Abstract: A cyber safety system that provides a real-time and independent cyber-attack monitoring and automatic cyber-attack response. The cyber safety system comprises a cyber monitoring logic to generate a cyber attack signal in response to a cyber attack event. The cyber safety system further comprises an automatic segmentation controller to generate a plurality of segmentation voltage signals or a plurality of segmentation messages in response to the cyber attack signal. The cyber safety system further comprises a plurality of firewalls configured to invoke firewall rulesets depending upon an input voltage signal level of the plurality of segmentation voltage signals or the plurality of segmentation messages to segment a site network in a plurality of site network segments and to control one or more physical devices as response to the cyber attack event.

Abstract: Elliptical curve cryptography (ECC) utilizes an elliptic curve consistent with the formula px mod q=r, where x is a private key having an irrational number component. The irrational component is employed to provide much greater entropy than would be achieved where x is a prime number.

Abstract: Non-transitory computer readable storage mediums have instructions executed by processors to convert a first list at a first server into a first encrypted, permuted list with first dummy data elements and form a first encrypted linked list of pointers to locations in the first encrypted, permuted list. A second list at a second server is converted into a second encrypted, permuted list with second dummy data elements and a second encrypted linked list is formed of pointers to locations in the second encrypted, permuted list. Elements of the first encrypted, permuted list are combined with elements of the second encrypted, permuted list into a merged, sorted list of secret sharings, where the merged, sorted list of secret sharings is formed solely utilizing local computations at the first server, local computations at the second server and communications solely between the first server and the second server.

Abstract: A method for licensing a sensor at a central body, a method for licensing a receiver at a central body, a method for providing a list of sensor keys by using a central body, a method for registering a licensed sensor on a licensed receiver and a system for transmitting data from a licensed sensor to a licensed receiver, allow sensors and receivers to be licensed while also simultaneously ensuring secure delivery of the transmission key for communication purposes or for data exchange between the sensors and the receivers. The transmission key can be transmitted in an encrypted matter and there is no need to transmit the transmission key in an unencrypted manner. It is also possible to establish a licensing model for sensors and receivers by virtue of the secure delivery of the transmission key.

Abstract: A method and a system for detecting malicious files in non-isolated environment are provided. The method comprises, during a training phase: acquiring a plurality of executable files, analyzing a given executable file to obtain: (i) data associated with the given executable file; (ii) a control-flow graph associated with the given executable file, and (iii) a data-flow graph associated with the given executable file; determining, based on the data, parameters of the given executable file; generating, by the processor, based on the parameters, at least a first feature vector and a second feature vector; generating, by the processor, based on the control-flow graph, a third feature vector; generating, by the processor, based on the data-flow graph, a fourth feature vector; and training the each one of ensemble of classifiers based on a respective feature vector to determine if a given in-use executable file is one of malicious and non-malicious.

Abstract: Aspects of the present disclosure involve a method, a system and a computer readable memory to optimize performance of cryptographic operations by avoiding computations of inverse values during decryption of encrypted messages.

Abstract: An electronic device is provided. A computing system includes a host and a storage device. The host generates a host authentication code. The storage device receives a first request among a series of first to third requests regarding security write and write data from the host, generates a device authentication code based on the write data, receives the second request and the host authentication code from the host, and performs a program operation on the write data based on a result of comparing the host authentication code with the device authentication code.

Abstract: In some examples, a system executes a monitor separate from an operating system (OS) that uses mapping information in accessing data in a physical memory. The monitor identifies, using the mapping information, invariant information, that comprises program code, of the OS without suspending execution of the OS, the identifying comprising the monitor accessing the physical memory independently of the OS. The monitor determines, based on monitoring the invariant information of the OS, whether a security issue is present.

Abstract: SEPP 1 forms a first TLS protected N32-c connection between with SEPP 2 so that SEPP 1 and SEPP 2 are respectively a TLS client and server. A TLS protected second N32-c connection between with SEPP 2 so that SEPP 1 and SEPP 2 are respectively a TLS server and client. On forming the first and second TLS protected N32-c connections, respective first and second shared secrets are formed. First and second master keys are obtained from the first and second shared secrets, respectively. N32-f context IDs are created by each SEPP on setup of the first and second N32-c connections. Based on the first master key and the first N32-f context ID, a first session key is produced for encryption of a first N32-f request to the second security edge proxy and correspondingly a second session key is produced for decryption of a second N32-f request from SEPP 2.

Abstract: A method and apparatus for processing biometric information in an electronic device including a processor that operates at a normal mode or at a secure mode, the method comprising, detecting a biometric input event from a biometric sensor module at normal mode, creating biometric data based on sensed data from the biometric sensor module at the secure mode, performing biometric registration or biometric authentication based on the created biometric data at the secure mode, and providing result information of biometric registration or biometric authentication at the normal mode.

Abstract: A first installation stores a secret key of a user and a second installation provides encrypted data for the user. In order that a user apparatus can decrypt the encrypted data, the apparatus creates a one-time password, encrypts the one-time password by means of a public key of the first installation and causes the second installation to retrieve the secret key of the user from the first installation by means of the encrypted one-time password and a key identification allocated to the user in the second installation. The first installation decrypts the one-time password, searches for the secret key based on the key identification, encrypts it with the one-time password and transmits the encrypted secret key to the apparatus via the second installation. There, the secret key of the user is decrypted by means of the one-time password and is used for decrypting the encrypted data.

