Abstract: A device includes a random number generator configured to generate a random number, a memory configured to store at least one lookup table, and a processing circuit configured to generate a generator based on the random number, create the at least one lookup table based on the generator, and write the created at least one lookup table to the memory, wherein the processing circuit is configured to access the memory based on a first input and a second input, and generate a result of a modular multiplication of the first input by the second input based on the at least one lookup table.

Abstract: Disclosed herein are systems and methods for granting a user data processor access to a cryptocontainer of user data. In one aspect, an exemplary method comprises, creating a cryptocontainer for user's data, wherein the cryptocontainer receives at least one element of the user's data and encrypts the element; for the user data processor, establishing rights for accessing the element using a first key, and forming at least one access structure, the forming including, placing the first key in the access structure based on the established rights, receiving, from the user data processor, a second key linked to the user data processor which is to be used for accessing the first key, and encrypting the first key with the second key; and when a request for access to the cryptocontainer is received, granting, to the user data processor, access to the cryptocontainer based on the formed at least one access structure.

Abstract: Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiated resilient authorized access to secret data are described herein. In one aspect, a method for data access includes receiving, at a server, a request for data access from a user; transmitting to users, a prompt for identity verification corresponding to the identity of each user, where at least one of user is different than the user requesting data access; receiving, in response to the identity verification prompt, a plurality of identification key fragments from storage locations or devices associated with the users, where each identification key fragment is user specific; generating an organization-specific data object from the plurality of identification key fragments; confirming the organization-specific data object by the users whose identities were validated; and authorizing the request for data access based on confirming the organization-specific data object.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: An electronic device includes a memory storing data from an external source, an application processing unit (APU) transmitting a secret key and public key generation command, an isolated execution environment (IEE) generating a secret key in response to the secret key generation command, generating a public key based on the secret key in response to the public key generation command, and storing the secret key, and a non-volatile memory performing write and read operations depending on a request of the APU. When the data are stored in the memory, the APU transmits a public key request to the IEE and in response the IEE transfers the public key to the APU through a mailbox protocol. The APU generates a ciphertext by performing homomorphic encryption on the data based on an encryption key in the public key, and classifies and stores the public key and the ciphertext in the non-volatile memory.

Abstract: A method may include obtaining, for an application, application dependency specifications, identifying vulnerable components using the application dependency specifications and a list of known vulnerable components, selecting, for a vulnerable component, candidate dependency specifications each specifying a version ID for a component, selecting, for a candidate dependency specification, an upgraded version ID for a component, verifying, using an application dependency graph generated from the application dependency specifications, that upgrading the candidate dependency specification to the upgraded version ID removes a dependency on the vulnerable component, and recommending, for the application, an upgrade solution including upgrading the candidate dependency specification to the upgraded version ID.

Abstract: Provided is a service deployment method, including: acquiring an installation file of a service to be deployed from a service operation system; accessing a first internal network of a service deployment demander; communicating with a service server operating in a second internal network of the service deployment demander via the first internal network through an authorization protocol from the service deployment demander, wherein the first internal network is in communication with the second internal network, and the second internal network allows to be accessed through the authorization protocol; and completing a service deployment in the service server by using the installation file.

Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to, when a signed certificate associated with a client expires, challenge the client by transmitting a first plurality of keys to a client IHS, wherein the client IHS is configured to respond the challenge by associating each of the keys with a second plurality of keys, pairing each of the first key with its associated second key, sending the paired first and second keys to the server IHS, and authenticate the client IHS by verifying that each of the first plurality of keys is associated with the second plurality of keys.

Abstract: A electronic device including an integrated circuit, the integrated circuit comprising a secure element electronic circuit and an electronic radio communication circuit, the secure element electronic circuit having stored therein firmware program code configured to implement operating system functions, the operating system functions including a data receiving function and a data transmitting function, wherein the firmware program code is further configured to control the secure element electronic circuit to determine in the received data custom program code for a custom application, and to store the custom program code in the memory of the secure element electronic circuit, and to implement an application programming interface configured to receive from the custom application requests for called operating system functions, and to execute the called operating system functions for the custom application.

