Abstract: A method and system for establishing two-way trust between a short-range communication device and a hub device. The method includes: obtaining, from a hub device, a digitally signed request for determining whether the hub device is a trusted communication device for a short-range communication device and a cryptographic key generated by the short-range communication device; generating a response to the request; encrypting the response to the request by using the cryptographic key provided by the short-range communication device, so that the encrypted response can be decrypted only by the short-range communication device; and providing the encrypted response to the hub device. The short-range communication device may decrypt the response and determine whether the hub device is the trusted communication device based on information indicated in the response.

Abstract: In some embodiments, a device includes a memory and a processor. The memory is operatively coupled to the processor and configured to store encrypted personal data. The processor is configured to receive query and a personal identifier from a user. Based on the query, the processor further identifies and retrieves a portion of the associated encrypted personal data from the memory. Using the personal identifier, the processor produces decrypted personal data by decrypting a portion of the retrieved encrypted personal data. The processor is further configured to analyze the decrypted personal data to identify a result of the query. The result is sent to the user without sending the decrypted personal data.

Abstract: Systems and methods are provided for smart-landmark-based positioning. Such methods may include detecting, using a sensor mounted on a vehicle, a landmark object, obtaining landmark information of the detected landmark object, the landmark information including identification of the landmark object and an encrypted location of the landmark object, transmitting, from the vehicle over a wireless network, a query including at least part of the obtained landmark information, receiving, by the vehicle over the wireless network, a query response including additional information of the landmark.

Abstract: An automated method for processing security events in association with a cybersecurity knowledge graph. The method begins upon receipt of information from a security system representing an offense. An initial offense context graph is built based in part on context data about the offense. The graph also activity nodes connected to a root node; at least one activity node includes an observable. The root node and its one or more activity nodes represent a context for the offense. The knowledge graph, and potentially other data sources, are then explored to further refine the initial graph to generate a refined graph that is then provided to an analyst for further review and analysis. Knowledge graph exploration involves locating the observables and their connections in the knowledge graph, determining that they are associated with known malicious entities, and then building subgraphs that are then merged into the initial graph.

Abstract: An interface element connected to a device and a security die-chip are fabricated in a single package. The security die-chip may provide a security authentication function to the interface element that does not have the security authentication function. The security die-chip may include a physically unclonable function (PUF) to provide a private key, and a hardware security module to perform encryption and decryption using the private key.

Abstract: An information handling system (IHS) includes a memory having a BIOS, at least one sensor that generates security related data for the IHS, a controller, and one or more I/O drivers. The memory, at least one sensor and controller operate within a secure environment of the IHS; the I/O driver(s) operate outside of the secure environment. The controller includes a security policy management engine, which is executable during runtime of the IHS to continuously monitor security related data generated by the at least one sensor, determine whether the security related data violates at least one security policy rule specified for the IHS, and provide a notification of security policy violation to the BIOS, if the security related data violates at least one security policy rule. The I/O driver(s) include a security enforcement engine, which is executable to receive the notification of security policy violation from the BIOS, and perform at least one security measure in response thereto.

Abstract: Some embodiments provide a method for recovering user data for a device. To initiate recovery, the method sends to a first server a first request including at least (i) a device identifier and (ii) a first set of cryptographic data for a second set of servers with which the first server communicates. If the first server verifies the device identifier with an attestation authority, the method receives from the second set of servers a second set of cryptographic data generated by the second set of servers. After receiving input of a device passcode for the device, the method sends to the first server a second request comprising at least a third set of cryptographic data for the second set of servers generated based on the device passcode. If the first server verifies the device passcode with the second set of servers, the method receives access to the user data.

Abstract: Provided herein may be a smart watch. The smart watch may include a display device configured to display an image; a bezel disposed on the perimeter of the display device and configured to rotate; a main body configured to support the display device; and a band coupled to the main body. The main body includes a bezel sensing unit configured to sense movement of the bezel, and a control unit configured to authenticate a user based on information received from the bezel sensing unit and configured to unlock the smart watch in response to the control unit authenticating the user.

Abstract: This disclosure relates to data encryption and decryption. In one aspect, a method includes receiving, by a second peer end computing device, first data from a first peer end computing device. The second end computing device generates a random term based on a result range pre-agreed upon with the first peer end computing device. The result range includes a minimum result value and a maximum result value. The random term is a product of a random number and an agreed upon constant. The agreed upon constant is greater than a difference between the maximum result value and the minimum result value. The second peer end computing device performs a homomorphic operation based on the first data, local private second data, and the random term to obtain an encryption result. The second peer end computing device returns the encryption result to the first peer end computing device.

