Abstract: An example process includes breaking content into multiple fragments; and transmitting at least two of the multiple fragments over different physical channels in order to isolate the at least two fragments during transmission. The example process may include generating session keys; encrypting at least some of the fragments using different session keys; and associating, with each fragment, a session key used to encrypt a different fragment to produce fragment/session key pairs.

Abstract: A firmware protection module implements a hybrid firmware protection scheme on a computing device. The firmware protection module intercepts a message from a processor to a memory of the computing device. The message includes a command and an address in the memory corresponding to a firmware module stored in the module. The firmware protection module determines whether the command in the message is prohibited and whether the address in the message is protected. Responsive to a determination that the command is prohibited and the address is protected, the firmware protection module prevents at least a portion of the message from reaching the memory.

Abstract: Threat modeling systems include one or more computing device(s) coupled with one or more data store(s), the computing device(s) including a first software application. The data store(s) associate threats with threat model components. One or more mapping files may couple with the data store(s) to correlate the threat model components with visual diagram components of a second software application (“second software diagram components”). A machine learning (ML) algorithm may alternatively or additionally be configured to select, for each second software diagram component, a corresponding threat model component. An import interface initiates reading of a data file generated by the second software application, the data file including a subset of the second software diagram components and defining relationships therebetween.

Abstract: Techniques for enabling a system to verify operations or transactions as being associated with a user account are described. A system receives message data associated with an unverified operation or an unverified transaction. The system generates first audio data that includes a representation of a first digital signature based on at least a first verification code. The system sends a message including second message data with an ability to output the first audio data responsive to first device playing the first audio data within earshot of the second device. The system receives, from a second device, second audio data that represents the first audio data. The system determines that the second audio data includes an audio representation of a second digital signature based on at least the first verification code. The system verifies the unverified operation and associates the operation with the user account to indicate that the operation is a verified operation.

Abstract: Metering automation controller functionality includes accessing a project code that defines one or more operations of an industrial automation controller, analyzing the project code to identify one or more capabilities of the industrial automation controller that are utilized by the one or more operations, generating a file indicative of the one or more capabilities of the industrial automation controller, transmitting the file to a server that generates a certificate for authorizing the industrial automation controller to execute the project code, receiving the certificate from the server that identifies the file and an authorization for the industrial automation controller to execute the project code to perform the one or more operations, and transmitting the project code, the file, and the certificate to the industrial automation controller for execution.

Abstract: A server system for a map-based social media platform maintains user location information to enable the rendering of friend icons on a map at a corresponding display locations. The system maintains a per user access control list (ACL) that lists all users whose icons can be viewed by a requesting user. The ACL can include a designation of respective display granularity levels for different friend users.

Abstract: A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

Abstract: A computerized system for complying with critical infrastructure protection (“CIP”) standards concerning system configuration changes. The system can be used to automatically identify and track changes to computers on the network, improving system security and CIP compliance reporting. In certain embodiments, the system collects system information on servers and workstations using built-in commands. The configuration profiles of these computers/devices can be archived for audit purposes.

Abstract: In accordance with aspects of the present disclosure, an autonomous robot vehicle is disclosed. In various embodiments, the autonomous robot vehicle includes a conveyance system, a securable compartment configured to autonomously lock and unlock where the securable compartment contains an item for delivery to a particular individual, a personal identification reader, at least one processor, and a memory storing instructions. The instructions, when executed by the processor(s), cause the autonomous robot vehicle to, autonomously, travel to a destination location of the particular individual, capture by the personal identification reader at the destination location a personal identification object, determine that the captured personal identification object matches an identity of the particular individual, and unlock the securable compartment based on the determination.

Abstract: Features are described for efficiently and accurately identifying a user of an electronic device with limited user interaction. The features include receiving a mobile device identifier from the mobile device. The features include transmitting the mobile device identifier to a service provider associated with the mobile device. The features include receiving information identifying the user from the service provider. The features include identifying a set of candidates associated with at least a portion of the information. The features include generating a metric for the candidates included in the set of candidates. An individual metric indicates a degree of relatedness between a value for the user for the at least one data field and a value for a candidate for the at least one data field. The features include identifying the user as a specific candidate included in the set of candidates based on the metric corresponding to a threshold.

Abstract: A compute instance is instrumented to detect certain kernel memory allocation functions, in particular functions that allocate heap memory and/or make allocated memory executable. Dynamic shell code exploits can then be detected when code executing from heap memory allocates additional heap memory and makes that additional heap memory executable.

Abstract: This disclosure is directed to generating a set of data elements for more secure encryption or more resilient decryption associated with generating a target set of conditional data elements. The target set of conditional data elements may fulfill a condition. Public keys associated with an encrypted message may be associated with conditional data elements of the target set of conditional data elements. By performing at least one cycle of decryption associated with the public keys, an encrypted message may be decrypted.

Abstract: Systems and methods are provided for implementing a centralized configurator server/service in the cloud that can take the place of conventional mobile devices used for provisioning IoT devices or WiFi clients in a network. In order to provision the IoT devices or WiFi clients, a mobile device or access point (AP) may be used to relay Device Provisioning Protocol (DPP) messages and/or information between the centralized configurator server/service and the IoT devices or WiFi clients.

Abstract: The present invention relates to a method and a system that enable a sender to send one or more physical items to a recipient in an anonymous way, allowing the recipient to respond to the sender after receiving the one or more physical items. No data related to the sender and the recipient are retained in the system.

Abstract: A method including determining, by a first user device, a sharing encryption key based at least in part on a folder access private key associated with a folder and an assigned public key associated with a second user device; encrypting the folder access private key associated with the folder utilizing the sharing encryption key; and transmitting the encrypted folder access private key to enable the second user device to access the folder. Various other aspects are contemplated.

Abstract: A method for preventing unauthorized access of privileged operations of a first device. The method provides for one or more processors to detect an initiating action of a privileged operation of a first device. The one or more processors receive a current location of the first device. The one or more processors determine whether a pre-determined location matches the current location of the first device. In response to determining the current location of the first device fails to match the predetermined location, the one or more processors determine whether a pre-determined connection condition exists between the first device and an authorized device, and in response to determining an absence of the pre-determined connection condition between the first device and the authorized device, the one or more processors perform a first action disabling the privileged operation of the first device.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

Abstract: A method and system for temporarily gaining access to a system is disclosed, The method includes: receiving biometric data from a first biometric device of a first user on a computer processor; generating a temporary code on the computer processor in response to receipt of the biometric data from the first biometric device of the first user; sending the temporary code from the computer processor to the first biometric device of the first user; receiving biometric data from a second biometric device of a second user on the first biometric device of the first user; generating an access code on the first biometric device, the access code including one or more of the biometric data of the first user, the temporary code from the computer processor, and the biometric data of the second user; and sending the access code to the biometric device of the second user.

Abstract: Trusted execution environment verification of a software package. An operating system (OS) initiates a software package verification process in a trusted execution environment, the OS being part of an OS environment comprising a file system. It is determined that a first software package in a software repository is to be installed into the OS environment. The first software package is downloaded to a storage device. The OS sends, to the software package verification process, first location information that identifies a location of the first software package. The OS receives, from the software package verification process, information that indicates that the first software package on the storage device is trusted.

Abstract: Disclosed are various approaches for authenticating a user through a voice assistant device and creating an association between the device and a user account. The request is associated with a network or federated service. The user is prompted to use a client device, such as a smartphone, to initiate an authentication flow. A soundwave is played through the voice assistant device that contains a secret key, which is then sent to an assistant connection service along with a token identifying the user or the user's device. An association between the user account and the voice assistant device can then be created.