Abstract: Some embodiments may facilitate boot-specific key access to perform cryptographic operations. A first boot record and a second boot record may be generated independently in response to a request to boot a virtual device. The first and second boot records may be compared and in response to a match between the first boot record and the second boot record, an identify certificate may be obtained. Authorization to access and use a key for cryptographic operations may be obtained in response to a verification of the identity certificate by a cryptographic processor.

Abstract: A unified data fabric for controlling data lifecycles and data flows between trusted data sources and data clients is described herein. A system can include a data ingestion engine and a data delivery engine. The data ingestion engine and the data delivery engine are connected to a data lifecycle engine that maintains data control policies and access control policies. The data ingestion engine is configured to control ingestion of data elements into the unified data fabric based on the data control policies, and the data delivery engine is configured to control access to data elements in the unified data fabric based on access control policies. Each data element from one or more trusted data sources is associated with a global identifier to provide a comprehensive view of information about a constituent from a variety of disparate data sources.

Abstract: An information using device 300 adds an encryption public key held to a blockchain, an information holding device 200 transmits encrypted information as a result of acquiring the encryption public key from the blockchain 400 and encrypting the target information, the information management device 100 stores the encrypted information received, and transmits a storage destination address, the information holding device 100 adds the storage destination address of the encrypted information received to the blockchain 400, the information using device 300 acquires the storage destination address of the encrypted information, and accesses the storage address, the information management device 100 transmits the encrypted information at the storage destination address, in response to the access from the information using device 300, and the information using device 300 decrypts the encrypted information received, using an encryption secret key held.

Abstract: Technologies for displaying public and private images includes a display device and one or more user viewing devices. The display device is configured to display or generate a personalized image or video that is viewable by an authorized user viewing device and not viewable by unauthorized viewing devices. To facilitate the display of the personalized images, the display device and the user viewing device(s) may negotiate a display protocol to be used by the display device to display the personalized image in a private manner. In some embodiment, the display device may also display a public image or video that is viewable by unauthorized viewing devices and/or individuals without viewing devices.

Abstract: An integrated circuit for a physically unclonable function (PUF) includes a controller configured to generate a control signal with reference to an address table, the address table representing a first mapping relationship between a first PUF cell group and a second PUF cell group having a first predetermined mismatch distance in relation to a PUF cell characteristic, and representing a second mapping relationship between a third PUF cell group and a fourth PUF cell group having a second predetermined mismatch distance in relation to the PUF cell characteristic; and a PUF block configured to provide PUF cell data groups in accordance with the first and second mapping relationships to the controller, in response to the control signal. The controller may be configured to generate an authentication key by respectively comparing the PUF cell data groups with reference data groups.

Abstract: A hybrid-fabric apparatus comprises a black box memory configured to store a plurality of behavior metrics and an anomaly agent coupled to the black box. The anomaly agent determines a baseline vector corresponding to nominal behavior of the fabric, wherein the baseline vector comprises at least two different behavior metrics that are correlated with each other. The anomaly agent disaggregates anomaly detection criteria into a plurality of anomaly criterion to be distributed among network nodes in the fabric, the anomaly detection criteria characterizing a variation from the baseline vector, and each of the plurality of anomaly criterion comprising a function of a measured vector of behavior metrics. The variation can be calculated based on a variation function applied to a vector of measured behavior metrics having elements corresponding to member elements of the baseline vector. Anomaly criterion statuses calculated by at least some of the network nodes are aggregated.

Abstract: A mobile terminal (1), a switch control method, and a computer readable storage medium. The mobile terminal (1) comprises a hardware security processor (11), a first information input device (12), and a control switch (14); when the control switch (14) is turned on, if first security information currently collected by the first information input device (12) does not match second security information stored in a storage module, or the second security information does not exist in the storage module when the first security information currently collected by the first information input device (12) is obtained, the hardware security processor (11) controls the control switch (14) to be turned off, so as to prevent a second information input device (15) of the mobile terminal (1) from uploading the collected information to a main processor (16) of the mobile terminal (1).

Abstract: A system on chip includes a memory, a main processor that runs an operating system, and first Intellectual Properties (IPs) that perform respective processing operations. The main processor operates to copy target firmware to the memory using a firmware loader, using a hypervisor, block access of the main processor and the first IPs to the target firmware before verification of the target firmware, and using the hypervisor, grant access to the target firmware by a target IP among the first IPs that corresponds to the target firmware after the verification of the target firmware.

Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing identities or entitlements of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity governance systems may include an intelligent decision support agent to provide an approval or denial recommendation for an access request. To provide an approval or denial recommendation, the intelligent agent may utilize a classifier trained on historical certification data. The intelligent agent may utilize features which represent relevant signals to the approval or denial decision including features that may be associated with a network graph of the identities and entitlements of the enterprise computing environment.

Abstract: The present disclosure describes systems and methods for aggregation and management of cloud storage among a plurality of providers via file fragmenting to provide increased reliability and security. In one implementation, fragments or blocks may be distributed among a plurality of cloud storage providers, such that no provider retains a complete copy of a file. Accordingly, even if an individual service is compromised, a malicious actor cannot access the data. In another implementation, file fragmenting may be performed in a non-standard method such that file headers and metadata are divided across separate fragments, obfuscating the original file metadata.

