Abstract: Data storage devices and operating methods that can improve a booting operation are disclosed. A storage device includes: a memory device including one or more boot partitions configured to store boot data for executing an operating system; and a memory controller coupled to the memory device and configured to perform, upon receiving power, a rebuild operation to restore first system data including active boot partition information associated with an activated boot partition among the one or more boot partitions and provide the active boot partition information to a host. Upon receiving, by the memory controller, from the host, a boot partition read request based on the active boot partition information, the memory controller transmits, to the host, the boot data stored in a boot partition corresponding to the active boot partition information.

Abstract: Statistical properties of known malware distributions may be used to improve estimates of malware detection metrics such as a base rate of malicious events in a target environment or missed detections (also referred to as false negatives). In particular, numerous synthetic sample distributions may be generated based on the statistical properties of a base data set and/or additional observed data, and used to identify malware distributions that produce overall detection statistics corresponding to model output for live target data. The malware detection metrics for the live target data can then be characterized using the observed distributions of malware (and malware detections) for the synthetic sample distributions.

Abstract: Described systems and techniques determine a password change trigger for a password for an account, and access a connection store storing a plurality of password models. Each password model may include at least one password requirement and at least one password change procedure. Based on the password change trigger and from the plurality of password models, a selected password model for the password and the account may be selected. The account may be accessed using at least one selected password change procedure of the selected password model, and the password may be updated in accordance with at least one selected password requirement of the selected password model.

Abstract: Apparatus, methods and computer programs for receiving first content; receiving second content identifying at least one interactive component comprised by the first content, the at least one interactive component having been flagged by at least one user; and modifying the received first content based on the received second content, to highlight the identified at least one interactive component.

Abstract: A processing device sets a first flag that indicates whether a first critical security parameter (CSP) file exists. The first CSP file includes a first set of CSPs for a memory device. The processing device sets a second flag that indicates whether the first CSP file is valid. The processing device sets a third flag that indicates whether a second CSP file exists. The second CSP file includes a second set of CSPs for the memory device. The processing device sets a fourth flag that indicates whether the second critical security parameter file is valid. The processing device selects one of the first or second CSP file as an active CSP file based on an evaluation of the first, second, third, and fourth flags.

Abstract: Methods and devices to enable the splitting of storage and validation functions from mining function in a blockchain network. The storage and validation nodes create candidate blocks and collect block rewards from successfully mined blocks. The mining nodes provide hash power for mining the candidate blocks and received resources from the storage and validation node for successful mining of a candidate block. Atomic exchange mechanisms are described for preventing loss and fraud and minimizing the use of bandwidth by mining nodes.

Abstract: Various embodiments provide systems and methods systems and methods for dynamically attracting malicious network behavior.

Abstract: A decentralized identity access management (IAM) architecture that executes IAM service code on the distributed nodes (i.e., replicas) of a Byzantine fault tolerant (BFT) state machine replication (SMR) system is provided. For example, the IAM service code may be implemented as a blockchain smart contract or as a native execution engine that runs on each replica. With this decentralized architecture, up to f replicas (where f is a threshold number defined by the system's BFT consensus protocol) can be faulty/corrupted without affecting the security of the system.

Abstract: A processing circuitry having a secure domain and a less secure domain. A control storage location stores a domain transition disable configuration parameter specifying whether domain transitions between the secure domain and the less secure domain are enabled or disabled in at least one mode of the process-ing circuitry. In the at least one mode of the processing circuitry, when the domain transition disable configuration parameter specifies that said domain transitions are disabled in said at least one mode, a disabled domain transition fault is signalled in response to an attempt to transition between domains in either direction. This can help support lazy configuration of resources for the secure domain or less secure domain for a thread expected only to need the other domain.

Abstract: Systems and methods for protection of data across multiple users and devices are disclosed. According to one embodiment, in privacy server comprising at least one computer processor, a method for protection of data across multiple users and devices may include: (1) receiving, from a first user device, a data sharing permission for the first user device and a data sharing permission for a second user device, the first user device and the second user device associated with the same user; (2) provisioning the data sharing permission for the second user device; and (3) communicating the provisioned data sharing permission to the second user device, wherein the second user device shares data with the first user device according to the provisioned data sharing permission.

Abstract: The present invention relates to a method for detecting anomalies in data traffic generated by peripheral devices simulating human-like patterns retrieving all data packets sent by a peripheral device to a computer, identifying a data communication as a plurality of the data packets in a predetermined timeframe, parsing the content of each of the data packets of the data communication to extract a plurality of communication features of the data communication, classifying the communication features through a set of absolute classifiers and through a set of majority classifiers and signalling an anomaly of the data communication when at least the majority in the set of absolute classifiers or at least one in the set of absolute classifiers define the data communication as malicious.

Abstract: A general computing environment (GCE) determines request data comprising payload data and instruction data to use cryptographic functions in a secure computing environment (SCE). The SCE provides secure input and output devices, allowing secure presentation to a user and acquisition of user input. The SCE receives the request data and processes the payload data using the instructions in the instruction data to produce cryptographic output data. The request data may be determined using schemas that specify the formatting, grammar, and other attributes of data associated with a transaction that utilizes cryptographic functions. By using schemas and the request data, the SCE may support any protocol that uses the cryptographic functions supported by that SCE to compose cryptographic output. To enhance user comprehensibility and security, the SCE may securely replace some data with human readable text or images and present this as abstracted request data.

