Abstract: The invention provides a device with cryptographic function, which includes: a hardware unit, exhibiting hardware-intrinsic properties; a key generating unit, generating a private key according to the hardware-intrinsic properties, and generating a public key according to the private key, for exchanging public keys with an outside device to convert communication payload information into first encrypted information based on the received public key; and a session operational unit, establishing a session key configured to encrypt the first encrypted information into second encrypted information to be transmitted between the cryptographic device with cryptographic function and the outside device. The key generating unit further optionally generates a secret key according to the hardware-intrinsic properties for securing data at rest in the cryptographic device.

Abstract: A system to create Data Loss Prevention (DLP) policies and adjust DLP policies over time in a computing system using agents running at an endpoint to intercept a data transfer in a network traffic. New data flow/DLP policy rules are created and updated with reference to behavior data of trusted and untrusted users.

Abstract: A method for handling an anomaly of data, in particular in a motor vehicle, is provided. At least one sensor obtains data for the anomaly detection. The sensor examines the obtained data for anomalies, and generates an event as a function of the associated data when an anomaly is detected. An event report is generated as a function of the event. The event report includes at least one variable that changes for each event report and/or is cyclically sent.

Abstract: Methods, systems, and computer-readable media (CRM) are disclosed for facilitating the electronic signing of a document. The disclosure includes methods, systems and CRM for performing at least the following: i) identifying an eligible witness electronic device from a signature request initiated by a signor electronic device associated with a signor; ii) verifying the signor electronic device with the witness electronic device based on at least one parameter associated with the signature request before making a document available to the signor electronic device; iii) transmitting the document to the signor electronic device upon verification; and iv) receiving an electronic signature of the signor through the signor electronic device.

Abstract: The present invention provides a method for message authentication, in particular in case of low of transmission or storage capacities. The present invention further provides corresponding devices for generating or sending authenticated messages and for receiving or retrieving authenticated messages as well as a system comprising such devices. In an embodiment, the method may comprise (a) preparing a data block having an uncompressed length; (b) compressing the data block so that the data block has a compressed length smaller than the uncompressed length; (c) determining an available length from at least the compressed length and a maximum length of a data frame; (d) calculating a message authentication code, MAC, from at least the data block, having a MAC length not greater than the available length; and (e) creating the data frame, comprising the data block and the MAC.

Abstract: A method for authorizing access to one or more secured computer resources includes obfuscating a reference biometric vector into an obfuscated reference biometric vector using a similarity-preserving obfuscation. An authentication biometric vector is obfuscated into an obfuscated authentication biometric vector using the similarity-preserving obfuscation. A similarity of the obfuscated authentication biometric vector and the obfuscated reference biometric vector is tested. Based on the similarity being within an authentication threshold, access to the one or more secured computer resources is authorized.

Abstract: Systems, apparatuses, methods, and computer-readable media for implementing confidential computing of one or more computing systems and/or devices using component authentication and data encryption with integrity and anti-replay mechanisms are disclosed. In some examples, the systems, apparatuses, methods, and computer-readable media described herein can perform various techniques, including one or more secure boot processes, component and data authentication, and data encryption with integrity and anti-replay, among other secure techniques. One implementation may include executing secure boot process based on authentication of a device identifier stored in a secure physical object of a processing device. Another implementation may include encrypting and storing a counter value corresponding to a cache line and generating an integrity tag value replacing error correction code bits associated with the cache line with the generated cache line tag value.

Abstract: Techniques are disclosed in which an edge user computing device pre-processes a stream of user data prior to using the stream of data to train a machine learning model at the edge device. The edge device receives the stream of user data, where the stream of data includes a first set of characteristics associated with the edge device and a second set of characteristics associated with a plurality of user requests received from a user of the edge device. The edge device repeatedly generates, using the stream of data, sets of pre-processed user data by performing pre-processing techniques on characteristics included in the stream of data. The edge device repeatedly trains, using the sets of pre-processed data, a baseline model to generate a device-trained model, where the baseline model is trained at the edge device without providing user data included in the stream of data to a server computer system.

Abstract: Various implementations described herein may refer to a compliance platform for use with identity data. In one implementation, a method may include receiving a compliance data package from a user, where the compliance data package includes encrypted evidence data corresponding to digital identity data of the user. The method may also include encrypting the compliance data package using a first cryptographic key. The method may further include generating a user key shard, a requestor key shard, and a regulator key shard based on the first cryptographic key. The method may include generating an unlock data package that includes the requestor key shard and encrypting the unlock data package using a second cryptographic key. The method may also include transmitting the user key shard, the encrypted unlock data package, and the encrypted compliance data package to the user. The method may include transmitting the regulator key shard to a regulator.

