned backup snapshots is received. In response to the request, at least a predetermined identification of the one or more vulnerabilities of the selected backup snapshot is provided.

Abstract: A spacecraft network management system includes five functional entities, namely, attendant, accessor, collector, logic, and logic watchdog in a distributed architecture configured with both in-band and out-of-band data paths. Management data is structured so that it can travel over either in-band or out-of-band and be identified as such; user data travels over in-band paths. These five entities are distributed over the units of the design and then a modified set of otherwise standard elements are assigned to each entity depending on the nature of its function. These elements include managers, management agents, device agents, device management information base, and manager management information base that enable the entities to perform their respective functions.

Abstract: Various embodiments are generally directed to techniques for providing improved privacy protection against vehicle tracking for connected vehicles of a vehicular network. For example, at least one road side unit may: identify a set of vehicles that require pseudonym changes and send an invitation for a pseudonym change event to each of the vehicles, determine at least a total number of the acceptances, determine whether the total number meets or exceeds a predetermined threshold number, send acknowledgement messages to the accepting vehicles if the threshold number is met, and form a vehicle group to coordinate the pseudonym change event during a privacy period. During the privacy period, the RSU and the vehicles may communicate with each other in a confidential and private manner via key-session-based unicast transmission, and coordinate transmission power and vehicle trajectory adjustments to maximize the benefits for safety and obfuscation for privacy.

Abstract: In one approach, a server computer receives a playlist from a first client computer, wherein the playlist identifies a plurality of media assets and includes synchronization information that specifies how to present the plurality of media assets as a synchronized media presentation. The server computer receives a request from the first client computer to share the playlist with a second client computer. The server computer causes the plurality of media assets to be deposited in a client storage accessible to the second client computer. The server computer sends the playlist to the second client computer. The second client computer presents the synchronized media presentation based on the plurality of media assets deposited in the client storage and the synchronization information of the playlist.

Abstract: A data storage system allows data to be encrypted and de-duplicated at the same system. By way of example, a server of the data storage system may request a client device which intends to upload a data block to transmit a first fingerprint of the data block to the server. The first fingerprint may be derived from the plaintext of the data block. The server may apply a one-way function to the first fingerprint to generate an encryption key and transmit the encryption key to the client device. The client device uses the encryption key to encrypt the data block and generates a second fingerprint which is derived from the ciphertext of the data block. The server uses both the first fingerprint and the second fingerprint to verify the data block and the legitimacy of the client attempting to upload the data block.

Abstract: Resources may be managed in a topology for audio/video streaming. The topology includes audio/video sources and sinks and intervening branch devices. Messages between these sources, sinks, and branch devices may be used for resource management.

Abstract: A semiconductor system in accordance with an embodiment includes a module controller and a plurality of semiconductor chips configured to receive logical addresses from the module controller. The semiconductor system also includes a plurality of scramble circuits, with a scramble circuit provided for each of the plurality of semiconductor chips, configured to receive the logical addresses and to output corresponding physical addresses for the plurality of semiconductor chips. Each scramble circuit of the plurality of scramble circuits is configured to receive the same logical address and to output a corresponding physical address different from the physical addresses output by the other scramble circuits of the plurality of scramble circuits.

Abstract: This application provides a user equipment management method and a device, to help reduce complexity of operation and maintenance. The method includes: obtaining, by a gateway device, identifiers IDs of N user equipments and information about a first service, where the N user equipments are terminals configured to implement the first service, and N is an integer greater than or equal to 1; obtaining, by the gateway device, an ID of a logical device based on the information about the first service, where the logical device is a set of logical elements that are in the gateway device and that are configured to implement the first service; and binding, by the gateway device, the ID of the logical device and the IDs of the N user equipments.

Abstract: Methods of authenticating a file are disclosed. A method may include selecting, via an identifier, a subset of data segments of a file. The method may also include executing, via a microcontroller, a cryptographic function on only the subset of data segments of the file to generate a digest. Further, the method may include generating, via the microcontroller, an authenticator based on the digest and a private key. The method may also include conveying the file, the identifier, and the authenticator to a cryptography element. In addition, the method may include executing, via the cryptography element, the cryptographic function on the subset of data segments of the file to generate a second digest. Furthermore, the method may include authenticating, via the cryptography element, the file via verification of the authenticator based on the second digest and a public key of the microcontroller.