Abstract: Provided is a system for blocking a phishing attack including a phishing attack prevention storage device, and an agent program which is installed in a user terminal or a service server and performs an interworking operation with the phishing attack prevention storage device when the user terminal or the service server is connected with the phishing attack prevention storage device via a network. According to the embodiment of the present invention, when there is an open request for the file stored in the phishing attack prevention storage device from the user terminal or the service server, the phishing attack prevention storage device may check a storage operation mode and create a fake file other than the open-requested original file when the storage operation mode corresponds to a list-only mode to return the fake file to the user terminal or the service server.

Abstract: A computerized system for complying with critical infrastructure protection (“CIP”) standards concerning system configuration changes. The system can be used to automatically identify and track changes to computers on the network, improving system security and CIP compliance reporting. In certain embodiments, the system collects system information on servers and workstations using built-in commands. The configuration profiles of these computers/devices can be archived for audit purposes.

Abstract: A system for producing and transmitting encrypted data from data encoded on a storage medium comprises an apparatus configured to receive the storage medium and an encryption chip communicatively coupled to the apparatus. The apparatus comprises a processor, a memory, and a network interface. The processor is configured to receive data encoded into the storage medium, and to decode the received data as the storage medium is at least partially inserted into the apparatus. The processor is further configured to transmit the received data to the memory for storage. The encryption chip comprises an encryption processor configured to access the received data stored in the memory of the apparatus and encrypt the received data with an algorithm to produce the encrypted data. The processor then transmits the encrypted data to an external server communicatively connected to a communication network.

Abstract: An embodiment includes activating, responsive to receiving an update notification, an update mode of a mobile device, wherein the activating of the update mode includes disabling a primary communication interface and enabling a secondary communication interface, and wherein the update notification includes notification of a software update available for the mobile device. The embodiment also includes initiating execution of the software update on the mobile device while the mobile device remains in the update mode. The embodiment also includes deactivating, responsive to completing the software update, the update mode of the mobile device, wherein the deactivating of the update mode includes enabling the primary communication interface and disabling the secondary communication interface.

Abstract: An embodiment of a computerized method for detecting bootkits is described. Herein, a lowest level software component within a software stack, such as a lowest software driver within a disk driver stack, is determined. The lowest level software component being in communication with a hardware abstraction layer of a storage device. Thereafter, stored information is extracted from the storage device via the lowest level software component, and representative data based on the stored information, such as execution hashes, are generated. The generated data is analyzed to determine whether the stored information includes a bootkit.

Abstract: A data storage device includes a memory device, an always on (AON) application specific integrated circuit (ASIC), and a controller coupled to the memory device and the AON ASIC. When the data storage device enters a low power state, the controller generates and stores security data associated with context data in a power management integrated circuit (PMIC). The context data is stored in both the memory device and a host memory buffer (HMB). A location of the context data in the HMB is stored in the PMIC with the security data. When the data storage device exits the low power state, the address stored in the PMIC is utilized to retrieve the context data from the HMB. The retrieved context data is verified against the security data by the controller.

Abstract: An example system on a chip (SoC) includes a security processor configured to store a plurality of key-pairs associated with subsystems of the SoC to a key vault; and an encryption engine configured to: determine a first tweak value based on a first sector address of a storage device; encrypt the first tweak value according to the second key of the key-pair associated with a subsystem; encrypt a first portion of the source data according to a first key of the key-pair and the encrypted first tweak value; determine a second tweak value based on a second sector address of the storage device and encrypt the second tweak value according to the second key prior to completing the encryption of the first portion of the source data; and encrypt a second portion of the source data according to the first key and the encrypted second tweak value.

Abstract: A request to generate one or more random values can be received. In response to receiving the request to generate the one or more random values, a first read operation can be performed on a memory cell of the memory component to retrieve first data and a second read operation can be performed on the same memory cell of the memory component to retrieve second data. The first data can be compared with the second data to identify a difference between the first data and the second data. The difference can be associated with a noise characteristic of the memory cell. The one or more random values can be generated based on the difference between the first data and the second data that is associated with the noise characteristic of the memory cell.

Abstract: Technologies are shown for network attribution tracking for a multi-legged transaction that involve receiving a tracking token registration request from a partner service, generating a tracking token associated with the partner service, adding an entry to an attribution stack for a transaction, where the entry associates the tracking token with the partner service, and returning the tracking token to the partner service. Receiving a tracking token request can include determining whether the tracking token request includes a previously generated tracking token and using the previously generated tracking token to identify the attribution stack for the transaction. Adding an entry to an attribution stack for a transaction can include adding the entry to the attribution stack identified for the transaction. Attribution for a transaction can be obtained by accumulating attribution entities from each entry in the attribution stack identified for the transaction.

Abstract: An information handling system may include at least one processor; and a memory coupled to the at least one processor. The information handling system may be configured to: execute an application on the at least one processor, wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory; and securely transfer execution of the application to a second information handling system by: transmitting platform configuration register (PCR) measurement data to the second information handling system; and transmitting the data of the application to the second information handling system; wherein the PCR measurement data is usable by the second information handling system to perform a remote attestation, the remote attestation including verification of the PCR measurement data to confirm that the data of the application has not been changed.