Abstract: A password input and identification system includes a one-button password input component and a controller. The one-button password input component generates a series of trigger signals in response to a series of triggers that correspond to a series of user-input digits. The controller determines a value of each of the user-input digits by counting a number of the trigger signal(s) that correspond(s) to the user-input digit to serve as the value of the user-input digit. The controller compares the user-input digits with the predetermined password after the input of the user-input digits is finished, and performs a predetermined action when the user-input digits match the predetermined password.

Abstract: A method for performing secure computations on records, comprising: receiving a request to apply a computation on a record; assigning a respective partial record of a plurality of partial records of the record to each of a plurality of computational processes; instructing each of the plurality of computational processes to perform a computation scheme comprising: applying a semi honest multiparty computation on the partial record; iteratively repeating a predetermined number of times: using a secure multiparty arithmetic computation to generate random terms; using the secure multiparty arithmetic computation to assign the random terms and an outcome of the application to at least one predetermined equation; verifying an integrity of the semi honest multiparty computation by comparison of the assignments to the at least one predetermined equation to at least one constant; and when the integrity is valid, combining the applications of the semi honest multiparty computations on the partial records.

Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems based on machine-learned event profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account in a client portal session. The computing platform may capture one or more behavioral parameters and may generate one or more authentication prompts. Thereafter, the computing platform may receive one or more authentication prompt responses and may evaluate an event pattern. Based on evaluating the event pattern and validating the one or more authentication prompt responses, the computing platform may generate and send one or more authentication commands directing an account portal computing platform to allow access to the one or more secured information resources associated with the user account in the client portal session.

Abstract: A system and method of permanently erasing the contents of a Solid-State Drive (SSD) which involves the destruction of the storage portion of the SSD by rapidly heating that portion of the SSD to a state at which the semiconductor devices which make up the SSD are destroyed or damaged. The system and method allows a user to locally or remotely erase a SSD drive to prevent the contents of the drive from being compromised. Certain embodiments of the system and method provide for the automatic destruction of the SSD should the device be connected to an unregistered drive controller.

Abstract: The present disclosure provides methods, computer-readable media, and devices for making content recommendations in a manner that protects private user data. In one example, a method includes collecting content consumption history data for a specific user of a telecommunications network, inserting random noise into the content consumption history data to produce anonymized data, sending the anonymized data over a network to a centralized device, receiving correlation data from the centralized device, wherein the correlation data indicates correlations among a plurality of items of content that is available for consumption via the telecommunications network, and predicting a likelihood that the specific user would be interested in a particular item of the plurality of items of content, wherein the predicting is based on the content consumption history data and on the correlation data. The steps may be carried out by a processor of a user endpoint device.

Abstract: A method may include receiving a beacon from a first intermediate device via a first network, the beacon being received by the first intermediate device from an endpoint device via a second network. The beacon may include a hash value based at least in part on the identity of the endpoint device and a time unit when the beacon was generated. The hash value of the beacon may be validated based on the identity of the endpoint device and the time unit when the beacon was generated. The beacon may be forwarded to a server via a third network in response to the hash value of the beacon being valid.

Abstract: A shared resource service allows multiple clients to agree on rules for accessing a shared resource (e.g., a shared database or a shared service). The shared resource service also allows the clients to make changes to the rules (e.g., via consensus or majority vote). The clients use the shared resource service to enforce the rules, without having to trust each other to follow the rules when accessing the shared resource. First, the clients agree on a set of initial rules for accessing the shared resource and a set of initial rules for making changes to the rules. After the rules are initialized, then the clients can begin using the shared resource in accordance with the agreed upon rules. In response to a request for accessing the shared resource or a request for changing rules, the shared resource service enforce the applicable rules.

Abstract: Embodiments include cryptographic circuits having isolated operation with respect to embedded sensor operations to mitigate side-channel attacks. A cryptographic circuit, a sensor, and an analog-to-digital converter (ADC) circuit are integrated into an integrated circuit along with a cryptographic circuit. A sensed signal is output with the sensor, and the sensed signal is converted to digital data using the ADC circuit. Further, cryptographic data is generated using one or more secret keys and the cryptographic circuit. The generation of the cryptographic data has isolated operation with respect to the operation of the sensor and the ADC circuit. The isolated operation mitigates side-channel attacks. The isolated operation can be achieved using power supply, clock, and/or reset circuits for the cryptographic circuit that are electrically isolated from similar circuits for the sensor and ADC circuit. The isolated operation can also be achieved using time-division multiplex operations.

Abstract: A system for remotely controlling an electronic device includes a first electronic device configured to read a frame buffer to compress a screen and transmit the compressed screen, a second electronic device connected to the first electronic device and configured to repeatedly receive the compressed screen, to receive a communication service related event generated in the first electronic device and output the communication service related event, and to receive an event of copying a file between the first electronic device and the second electronic device and pasting the file, and a network configured to form a communication channel between the first electronic device and the second electronic device according to an authentication result of authentication information input into at least one of the first electronic device and the second electronic device.

