Abstract: Various implementations described herein may refer to a compliance platform for use with identity data. In one implementation, a method may include receiving a compliance data package from a user, where the compliance data package includes encrypted evidence data corresponding to digital identity data of the user. The method may also include encrypting the compliance data package using a first cryptographic key. The method may further include generating a user key shard, a requestor key shard, and a regulator key shard based on the first cryptographic key. The method may include generating an unlock data package that includes the requestor key shard and encrypting the unlock data package using a second cryptographic key. The method may also include transmitting the user key shard, the encrypted unlock data package, and the encrypted compliance data package to the user. The method may include transmitting the regulator key shard to a regulator.

Abstract: A system and method that detects malicious account creation in a web-based platform. A method includes detecting suspicious events associated with an account creation process using a username classifier that evaluates a username used to create a new account, an IP address classifier that evaluates an IP address used to create the new account, and a domain classifier that evaluates a domain from an email address used to create the new account; analyzing each detected suspicious event with a density analysis classifier to determine if each detected suspicious event comprises a malicious event based on a density of detected suspicious events from a collections of account creation processes; and determining an alert condition based on at least one malicious event detection.

Abstract: A system on a chip including a first-port controller for a first development port configured to receive a first development tool and a second-port controller for a second development port configured to receive a second development tool. The system on a chip further including a central controller in communication with the first-port controller, the second-port controller, and a security subsystem. The central controller being configured to manage authentication exchanges between the security subsystem and the first development tool and authentication exchanges between the security subsystem and the second development tool.

Abstract: The present disclosure involves systems, software, and computer implemented methods for evaluating machine learning on remote datasets using confidentiality-preserving evaluation data. In response to determining that data of the remote customer dataset is of sufficient quality and quantity, feature data corresponding to a machine learning pipeline is generated. The remote customer dataset into one or more data partitions and for each partition, one or more baseline models and one or more machine learning models are trained using a machine learning library included in the remote customer database. Aggregate evaluation data is generated for each baseline model and each machine learning model that includes model debrief data and customer data statistics. In response to determining that the customer has enabled sharing of the aggregate evaluation data with a software provider who provided the remote customer database, the aggregate evaluation data is provided to the software provider.

Abstract: A device includes a random number generator configured to generate a random number, a memory configured to store at least one lookup table, and a processing circuit configured to generate a generator based on the random number, create the at least one lookup table based on the generator, and write the created at least one lookup table to the memory, wherein the processing circuit is configured to access the memory based on a first input and a second input, and generate a result of a modular multiplication of the first input by the second input based on the at least one lookup table.

Abstract: Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiated resilient authorized access to secret data are described herein. In one aspect, a method for data access includes receiving, at a server, a request for data access from a user; transmitting to users, a prompt for identity verification corresponding to the identity of each user, where at least one of user is different than the user requesting data access; receiving, in response to the identity verification prompt, a plurality of identification key fragments from storage locations or devices associated with the users, where each identification key fragment is user specific; generating an organization-specific data object from the plurality of identification key fragments; confirming the organization-specific data object by the users whose identities were validated; and authorizing the request for data access based on confirming the organization-specific data object.

Abstract: Disclosed herein are systems and methods for granting a user data processor access to a cryptocontainer of user data. In one aspect, an exemplary method comprises, creating a cryptocontainer for user's data, wherein the cryptocontainer receives at least one element of the user's data and encrypts the element; for the user data processor, establishing rights for accessing the element using a first key, and forming at least one access structure, the forming including, placing the first key in the access structure based on the established rights, receiving, from the user data processor, a second key linked to the user data processor which is to be used for accessing the first key, and encrypting the first key with the second key; and when a request for access to the cryptocontainer is received, granting, to the user data processor, access to the cryptocontainer based on the formed at least one access structure.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: An electronic device includes a memory storing data from an external source, an application processing unit (APU) transmitting a secret key and public key generation command, an isolated execution environment (IEE) generating a secret key in response to the secret key generation command, generating a public key based on the secret key in response to the public key generation command, and storing the secret key, and a non-volatile memory performing write and read operations depending on a request of the APU. When the data are stored in the memory, the APU transmits a public key request to the IEE and in response the IEE transfers the public key to the APU through a mailbox protocol. The APU generates a ciphertext by performing homomorphic encryption on the data based on an encryption key in the public key, and classifies and stores the public key and the ciphertext in the non-volatile memory.

Abstract: A method may include obtaining, for an application, application dependency specifications, identifying vulnerable components using the application dependency specifications and a list of known vulnerable components, selecting, for a vulnerable component, candidate dependency specifications each specifying a version ID for a component, selecting, for a candidate dependency specification, an upgraded version ID for a component, verifying, using an application dependency graph generated from the application dependency specifications, that upgrading the candidate dependency specification to the upgraded version ID removes a dependency on the vulnerable component, and recommending, for the application, an upgrade solution including upgrading the candidate dependency specification to the upgraded version ID.

Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to, when a signed certificate associated with a client expires, challenge the client by transmitting a first plurality of keys to a client IHS, wherein the client IHS is configured to respond the challenge by associating each of the keys with a second plurality of keys, pairing each of the first key with its associated second key, sending the paired first and second keys to the server IHS, and authenticate the client IHS by verifying that each of the first plurality of keys is associated with the second plurality of keys.

Abstract: Provided is a service deployment method, including: acquiring an installation file of a service to be deployed from a service operation system; accessing a first internal network of a service deployment demander; communicating with a service server operating in a second internal network of the service deployment demander via the first internal network through an authorization protocol from the service deployment demander, wherein the first internal network is in communication with the second internal network, and the second internal network allows to be accessed through the authorization protocol; and completing a service deployment in the service server by using the installation file.

Abstract: A electronic device including an integrated circuit, the integrated circuit comprising a secure element electronic circuit and an electronic radio communication circuit, the secure element electronic circuit having stored therein firmware program code configured to implement operating system functions, the operating system functions including a data receiving function and a data transmitting function, wherein the firmware program code is further configured to control the secure element electronic circuit to determine in the received data custom program code for a custom application, and to store the custom program code in the memory of the secure element electronic circuit, and to implement an application programming interface configured to receive from the custom application requests for called operating system functions, and to execute the called operating system functions for the custom application.

Abstract: The present disclosure provides a hierarchical method of identifying unauthorized network traffic in a network by applying, at one of a first plurality of nodes of a network, a first level of network traffic analysis to identify received network traffic as one of authorized or suspicious network traffic, the one of the first plurality of nodes having a first path for traffic routing and a second path to one of a second plurality of nodes of the network, the second path being used for forwarding the suspicious network traffic to the one of the second plurality of nodes; tagging the received network traffic as the suspicious network traffic; and sending the suspicious network traffic to the one of the second plurality of nodes over the second path, the second network node applying a second level of network analysis to determine if the received network traffic is authorized, unauthorized or remains suspicious.

Abstract: The information processing apparatus comprises a basic operation seed storage part, a reshare value computation part, and a share construction part. The basic operation seed storage part stores a seed for generating a random number used when computation is performed on a share. The reshare value computation part generates a random number using the seed, computes a share reshare value using the generated random number, and transmits data regarding the generated random number to other apparatuses. The share construction part constructs a share for type conversion using the data regarding the generated random number and the share reshare value received from other apparatuses.

Abstract: In an embodiment, processing of biometric data is split between a processor on a peripheral device and a processor of a host device that is coupled with the peripheral device. One embodiment provides a method comprising, on a peripheral device coupled with a host device, capturing biometric data using a biometric sensor of a peripheral device and pre-processing the captured biometric data using a processor of the peripheral device. The processor of the peripheral device is separate from a processor of the host device and resides within a chassis or housing of the peripheral device. The method additionally includes pre-validating the pre-processed biometric data to determine whether the pre-processed biometric data meets a minimum quality threshold and transmitting the pre-validated biometric data to the host device for validation.

Abstract: A method of providing secure communication between first and second devices comprises the first device and the second device connecting to a server via a secure communication channel. Encryption keys for the devices are generated and data relating to the encryption keys are exchanged via the server in the secure communication channel. A peer-to-peer connection for exchanging data is generated using encrypted connection information for the devices.

Abstract: In embodiments detailed herein describe an encryption architecture with fast zero support (e.g., FZ-MKTME) to allow memory encryption and integrity architecture to work efficiently with 3DXP or other far memory memories. In particular, an encryption engine for the purpose of fast zeroing in the far memory controller is detailed along with mechanisms for consistent key programming of this engine. For example, an instruction is detailed which allows software to send keys protected even when the controller is located outside of a system on a chip (SoC), etc.

Abstract: A system and method to tie a removable component to a host device. A first pairing key is stored into a security module on a host device such as a server rack. A removable component is inserted into the server rack for the first time. In response to this first insertion the first pairing key is burned into the removable component using a plurality of physically modifiable internal components. The server rack/security module receives a request form the removable component to operate on the server rack, the request includes a burned in pairing key. The security module compares the received pairing key with the first pairing key and permits operation of the removable component in response to a match between the received pairing key and the first pairing key.

Abstract: A system comprises a plurality of computing devices. Requests received by the system are distributed at random among the computing devices. A computing device, in response to receiving a request, stores a record of utilization of the computing device by a source of the request. The computing device determines to throttle requests from the source based, at least in part, on the utilization of the computing device by the source within the time period.