Abstract: A system and method that detects malicious account creation in a web-based platform. A method includes detecting suspicious events associated with an account creation process using a username classifier that evaluates a username used to create a new account, an IP address classifier that evaluates an IP address used to create the new account, and a domain classifier that evaluates a domain from an email address used to create the new account; analyzing each detected suspicious event with a density analysis classifier to determine if each detected suspicious event comprises a malicious event based on a density of detected suspicious events from a collections of account creation processes; and determining an alert condition based on at least one malicious event detection.

Abstract: A system on a chip including a first-port controller for a first development port configured to receive a first development tool and a second-port controller for a second development port configured to receive a second development tool. The system on a chip further including a central controller in communication with the first-port controller, the second-port controller, and a security subsystem. The central controller being configured to manage authentication exchanges between the security subsystem and the first development tool and authentication exchanges between the security subsystem and the second development tool.

Abstract: The present disclosure involves systems, software, and computer implemented methods for evaluating machine learning on remote datasets using confidentiality-preserving evaluation data. In response to determining that data of the remote customer dataset is of sufficient quality and quantity, feature data corresponding to a machine learning pipeline is generated. The remote customer dataset into one or more data partitions and for each partition, one or more baseline models and one or more machine learning models are trained using a machine learning library included in the remote customer database. Aggregate evaluation data is generated for each baseline model and each machine learning model that includes model debrief data and customer data statistics. In response to determining that the customer has enabled sharing of the aggregate evaluation data with a software provider who provided the remote customer database, the aggregate evaluation data is provided to the software provider.

Abstract: A device includes a random number generator configured to generate a random number, a memory configured to store at least one lookup table, and a processing circuit configured to generate a generator based on the random number, create the at least one lookup table based on the generator, and write the created at least one lookup table to the memory, wherein the processing circuit is configured to access the memory based on a first input and a second input, and generate a result of a modular multiplication of the first input by the second input based on the at least one lookup table.

Abstract: Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiated resilient authorized access to secret data are described herein. In one aspect, a method for data access includes receiving, at a server, a request for data access from a user; transmitting to users, a prompt for identity verification corresponding to the identity of each user, where at least one of user is different than the user requesting data access; receiving, in response to the identity verification prompt, a plurality of identification key fragments from storage locations or devices associated with the users, where each identification key fragment is user specific; generating an organization-specific data object from the plurality of identification key fragments; confirming the organization-specific data object by the users whose identities were validated; and authorizing the request for data access based on confirming the organization-specific data object.

Abstract: Disclosed herein are systems and methods for granting a user data processor access to a cryptocontainer of user data. In one aspect, an exemplary method comprises, creating a cryptocontainer for user's data, wherein the cryptocontainer receives at least one element of the user's data and encrypts the element; for the user data processor, establishing rights for accessing the element using a first key, and forming at least one access structure, the forming including, placing the first key in the access structure based on the established rights, receiving, from the user data processor, a second key linked to the user data processor which is to be used for accessing the first key, and encrypting the first key with the second key; and when a request for access to the cryptocontainer is received, granting, to the user data processor, access to the cryptocontainer based on the formed at least one access structure.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: An electronic device includes a memory storing data from an external source, an application processing unit (APU) transmitting a secret key and public key generation command, an isolated execution environment (IEE) generating a secret key in response to the secret key generation command, generating a public key based on the secret key in response to the public key generation command, and storing the secret key, and a non-volatile memory performing write and read operations depending on a request of the APU. When the data are stored in the memory, the APU transmits a public key request to the IEE and in response the IEE transfers the public key to the APU through a mailbox protocol. The APU generates a ciphertext by performing homomorphic encryption on the data based on an encryption key in the public key, and classifies and stores the public key and the ciphertext in the non-volatile memory.

Abstract: A method may include obtaining, for an application, application dependency specifications, identifying vulnerable components using the application dependency specifications and a list of known vulnerable components, selecting, for a vulnerable component, candidate dependency specifications each specifying a version ID for a component, selecting, for a candidate dependency specification, an upgraded version ID for a component, verifying, using an application dependency graph generated from the application dependency specifications, that upgrading the candidate dependency specification to the upgraded version ID removes a dependency on the vulnerable component, and recommending, for the application, an upgrade solution including upgrading the candidate dependency specification to the upgraded version ID.

Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to, when a signed certificate associated with a client expires, challenge the client by transmitting a first plurality of keys to a client IHS, wherein the client IHS is configured to respond the challenge by associating each of the keys with a second plurality of keys, pairing each of the first key with its associated second key, sending the paired first and second keys to the server IHS, and authenticate the client IHS by verifying that each of the first plurality of keys is associated with the second plurality of keys.

Abstract: Provided is a service deployment method, including: acquiring an installation file of a service to be deployed from a service operation system; accessing a first internal network of a service deployment demander; communicating with a service server operating in a second internal network of the service deployment demander via the first internal network through an authorization protocol from the service deployment demander, wherein the first internal network is in communication with the second internal network, and the second internal network allows to be accessed through the authorization protocol; and completing a service deployment in the service server by using the installation file.