Abstract: The present disclosure provides a hierarchical method of identifying unauthorized network traffic in a network by applying, at one of a first plurality of nodes of a network, a first level of network traffic analysis to identify received network traffic as one of authorized or suspicious network traffic, the one of the first plurality of nodes having a first path for traffic routing and a second path to one of a second plurality of nodes of the network, the second path being used for forwarding the suspicious network traffic to the one of the second plurality of nodes; tagging the received network traffic as the suspicious network traffic; and sending the suspicious network traffic to the one of the second plurality of nodes over the second path, the second network node applying a second level of network analysis to determine if the received network traffic is authorized, unauthorized or remains suspicious.

Abstract: The information processing apparatus comprises a basic operation seed storage part, a reshare value computation part, and a share construction part. The basic operation seed storage part stores a seed for generating a random number used when computation is performed on a share. The reshare value computation part generates a random number using the seed, computes a share reshare value using the generated random number, and transmits data regarding the generated random number to other apparatuses. The share construction part constructs a share for type conversion using the data regarding the generated random number and the share reshare value received from other apparatuses.

Abstract: A system and method to tie a removable component to a host device. A first pairing key is stored into a security module on a host device such as a server rack. A removable component is inserted into the server rack for the first time. In response to this first insertion the first pairing key is burned into the removable component using a plurality of physically modifiable internal components. The server rack/security module receives a request form the removable component to operate on the server rack, the request includes a burned in pairing key. The security module compares the received pairing key with the first pairing key and permits operation of the removable component in response to a match between the received pairing key and the first pairing key.

Abstract: A method of providing secure communication between first and second devices comprises the first device and the second device connecting to a server via a secure communication channel. Encryption keys for the devices are generated and data relating to the encryption keys are exchanged via the server in the secure communication channel. A peer-to-peer connection for exchanging data is generated using encrypted connection information for the devices.

Abstract: In an embodiment, processing of biometric data is split between a processor on a peripheral device and a processor of a host device that is coupled with the peripheral device. One embodiment provides a method comprising, on a peripheral device coupled with a host device, capturing biometric data using a biometric sensor of a peripheral device and pre-processing the captured biometric data using a processor of the peripheral device. The processor of the peripheral device is separate from a processor of the host device and resides within a chassis or housing of the peripheral device. The method additionally includes pre-validating the pre-processed biometric data to determine whether the pre-processed biometric data meets a minimum quality threshold and transmitting the pre-validated biometric data to the host device for validation.

Abstract: In embodiments detailed herein describe an encryption architecture with fast zero support (e.g., FZ-MKTME) to allow memory encryption and integrity architecture to work efficiently with 3DXP or other far memory memories. In particular, an encryption engine for the purpose of fast zeroing in the far memory controller is detailed along with mechanisms for consistent key programming of this engine. For example, an instruction is detailed which allows software to send keys protected even when the controller is located outside of a system on a chip (SoC), etc.

Abstract: A system comprises a plurality of computing devices. Requests received by the system are distributed at random among the computing devices. A computing device, in response to receiving a request, stores a record of utilization of the computing device by a source of the request. The computing device determines to throttle requests from the source based, at least in part, on the utilization of the computing device by the source within the time period.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.

Abstract: Generally discussed herein are devices, systems, and methods for binding with cryptographic key attestation. A method can include generating, by hardware of a device, a device public key and a device private key, based on the device private key, signing a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware, based on the device public key and the signed first attestation, registering the device with a trusted authority, generating, by the hardware, a first application private key and a first application public key, and based on the device private key, signing a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware, and based on the first application public key and the signed second attestation, registering a first application of the device to a first server.

Abstract: A system and method that utilize an encryption engine endpoint to encrypt data in a data storage system are disclosed. In the system and method, the client controls the encryption keys utilized to encrypt and decrypt data such that the encryption keys are not stored together with the encrypted data. Therefore, once data is encrypted, neither the host of the data storage system, nor the encryption engine endpoint have access to the encryption keys required to decrypt the data, which increases the security of the encrypted data in the event of, for example, the data storage system being accessed by an unauthorized party.

Abstract: Techniques are disclosed for securely managing data. In one example, a service provider receives user image data and user biometric data associated with a user. The service provider generates a user profile cryptographic key based on hashing this data, which may be associated with a user identifier. The service provider may further generate a public/private key pair associated with the user identifier. The public key and the user profile cryptographic key are stored, in association with the user identifier, to a consortium blockchain network. The service provider then receives a request, signed with the private key, to store a document in association with the user identifier. The service provider generates a document cryptographic key of the document, and executes a request to store the document cryptographic key to the blockchain in association with the user profile cryptographic key, the request verified using the public key.