Abstract: Encrypting keystroke data in a multi-session-enabled computing device includes receiving a first control message requesting enabling of keystroke encryption for a protected application executing in a first desktop session. The first control message includes application identification information of the protected application. Keystroke encryption is enabled for keystrokes targeting the first desktop session based on receipt of the first control message. Keystroke data sent to the protected application is encrypted while the protected application maintains keyboard focus in the first desktop session. Unencrypted keystroke data is transmitted to another application of a second desktop session while keystroke encryption is enabled for the protected application in the first desktop session.

Abstract: A system includes a memory configured to store a set of private valid source data. The system includes processors operably coupled to the memory and configured to access the set of private valid source data, and to execute a dynamic data encryption engine configured to identify a sensitivity level of the set of private valid source data and to encrypt the set of private valid source data in accordance with a data encryption algorithm. The data encryption algorithm is selected based on the identified sensitivity level. The processors further execute a data ingestion and dynamic decryption engine configured to ingest the encrypted set of private valid source data into the hybrid cloud computing and storage system, and in response to receiving a request to retrieve the encrypted set of private valid source data from the hybrid cloud computing and storage system, decrypt the encrypted set of private valid source data.

Abstract: Intelligent functionality enablement techniques are disclosed. In one example, a method comprises obtaining a functionality enablement file comprising at least a first block and a second block, wherein the first block is usable to activate one or more features of a product and the second block is usable to perform a configuration setup to enable the product to operate in accordance with at least one computing platform.

Abstract: A machine learning (ML) attack detection and prevention system may monitor operation of an explainable artificial intelligence (AI) model processed by an application server to provide a product or service to a user. The AI model outputs explainable data and/or other outputs used in decision making. The ML attack detection and prevention system derives business rules based on the explainable data produced by the explainable AI model. Additionally, the ML attack detection and prevention system processes rules repositories of simulation failure data, historical failure data and business rules to derive possible fraud rules based on the data collected in above step. Based on a comparison of rules derived from the AI model output and the possible fraud rules, the ML attack detection and prevention system issues an alert if a fraud condition is suspected and causes the application server to revert back to a previous version of the AI model.

Abstract: Methods and systems for managing endpoint devices are disclosed. The endpoint devices may be managed by onboarding them. To onboarding the endpoint devices, ownership vouchers and proxy certificates may be used to cryptographically verify to which entities authority over the endpoint devices have been delegated. The proxy certificates may extend certificate and/or delegation chains in ownership vouchers to other devices. The extended chains may eliminate the need for proliferation of keys used to demonstrate authority over endpoint devices.

Abstract: A system for performing operations using linear integer programming for RSA factorization is provided, including an n/e extractor, a prime factorization calculator, a private key determiner, and a decryptor. The n/e extractor is configured to extract a modulus and a public key exponent from a public key. The prime factorization calculator is configured to: determine a semi-prime number of the modulus according to the modulus; use a tail digit and a head digit set of the semi-prime number of the modulus to perform decomposition and factorization with respect to the semi-prime number into two prime factors. The private key determiner is configured to determine a private key using the public key exponent and the two prime numbers. The decryptor is configured to decrypt an encrypted message using the private key so as to generate a decrypted message.

Abstract: Some embodiments include a method for detecting and interrupting a cache-based side-channel attack. The method includes: (1) at least calibrating one or more chiplets of a network by calculating a threshold; (2) determining one or more device heartbeat vectors of the one or more chiplets, the one or more device heartbeat vectors being derived at least part from one or more measurements of activity of one of more dedicated security processors associated with the one or more chiplets; (3) determining that a particular chiplet of the one or more chiplets is being attacked with a cache-based side-channel attack, the determining being based at least in part on a computed disparity exceeding the threshold; and (4) employing countermeasures against the cache-based side-channel attack of the particular chiplet, the countermeasures including revoking one or more access rights of the particular chiplet on the network.

Abstract: An apparatus comprises at least one processing device including a processor and a memory. The at least one processing device is configured to implement an agent application for supporting an authentication process between a client device and a web server over at least one network, to register the agent application with an operating system of the client device, and in conjunction with initiation of the authentication process via a web browser of the client device, to obtain a uniform resource identifier (URI) from the web server, the URI corresponding to a particular endpoint of the web server, and to make the URI accessible to the agent application via the operating system. The at least one processing device is further configured to carry out one or more authentication operations of the authentication process at least in part through interaction between the agent application and the particular endpoint of the web server.

Abstract: Described systems and methods protect client devices such as personal computers and IoT devices against malicious software. In some embodiments, a plurality of client devices report the occurrence of various events to a security server, each such event caused by a local instance of a target application (e.g., mobile app) executing on a respective device. The security server then collates the behavior of the respective target application across the plurality of client devices. Some embodiments compute an aggregate event set and/or sequence combining events detected on one device with events detected on other devices, and determine whether the target application is malicious according to the aggregate event set/sequence.

Abstract: Various embodiments of the disclosure disclose a method and an apparatus comprising: a communication module comprising communication circuitry, a memory, and a processor operatively connected to at least one of the communication module and the memory, wherein the processor is configured to: based on the electronic device being connected to a vehicle, transmit mobile identity document information stored in the memory to the vehicle through the communication module, receive vehicle information from the vehicle based on the mobile identity document information being completely authenticated by the vehicle, generate a digital key of the vehicle based on the vehicle information or the mobile identity document information, transmit the generated digital key to the vehicle, receive a digital key signed by the vehicle and driver identification information from the vehicle, and store the signed digital key and the driver identification information in the memory.