Abstract: An authentication method includes registering in an authentication service associated with an application, a ID of a wearable device, disposing the wearable device proximate to a smart device that does not have the application, to provide the ID and an identifier for the application, wherein the smart device stores a document, receiving in the authentication service from the smart device, a communication including the ID, the identifier, and the document, wherein the smart device receives the application in response to the identifier, determining in the authentication service, whether an authentication service is approved in response to the ID, digitally signing in the authentication service, the document to form a digitally signed document, in response to the document and to determining that the authentication service is approved, outputting with the authentication service, the digitally signed document to the smart device.

Abstract: Embedding an insecure application within a host application is performed. Modern applications may incorporate smaller applications into a common interface with some applications requiring more privilege than others. A host application may be configured to load an application into a sandboxed frame to create separate security zones by isolating the originating domains of the respective applications. Security authorization for the sandboxed application may be obtained by the host application as part of initialization. Then, operations to be performed by the sandboxed application that require origination from the host domain may be requested by the application to the host using a Remote Procedure Call (RPC) mechanism. The host may then perform the requested operations on behalf of the application and return the results via RPC. In this manner, the embedded application may employ greater application privileges without increasing security vulnerabilities of the host.

Abstract: A method includes: receiving selection of a document; correlating sequences of words, in the document, with a set of language signals; generating a set of document tags representing the set of language signals; and retrieving a first data access policy: associated with a particular document tag in the set of document tags; and including a set of identities permitted to access a document associated with the particular document tag; receiving selection of a recipient account of the document; and in response to detecting the set of identities excluding the recipient account, restricting access to the document by the recipient account.

Abstract: A display method, an apparatus, and a storage medium are provided. The method includes: rendering, by a first container, a to-be-displayed page to generate to-be-displayed image data, and encrypting the image data; and writing, by the first container, encrypted image data into a buffer corresponding to the first container, and sending instruction information to a second container of a terminal, where the instruction information is used to instruct the second container to securely display the encrypted image data. Because the containers are isolated from each other, the malware in the first container cannot access the image data displayed in the second container, and the second container securely displays the encrypted image data. In this way, security of displaying the image data can be improved while ensuring that an image display function is not restricted.

Abstract: A pseudo-active/active firewall configuration handles firewall switchover events with minimized session disconnection. A passive firewall is set to an active state, and an active firewall is switched to a pseudo-active state wherein it continues to process ingress and egress traffic according to traffic handling protocols for its active state. During updating of a corresponding Network Address Translation (NAT) table to route traffic to the now-active firewall, the pseudo-active firewall enters a forwarding state wherein it forwards ingress network sessions to the now-active firewall and processes the ingress network sessions according to its active state. The now-active firewall receives the ingress network sessions and records session states prior to discarding them. After updating the NAT table, when traffic is routed to the now-active firewall, the recorded session states are used to maintain active sessions.

Abstract: Some implementations of the technology relate to anonymizing personally identifiable information (PII) by creating a quick response (QR) code linked to a website that can verify that driver's license information and insurance information of a driver is available and valid, without showing the PII itself. Some implementations can allow another driver in an automobile accident to scan the QR code, enter her own insurance information, and can push the driver's PII to her insurance company. Some implementations can allow the other driver to download an encrypted file with the PII that can be shared with his insurance company. The QR code can be used in other contexts outside of automobile accidents as well, such as when a driver wishes to test drive a car, rent a car, buy a new car, etc., and needs to provide proof of a valid driver's license and insurance coverage.

Abstract: A system which includes a photon source configured to generate a spin-1 particle; an N-dimensional quantum random number generator (ND-QRNG); a processor; and a memory. The ND-QRNG includes a detector and an optical unit including: a preparation stage configured to enable certification via value indefiniteness; and a measurement stage configured to generate numbers and outcomes attained by measuring a state of a particle utilized to prepare an N-dimensional quantum system. The memory, includes instructions stored thereon, which, when executed by the processor cause the system to: generate a spin-1 particle; receive the spin-1 particle by the optical unit; generate by the optical unit a set of outcomes based on the state of the spin-1 particle; detect the set of outcomes; and output a sequence of N-ary numbers based on the detected set of outcomes.

Abstract: It is hereby disclosed an apparatus for and a method of writing software objects into a rewritable nonvolatile memory of an electronic control unit of an internal combustion engine, wherein the method comprises: receiving an access request from a memory writing device, generating a seed code, transmitting the seed code to the memory writing device, generating a first key code on the basis of the seed code and a first identification code, generating a second key code on the basis of the seed code and a second identification code, receiving a reference key code from the memory writing device, comparing the reference key code with the first key code and/or with the second key code, and enabling the memory writing device to write software objects into the rewritable nonvolatile memory, if the reference key code corresponds to the first key code or to the second key code.