Abstract: Systems herein allow an administrator to efficiently enroll computing devices into a mobile device management system, even when those computing devices are offline and not connected to the system. A management server can include a console that allows the administrator to enroll an offline computing device by selecting an offline enrollment option on a registration record. This option can cause the management server to create a device record, indicating the computing device is enrolled. The management server can also create and save a provisioning file onto a storage device, such as a USB drive. Assets, such as graphics and applications, specified by the device record are also saved onto the storage device. The storage device can be physically connected to the computing device, at which point the provisioning file guides automatic installation of the assets and implementation of device settings and compliance rules specified by the device record.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses cryptographic keys that are based on temporal data. An example method may include: determining temporal data of a computing device; transforming the temporal data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate temporal data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed temporal data; and using the cryptographic key to enable access to a protected resource.

Abstract: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator includes receiving, at the DP accelerator, first data representing an artificial intelligence (AI) model that has been previously trained from a host processor; receiving, at the DP accelerator, a request to implant a watermark in the AI model from the host processor; and implanting, by the DP accelerator, the watermark within the AI model. The DP accelerator then transmits second data representing the AI model having the watermark implanted therein to the host processor. In embodiment, the method further includes extracting, at the DP accelerator, a watermark algorithm identifier (ID) from the request to implant a watermark; and generating the watermark using a watermark algorithm identified by the watermark algorithm ID.

Abstract: This disclosure relates to a non-intrusive method of detecting security flaws of a computer program APP. The method comprises a step of installing and executing an executable and non-instumentalized version of the program APP in a computer system 1, the computer system 1 comprising at least one cryptographic function able to be called by the program APP. It also comprises, in the course of the execution of the program, a step of recording in a tracing file the modalities of calls to the cryptographic function and, after the execution of the program, a step of analyzing the tracing file so as to devise a data structure of the states taken by the cryptographic object manipulated in the course of the execution of the program. The data structure is analyzed to detect calls to the cryptographic function that are liable to form a security flaw.

Abstract: Systems and methods for overcoming technical problems associated with virtual private networks and application provisioning systems to provide ways for end-users and/or providers to control access, use, and communications associated with websites, online applications, and online services. Such systems and methods leverage techniques analogous to technologies known for implementing man-in-the-middle (MITM) attacks.

Abstract: Various implementations disclosed herein enable controlling access to networks. In various implementations, a method of controlling access to a network is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes obtaining an indication that a mobile device having access to a first network utilizing a first radio access technology (RAT) has requested access to a second network utilizing a second RAT. In some implementations, the method includes determining whether the access to the first network satisfies an authentication criterion associated with the second network. In some implementations, the method includes granting the mobile device access to the second network in response to determining that the access to the first network satisfies the authentication criterion associated with the second network.

Abstract: Briefly, embodiments described herein include those for managing a network comprising a plurality of logical broadcast domains, wherein the network may be overlaid on another network.

Abstract: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator, includes receiving, at the DP accelerator, an artificial intelligence (AI) model that has been previously trained and a set of input data from a host processor; receiving, at the DP accelerator, a watermark kernel from the host processor; executing the watermark kernel within the DP accelerator on the AI model and the set of input data. The watermark kernel, when executed, is configured to: generate a new watermark by inheriting an existing watermark from a data object of the set of input data or the AI model, perform an AI inference using the AI model based on the input data to generate output data, and implant the new watermark within the output data. The DP accelerator then transmits output data having the new watermark implanted therein to the host processor.

Abstract: A data processing system comprises fetch circuitry to fetch data as a sequence of blocks of data from a memory. Processing circuitry comprising a plurality of processing pipelines performs at least partially temporally overlapping processing by at least two processes so as to produce respective results for the combined sequence of blocks, i.e. the processing of the data is performed on a block-by-block process at least partially in parallel by the two processing pipelines. The processes performed may comprise a cryptographic hash processing operation performing verification of the data file and a AES MAC process serving to re-signature the data file.

Abstract: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator, includes receiving, at the DP accelerator, first data representing a set of training data from a host processor; receiving, at the DP accelerator, a watermark kernel from the host processor; and executing the watermark kernel within the DP accelerator on an artificial intelligence (AI) model. The watermark kernel, when executed, is configured to: generate a new watermark by inheriting an existing watermark from a data object of the set of training data, train the AI model using the set of training data, and implant the new watermark within the AI model during training of the AI model. The DP accelerator then transmits second data representing the trained AI model having the new watermark implanted therein to the host processor.