Abstract: A content owner registers with an identity authority by providing information about the content owner and a public key of a public/private key pair. The content owner registers content to the identity authority and signs the multiple segments of the content with the private key of the public/private key pair. A system that receives the signed content determines an indicated content owner of the received media content and communicates with the identity authority to confirm that the media content was produced by the indicated content owner. The receiving system requests the public key of the content owner from the identity authority and uses the public key to verify the signature of each media content segment. Accordingly, the receiving system is able to determine if the media content was manipulated after being distributed by the content owner.

Abstract: A method for providing vulnerability management by using drift analytics is disclosed. The method includes aggregating vulnerability reports that correspond to an application based on a predetermined configuration, the predetermined configuration including a predetermined schedule; appending the vulnerability reports to a historical record that corresponds to the application, the historical record including previously collected vulnerability reports; determining metrics for the application by using the corresponding historical record; generating a drift summary for the application based on the determined metrics and the corresponding historical record; comparing the drift summary with a previously generated drift summary to identify changes, the changes relating to a vulnerability status; and generating a drift report for the application based on the identified changes.

Abstract: Methods, systems, and storage media for offline license validation are disclosed. Exemplary implementations may: receive, at a server, a first public identifier of an offline device; identify the offline device based on the first public identifier; determine the offline device has an invalid license; determine the offline device has a valid license; generate a second public identifier for the offline device based on a second shared secret; generate a second public identifier to be broadcast to the offline device based on a second shared secret; broadcast, through the online device, the second public identifier to the offline device; and broadcast, through the online device, the second public identifier to the offline device.

Abstract: In some examples, scalable source code vulnerability remediation may include receiving source code that includes at least one vulnerability, and receiving remediated code that remediates the at least one vulnerability associated with the source code. At least one machine learning model may be trained to analyze a vulnerable code snippet of the source code. The vulnerable code snippet may correspond to the at least one vulnerability associated with the source code. The machine learning model may be trained to generate, for the vulnerable code snippet, a remediated code snippet to remediate the at least one vulnerability associated with the source code. The remediated code snippet may be validated based on an analysis of whether the remediated code snippet remediates the at least one vulnerability associated with the source code.

Abstract: A computer-implemented method includes generating two tensile circles based on a common circle created by overlapping two tensile spheres. An angle is determined using a modulo function and a predefined value. The angle is applied to both tensile circles. Next, multiplicands are determined for both tensile circles based on the angle applied to both tensile circles. The method then encrypts and/or decrypts data using a symmetric cryptography technique and the multiplicands.

Abstract: A system for using biometric data to authenticate a subject as an individual whose biometric data has been previously obtained. A second transducer has a digital electronic signal output characterizing a biometric of the subject; a second computing facility to receive the digital electronic signal; an array of servers; and a third computing facility. These components implement processes including generating shards from the digital electronic signal and distributing of the generated shards to the array of servers; receiving and storing by the array of servers the generated shards; performing a data exchange process using a subset of the generated shards to develop information relating to authentication of the subject; and transmitting to a third computing facility, the information developed, to cause the third computing facility to generate an output value indicating whether the subject is authenticated as the individual. A related enrollment system is also provided.

Abstract: Evaluating polynomials for use under fully homomorphic encryption (FHE) is provided. An input polynomial of degree n is received, wherein n is equal to 2{circumflex over (?)}m. An input ciphertext containing an input value is also received. The input value is duplicated in n/2 slots. Two plaintext vectors each containing half of the roots in the polynomial are subtracted from the input ciphertext, obtaining second and third ciphertexts, which are multiplied elementwise to produce a result ciphertext comprising n/2 slots. The result ciphertext is rotated by 2{circumflex over (?)}i to generate a rotated ciphertext (i=iteration number) and multiplied by the rotated ciphertext to produce a new result ciphertext, for m?1 iterations. The final result ciphertext is multiplied with a leading coefficient of the polynomial, resulting in a final polynomial evaluation. An operation not supported under FHE is estimated according to the final evaluation.

Abstract: A method for automatic configuration and use of Category 1 message filtering rules includes, at a network function (NF), subscribing, with an NF repository function (NRF), to receive notification of NF profile changes. The method further includes receiving, from the NRF and as a result of the subscribing, notification of an NF profile change. The method further includes automatically configuring, based on the notification of the NF profile change, at least one Category 1 message filtering rule implemented. The method further includes using the at least one Category 1 message filtering rule to filter service based interface (SBI) messages.

Abstract: Systems, methods, and computer-readable storage media to trace obfuscated data of an entity. One system includes a data processing system including memory and one or more processors configured to generate a data structure including a plurality of cryptographic outputs, wherein each of the plurality of cryptographic outputs obfuscates data of at least one identifier of the entity. The processors are further configured to broadcast the data structure to a distributed ledger and receive a proof request associated with a customer's cryptographic output. The processors are further configured to generate a cryptographic proof dataset for the customer's cryptographic output and provide the cryptographic proof dataset.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrating data privacy integration protocols across system landscapes. One example method includes receiving, at a first tenant of a kernel service, a message from a first application in a first landscape. Data from the message is provided to a core component of the kernel service that communicates with multiple tenants of the kernel service. The core component stores data from the message in a core storage area accessible by multiple tenants of the kernel service. The first tenant performs, in the first landscape, a first processing of the message using data in the core storage area for which the first tenant is authorized. The core component initiates a second processing of the message by a second tenant of the kernel service in a second landscape using data in the core storage area for which the second tenant is authorized.