Abstract: Various embodiments are generally directed to detecting fraudulent activity on a user account based at least in part on a dynamic fraudulent user blacklist. The fraudulent activity may be identified based on a similarity of forensic profiling across multiple user accounts, for example, fraudulent activity occurring by the same fraudster or perpetrator may have a similar or identical fraudulent pattern across the multiple user accounts. By identifying the fraudulent user patterns associated the same fraudster and dynamically updating a blacklist to include these fraudulent user patterns, the same types of attacks may be prevented on the other existing user accounts.

Abstract: Systems and methods for anti-phishing include determining that a user interface corresponding to a current web address has authentication input fields. A current hash value is generated based on a subset of a plurality of input characters that have been input into an authentication input field. The current hash value is compared to mapped hash values. If the current hash value matches one or more of the mapped hash values, a web address mapped to the matched, mapped hash value is identified. The mapped web address is compared to the current web address to determine whether they match. An alert is displayed in response to determining whether there is a match between the current web address and the mapped web address.

Abstract: An electronic device includes a combinational logic circuit, one or more state-sampling components, and protection circuitry. The combinational logic circuit has one or more inputs and one or more outputs. The state-sampling components are configured to sample the outputs of the combinational logic circuit at successive clock cycles. The protection circuitry is configured to protect the combinational logic circuit by, per clock cycle, starting to apply random data to the inputs of the combinational logic circuit a given time duration before a sampling time of the state-sampling components for that clock cycle, and, after applying the random data, switching to apply functional data to the inputs of the combinational logic circuit, to be sampled by the state-sampling components. A propagation delay, over any signal path via the combinational logic circuit, is no less than the given time duration.

Abstract: Described is a system for secure management of recovery data for data protection assets such as backup data and a backup application of a production backup system. The system may provide the ability to synchronize and secure critical recovery data of an isolated recovery environment. Accordingly, the system may reduce the breadth of potential cyber security attack vectors and increase the likelihood of efficiently recovering critical data and/or applications. To provide such capabilities, the system may only activate a data connection between a production system and a recovery system when synchronizing recovery data. In addition, the system may apply a retention lock to maintain a set of immutable copies of the recovery data and may restore the recovery data to a sandboxed environment where it may be tested and verified before being deployed to the production system as part of a recovery process.

Abstract: This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

Abstract: Apparatus and methods are provided for graphically defining a real-world cybersecurity protocol of an entity. The graphical platform includes searchable, manipulatable, graphs mapping cybersecurity threats. Manipulating nodes and relationships within the graphs translates into real-time modification of a cybersecurity protocol in effect for the entity. An ability to map known cybersecurity threats and analyze them (even according to known frameworks) may streamline and integrate efforts of cybersecurity defense teams. Graphical representation of a security protocol facilitates proactive threat hunting as well as expediting incident response activities by providing evidence-based pathways to inform impact analysis and source event analysis.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.

Abstract: There is disclosed a data processing device for executing an application, the data processing device comprising a processing unit for controlling access to at least one user interface comprised in the data processing device, and a secure element for facilitating secure execution of the application, wherein executing the application comprises receiving input data from and/or sending output data to the user interface, and wherein the secure element is arranged to cause the processing unit to restrict the access to the user interface during execution of the application. Furthermore, a corresponding method for executing an application and a corresponding computer program product are disclosed.

Abstract: A method for determining a position of a receiver via use of encrypted signals of a public regulated service. The method comprises transmitting PRN code chips to the receiver by an assistance server. The method further comprises storing the transmitted PRN code chips to be used before a designated time interval by the receiver. The method further comprises receiving the encrypted signals during the designated time interval by the receiver from satellites in line-of-sight to the receiver. The method further comprises determining the position of the receiver via use of the encrypted signals and the stored PRN code chips by the receiver.

Abstract: The disclosure relates to storing a blockchain private key on a SIM device and securing the blockchain private key through multi-factor authentication. Various layers of security that controls access to the blockchain private key on the SIM device may be employed. These layers may include authentication of the user device on the cellular network using the SIM device, storage on a hidden partition of the SIM device that only a key applet executing on the SIM device or on a user device processor is aware of, storage of the blockchain private key in encrypted form, and/or use of the key applet to enforce credentialed access to the blockchain private key (e.g., the key applet obtains from the hidden partition and/or decrypts the blockchain private key only if a valid passcode is supplied to it).

Abstract: A computer-implemented method for real-time threat assessment of system assets. The method includes automatically receiving a plurality of structured threat intelligence data entries and automatically accessing a mapping definition corresponding to a system asset subtype. The mapping definition is automatically compared against the data entries, and at least one of the data entries is automatically matched to the system asset subtype based on the comparison. A threat aptitude and resources number and a threat frequency number are automatically determined based at least in part on the at least one matched data entry.