Abstract: Embodiments of this disclosure provide an authentication information transmission method and system, a key management client, and a computer device. Performed by a device hosting a key management client and comprising a hardware abstract layer, the method includes receiving, through a path via a preset hardware abstract layer interface of the hardware abstract layer, authentication information from an application client associated with an application server; transmitting the authentication information to a key management server, so that the key management server transmits the authentication information to a trusted application in the device; obtaining authentication information signed by the trusted application and forwarded by the key management server; and transmitting, through the preset hardware abstract layer interface, the signed authentication information to the application server, so that the application server performs a validity check on the authentication information.

Abstract: An apparatus to facilitate mitigation of side-channel attacks in a computer system platform is disclosed. The apparatus comprises a cryptographic circuitry, including a plurality of crypto functional units (CFUs) to perform cryptographic algorithms; and jammer circuitry to generate noise to protect the plurality of CFUs from side-channel attacks.

Abstract: Embodiments protect against memory-based side-channel attacks by efficiently shuffling data. In an example implementation, in response to a data access request by an encryption methodology regarding a first data element from amongst a plurality of data elements stored in memory, a storage address of a second data element of the plurality is determined. This storage address is determined using (i) an address of the first data element in the memory, (ii) a permutation function, and (iii) a random number. In turn, the first data element is stored at the determined storage address of the second data element and the second data element is stored at the address of the first data element. In this way, embodiments protect encryption methodologies from memory-based side-channel attacks.

Abstract: A system and method for determining a secret crypto-graphic key shared between a sending unit and a receiving unit for secure communication includes obtaining, by the sending unit, a random bit sequence, and transmitting, at the sending unit, a first sequence of electromagnetic pulses to the receiving unit via a communication channel, wherein each electro-magnetic pulse of the first sequence of electromagnetic pulses corresponds to a bit of the random bit sequence according to a ciphering protocol, the signal loss is determined in the communication channel caused by an eavesdropper, and an information advantage is estimated over the eavesdropper based on the determined signal loss. Privacy amplification is performed based on the estimated information advantage in order to establish a shared secret crypto-graphic key.

Abstract: A computer system and process for mitigating a Distributed Denial of Service (DDoS) attack by analyzing and correlating inbound and outbound packet information relative to the one or more protected computer networks for detecting novel DDoS Reflection/Amplification attack vectors. Created are separate data repositories that respectively store information relating to captured inbound and outbound packets flowing to and from the protected computer networks. Stored in each respective inbound and outbound data repository are identified inbound destination ports respectively associated with the captured inbound and outbound packets such that each identified inbound destination port number is associated with 1) a packet count relating to the inbound and outbound packets; and 2) a packet byte length count relating to each of the inbound and outbound packets.

Abstract: Systems and methods include causing a scan by Cloud Access Security Broker (CASB) system of a plurality of users associated with a tenant in a Software-as-a-Service (SaaS) application where the scan includes any of identifying malware in content in the SaaS application and identifying confidential data in the content in the SaaS application; during the scan which is covering historical data in the SaaS application, receiving notifications of the content being actively modified by any of the plurality of users; and including the content being actively modified in the scan with the historical data. The systems and methods can further include maintaining geolocation of the any of the plurality of users; and causing the content being actively modified in the scan to be processed by the CASB system based on the geolocation.

Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious behavior using a trained deep learning model. At a high level, embodiments of the present disclosure utilize a trained deep learning model that takes a sequence of ordered signals as input to generate a score that indicates whether the sequence is malicious or benign. Initially, process data is collected from a client. After the data is collected, a virtual process tree is generated based on parent and child relationships associated with the process data. Subsequently, embodiments of the present disclosure aggregate signal data with the process data such that each signal is associated with a corresponding process in a chronologically ordered sequence of events. The ordered sequence of events is vectorized and fed into the trained deep learning model to generate a score indicating the level of maliciousness of the sequence of events.

Abstract: Described are automated systems and methods for employing certificate authority meta-resources to facilitate automatic renewal and/or rotation of certificates and/or certificate authorities in a PKI hierarchy. For example, embodiments of the present disclosure can provide creating a certificate authority meta-resource, which can maintain and monitor certain information to facilitate automatic renewal and rotation of certificates and/or certificate authorities in a PKI hierarchy. The certificate authority meta-resource can also keep track of the active certificate authorities and certificates to ensure that trust is maintained without manual configuration of the PKI hierarchy.

Abstract: Systems and methods are provided that may be implemented by services executing on one or more remote servers and on an endpoint information handling system to remotely erase (i.e., clear or remove) biometric fingerprint credential data that is previously stored on non-volatile memory of a discrete “match-on chip” fingerprint reader (MOFR) of the endpoint information handling system, as well as to erase separate non-biometric OS user identifier (ID) fingerprint enrollment information stored on separate system non-volatile memory of the endpoint information handling system.