Abstract: Systems and methods for providing a threat intelligence system include a system provider device that downloads, through communication over a network and from one or more targeted websites, a plurality of images of a first environment. Based on an OCR process, the system provider device may extract a set of textual data corresponding to a subset of images of the plurality of images, where the subset of images depict text. The system provider device stores the set of textual data in an indexed and searchable database. The system provider device assigns a threat assessment score to each image based on the set of textual data, and the threat assessment score may be updated based on comparison of the set of textual data with other sets of textual data. Based on the threat assessment score being greater than a threshold value, the system provider device may generate a security alert.

Abstract: A server system, coupled to a linear communication orbit, has a plurality of function modules. Each function module is configured to collect data from machines located at nodes of the linear communication orbit, process collected data according to a schema definition to generate result data, and store the result data in a database. Data collection requests, based on the schema definition, are sent through the linear communication orbit to collecting data from a set of machines via the linear communication orbit. In some embodiments, a central data management module of the one or more servers is configured to provide the schema definition to and receive result data reported from the function modules.

Abstract: According to one embodiment, a system performs a secure boot using a security module such as a trusted platform module (TPM) of a host system. The system establishes a trusted execution environment (TEE) associated with one or more processors of the host system. The system launches a memory manager within the TEE, where the memory manager is configured to manage memory resources of a data processing (DP) accelerator coupled to the host system over a bus, including maintaining memory usage information of global memory of the DP accelerator. In response to a request received from an application running within the TEE for accessing a memory location of the DP accelerator, the system allows or denies the request based on the memory usage information.

Abstract: An access control apparatus and method for controlling a configuration of an automation apparatus. The method includes: reading authentication information from an electronic tag; transmitting the authentication information to a networked service; receiving access rights from the networked service; and controlling the configuration of the automation apparatus according to the access rights.

Abstract: An electronic communications method includes receiving, by a device, an electronic communication. The electronic communications method further includes analyzing, by the device, the electronic communications. The electronic communications method further includes generating, by the device, an electronic authentication certificate. The electronic communications method further includes sending a second electronic communication to another device that indicates that an electronic authentication certificate is generated for a particular electronic entity.

Abstract: Techniques involving migrating authenticated content on a network towards the consumer of the content. One representative technique includes a network node receiving an encrypted seed having at least a location of the user data at a network service that stores the user data, and a cryptographic key to access the user data. The seed is received in response to a user login attempt to the network service. The user data is requested from the location using at least the received cryptographic key. The method further includes receiving and storing the user data at the network node, where the network node is physically closer to a location of the user than is the location of the network service. If the user is successfully authenticated, user access is provided to the stored user data at the network node rather than from the network service.

Abstract: Method of authentication including sending a login web page to a first device of a user including a scannable code having an envelope ID and a login challenge. The envelope ID generated by an identity manager is associated with a first envelope of data including a session ID. A confirmation login request is received from a second device associated with the user, and includes a second envelope of data comprising the session ID, a user ID, and a seal of the user ID registering the user ID with the identity manager. The confirmation login request to the login challenge is verified using the session ID, and the user is verified using the user ID and seal. User login is authorized upon successful verification of the login challenge and user, and a communication session having the session ID is established between the web server and the first device.

Abstract: A computing device infrastructure trust domain system includes first and second computing devices included in a computing device infrastructure system. The second computing device stores authentication information specific to the computing device infrastructure system, and operates to receive a first communication broadcast by the first computing device, verify that the first communication includes the authentication information and, in response, add the first computing device to a trust domain and store a first computing device component hash value included in the first communication.

Abstract: A data retrieval server includes a non-transitory computer-readable storage medium and at least one processor to execute instructions stored in the non-transitory computer-readable storage medium to extract at least one data value from a record in a remote data store as a primary key that uniquely represents the record in the remote data store; encrypt the primary key using a secret key to create a reversible public identifier that represents the primary key and the record in the remote data store; store the secret key in a local data store associated with the data retrieval server; transmit the reversible public identifier from the data retrieval server to a client computing device; receive the reversible public identifier from the client computing device in a request for data from the record; retrieve the secret key for the record from the local data store; decrypt the reversible public identifier using the secret key from the local data store to determine the primary key; query at least one data value diff

Abstract: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator, includes receiving, at the DP accelerator, first data representing an artificial intelligence (AI) model that has been previously trained from a host processor and a set of input data; receiving, at the DP accelerator, a watermark kernel from the host processor; and executing the watermark kernel within the DP accelerator on the AI model. The watermark kernel, when executed, is configured to: perform inference operations of the artificial intelligence model based on the input data to generate output data, and implant the watermark within the output data. The DP accelerator then transmits the output data having the watermark implanted therein to the host processor.