Abstract: The disclosed computer-implemented method for safely executing unreliable malware may include (i) intercepting a call to an application programming interface (API) in a computing operating system, the API being utilized by malware for disseminating malicious code, (ii) determining an incompatibility between the API call and the computing operating system that prevents successful execution of the API call, (iii) creating a proxy container for receiving the API call, (iv) modifying, utilizing the proxy container, the API call to be compatible with the computing operating system, (v) sending the modified API call from the proxy container to the computing operating system for retrieving the API utilized by the malware, and (vi) performing a security action during a threat analysis of the malware by executing the API to disseminate the malicious code in a sandboxed environment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Technologies are disclosed for a computing system that allows users to control the disclosure of their identities during communication sessions. Users can control the disclosure of their identities with respect to certain types of shared content. In one mode of operation, a user can share content anonymously. In another mode of operation, identity may be revealed when certain conditions are met or revealed to only certain other users. For example, the identity of a user who shared a comment anonymously may be revealed if multiple other users agree with that comment. In another mode of operation, the user's identity is revealed to all other users such as in a live video stream. The computing system can control display of users' identities based on user instructions or based on triggering conditions. A user interface (UI) can show content items that identify a user together with content items that are shared anonymously.

Abstract: This disclosure describes systems on a chip (SOCs) that prevent side channel attacks (SCAs). An example SoC includes an encryption engine, a key store, and a security processor. The key store is configured to store a plurality of encryption keys. The encryption engine is configured to encrypt transmit (Tx) channel data using any encryption key of the plurality of encryption keys stored to the key store. The security processor is configured to activate SCA mitigation logic of the SoC based on a determination that the encryption engine encrypts the Tx channel data using a strong key selected from the plurality of encryption keys stored to the key store, and to operate the SCA mitigation logic in a deactivated state based on a determination that the encryption engine encrypts the Tx channel data using a weak key selected from the plurality of encryption keys stored to the key store.

Abstract: In general, this disclosure describes encryption engines that shuffle data segments during decryption. By shuffling the data and using the resulting random permutation for decryption, the engines of this disclosure obfuscate hardware performance information that attackers might access and use in a side channel attack. In one example, an apparatus includes a decryption engine configured to select, for each round of multiple rounds for decrypting the block of encrypted data, a permutation of inputs to the decryption engine from multiple permutations of the inputs. The inputs include encrypted data segments of the block of encrypted data and an inverse cipher key segment, and the selected permutation of the inputs is different for at least two of the rounds. The decryption engine is further configured to iteratively compute a decrypted data segment across the plurality of rounds based on the respective selected permutation of the inputs for each round.

Abstract: A transceiver baseband hardware is provided. The transceiver baseband hardware includes a baseband hardware. The baseband hardware includes an encryption-decryption block. The encryption-decryption block encrypts intended transmission data and decrypts encrypted data with key coefficients via a cross logical operation of the encryption-decryption block. The cross logical operation includes when lower significant bytes of the key coefficients operating on most significant bytes of the intended transmission data and the encrypted data.

Abstract: A method for executing a polymorphic machine code, wherein: for each branching address at which a base block of a flow of generated instructions starts, the microprocessor automatically adds, in the generated flow of instructions, a renewal instruction suitable, when it is executed, for triggering the renewal of an initialization vector of a module for decryption by flow with a specific value associated with this branching address, then a flow encryption module encrypts the flow of instructions as it is generated and, during this encryption, each base block is encrypted using a specific value associated with the branching address at which it starts. Only the instruction flow encrypted in this way is recorded in the main memory. During execution of the encrypted instruction flow, the added renewal instructions are executed as they are encountered.

Abstract: A method of processing browser sessions in a telecommunications network is provided. The method includes receiving, from a subscriber client device in a plurality of subscriber devices each having an associated subscriber and a browser session request. The method includes, at the entity in the service provider network: transmitting the browser session request to a server entity located inside or outside the service provider network, receiving, from the server entity, a browser session response in relation to the transmitted browser session request, transmitting the browser session response to the subscriber client device, performing a lookup in the subscriber profile database for the subscriber client device in the plurality or the associated subscriber, and modifying, prior to the respective transmittal, at least one of the browser session request and the browser session response according to the results of the lookup. An apparatus and computer software are also provided.

Abstract: The present disclosure relates generally to semiconductor devices, and, in particular, to memory devices with a data-recording mechanism. A duration of time that a memory device operates in excess of an operational parameter may be tracked via intentional degradation to a transistor. One or more signals that result from the intentional degradation to the transistor may be leveraged to generate alarms and/or be otherwise used in a memory device control circuit and/or system.