Abstract: Described is a system for securing recovery information that is distributed amongst multiple cloud-based systems. Encrypted recovery data may be stored on at least one cloud-based system. To decrypt the recovery data, coordination between multiple cloud-based systems may be required to obtain the encryption key. Accordingly, a production system does not have to perform key management. Therefore, even if the production system is compromised by a malicious party, the encryption key remains secure as multiple cloud-based systems would also have to be comprised. In addition, the system may coordinate the creation and distribution of the recovery information, as well as the acquisition of such recovery information as part of a data recovery process. Thus, the system may secure recovery information by leveraging multiple cloud-based systems (or services).

Abstract: A host device includes a power supply unit configured to supply power to a SoC, a current measurement circuit configured to measure a current from the power supply unit to the SoC, a detection unit configured to detect a power supply glitch in the host device, on the basis of a result of current measurement by the current measurement circuit, and a controller configured to suspend transmission of encrypted command from the host device to the memory device if the detection unit detects a power supply glitch in the host device.

Abstract: A method of starting-up a computer system includes accessing a second storage area of a storage in which program data are stored; loading and executing the program data from a second storage area; mounting an external storage medium connected to the computer system, wherein a file system key that decrypts a file system data is stored on an external storage medium, wherein the file system key is encrypted on the external storage medium; loading the encrypted file system key from the external storage medium into the computer system; decrypting the encrypted file system key by a key stored in the second storage area; setting the decrypted file system key in a cryptographic module established by the start-up process; and decrypting and loading file system data of the encrypted file system by the cryptographic modules by the set file system key, whereby the computer system is started up completely.

Abstract: Systems, methods, and computer-readable media for configuring and verifying compliance requirements in a network.

Abstract: Password information and password input pattern information for a user may be obtained. The password information may define a password submitted by the user. The password input pattern information may define an input pattern with which the password was inputted by the user. The password may be compared with a predefined password for the user. The input pattern may be compared with a predefined input pattern for the user. The password may be authenticated based on a first match between the password and the predefined password and a second match between the input pattern and the predefined input pattern.

Abstract: An Internet Protocol Security tunnel maintenance method, apparatus, and system including a terminal device that negotiates with a VPN gateway based on a first IP address and according to the IKE protocol, and establishes an IPsec tunnel based on SAs obtained through negotiation; determines, the first IP address changes to a second IP address; sends a first request packet to the VPN gateway, where the first request packet carries the second IP address and a first tunnel identifier, where the first request packet is used to request to update a first SA record, and where the first SA record includes a correspondence between the SAs, the first IP address, and the first tunnel identifier; generates a second tunnel identifier based on the second IP address and a predefined algorithm; and replaces the first tunnel identifier in a second SA record with the second tunnel identifier.

Abstract: Techniques are described for authentication using sound-based monitor detection. In some implementations, the sound (e.g., ultrasound) generated by a monitor is used to detect its presence in the vicinity of a (e.g., portable) computing device that is being used to capture image(s) to be provided to an image-based authentication system. While the computing device is being used to capture image(s) to be provided to the image-based authentication system, the sound data in proximity to the computing device can be captured and analyzed (e.g., using machine learning or other techniques) to determine whether the sound data exhibits a particular pattern and/or characteristics (e.g., signature) that indicates the presence of a monitor in proximity to the computing device. The presence (or absence) of a monitor can be used in determining whether to authenticate the user.

Abstract: A method of encoding data, including: obtaining a data stream comprising a first sequence of values; duplicating of the first sequence of values; offsetting the duplicate first sequence of values; braiding the first sequence of values and the offset duplicate first sequence of values, creating a braided data sequence; and outputting the braided data sequence.

Abstract: A method for covertly transmitting a packet of data over a network is provided. A datagram for transmission is fragmented. A portion of the data in the datagram is encrypted and stored within a fragment section of the datagram which is not a first fragmented section. Only the fragmented section that contains the encrypted data is transmitted. No other fragment of the fragmented datagram is transmitted such that the lone fragment transmission will appear as error.

Abstract: In one embodiment, a device of a vehicle receives a packet comprising a source address, a destination address, an internet protocol (IP) encapsulated controller area network (CAN) message, and CAN message identifier information. The device compares the source address, the destination address, and the CAN message identifier information to an access control list (ACL). The device makes a determination that delivery of the CAN message to the destination address would be a policy violation based on the comparison. The device drops the packet based on the determination that delivery of the CAN message to the destination address would be a policy violation.

Abstract: Embodiments are directed to storing encrypted data in a data store and to securely providing access to the encrypted data according to a predefined policy. A data storage system receives encrypted data. The data is encrypted using a private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption and the policy prevents the storage system from unencrypting the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system decrypting the encrypted data. The data storage system can acknowledge that the received encrypted data has been verified and successfully stored.