Abstract: Aspects of the disclosure relate to a system and method for cryptographically transmitting and storing identity tokens and/or activity data among spatially distributed computing devices. The system may comprise a plurality of chains, such as an identity chain and an activity chain. In some aspects, identity data associated with a user may be used to generate an identity token for the user. The identity token may be transmitted to a plurality of computing devices for verification. Based on a verification of the identity token, the identity token may be stored in the identity chain. A request to perform an activity may also be received, and identity data associated with the user may be received in order to authenticate the user. The computing device may generate, based on the received identity data, an identity token for the user. The identity token may be compared to the identity token stored in the identity chain, and the user may be authenticated based on the comparison.

Abstract: Techniques are disclosed relating to automated operations management. In various embodiments, a computer system accesses operational information that defines commands for an operational scenario and accesses blueprints that describe operational entities in a target computer environment related to the operational scenario. The computer system implements the operational scenario for the target computer environment. The implementing may include executing a hierarchy of controller modules that include an orchestrator controller module at top level of the hierarchy that is executable to carry out the commands by issuing instructions to controller modules at a next level. The controller modules may be executable to manage the operational entities according to the blueprints to complete the operational scenario.

Abstract: The invention relates to an embedded system (1) comprising a processor (2) operated by means of a kernel (3) executable by said processor, a hardware peripheral (8, 9), a memory (5) and an application-related software program (6) recorded in said memory (5), said application-related software program (6) being executed by means of said kernel (3) executable by said processor (2), as well as a securing method. The invention is characterized in that the kernel (3) executable by said processor (2) controls said hardware peripheral (8, 9), obliges said application-related software program (6) to execute a policy, which is neither defined nor controlled by said program, for controlling access to said communication peripheral (8, 9), and is formally proven to satisfy at least one security property.

Abstract: A security application on the terminal uses a client application in a rich execution environment (REE), a general trusted application in a trusted execution environment (TEE), and a secure element (SE) application in a SE. The general trusted application is shared by a plurality of security applications. A method includes receiving, by the general trusted application, a first request from a first client application, determining a corresponding first SE application, sending the first request to the first SE application, sending, by the first SE application, a first command to the general trusted application, executing, by the general trusted application, the first command, returning a first execution result to the first SE application, sending, by the first SE application, a first response to the general trusted application based on the first execution result, and sending, by the general trusted application, the first response to the first client application.

Abstract: An example method of generating an execution profile of a firmware module comprises: receiving an execution trace of a firmware module comprising a plurality of executable instructions, wherein the execution trace comprises a plurality of execution trace records, wherein each execution trace record of the plurality of execution trace records indicates a successful execution of an executable instruction identified by a program counter (PC) value; retrieving a first execution trace record of the plurality of execution trace records, wherein the first execution trace record comprises a first PC value; identifying a first executable instruction referenced by the first PC value; identifying a firmware function containing the first executable instruction; incrementing a cycle count for the firmware function by a number of cycles associated with the first executable instruction; and generating, using the cycle count, an execution profile of the firmware module.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for preserving user privacy when collecting and analyzing user data. Methods include discarding user data after generating a privacy enhanced representation of user data and storing this privacy enhanced representation in a probabilistic data structure. Methods further preserve user privacy by inserting false negatives in the probabilistic data structure. Methods also include storing continuous value attributes in the data structure. Methods include storing date values associated with one or more user attributes. The date values may specify the date when one or more user attributes was last received.

Abstract: Embodiments provide automated security scanning of incoming images for use in creating containers such as a Virtual Machines. Based upon attribute(s) of metadata of the incoming image, a security engine chooses from amongst stored scripts for mounting and execution by installation logic. Such scripts can relate to the scanning itself, and/or pre-scanning considerations (such as scan frequency). In one example, the meta data attribute identifies a relevant Operating System (OS) of the incoming image. Other meta data attributes such as •scan frequency, •most recent passed scan, •log information, and •contact information (for issuance of a possible alert), may also be considered as part of the processing of an incoming image. Embodiments may enhance security by avoiding introduction of vulnerabilities through image instantiation. Embodiments may also impart flexibility to conserve resources by selectively scanning according to a frequency and/or date of last successful passage of the image.

Abstract: Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.

Abstract: An integrated-circuit device comprises a processor, a peripheral component, a bus system, connected to the processor and to the peripheral component, and configured to carry bus transactions; and hardware filter logic. The bus system is configured to carry security-state signals for distinguishing between secure and non-secure bus transactions. The peripheral component comprises a register interface, accessible over the bus system, and comprising a hardware register and a direct-memory-access (DMA) controller for initiating bus transactions on the bus system. The peripheral component supports a secure-in-and-non-secure-out state in which the hardware filter logic is configured to prevent non-secure bus transactions from accessing the hardware register of the peripheral component, but to allow secure bus transactions to access the peripheral component.

Abstract: Techniques for securing access to protected resources are provided. In the method and apparatus, an access key and proof of successful completion of a first authentication is obtained in connection to a request. The proof of completion of the first authentication and the access key are verified. The access key is then used to generate a determination that information in the access key indicates that a second authentication was successfully completed prior to allowing the request to be fulfilled.

Abstract: Examples described herein relate to apparatuses and methods for evaluating an encryption key based on policies for a policy operation, including, but not limited to, receiving user request for the policy operation, determining one or more of a node, group, client, or user associated with the user request, determining the policies associated with the one or more of the node, group, client, or user based on priority, and evaluating at least one key attribute of an encryption key based, at least in part, on the policies.

Abstract: To detect information relating to the threat appropriately, based on an appearance tendency of information related to a threat in security. Information analysis system includes: an information storing unit that stores reference information acquired from an information source; and an information analysis unit that analyzes an appearance tendency of first phrase information that is included in the reference information acquired at chronologically different timings and that represents a phrase related to security and extracts reference information including the first phrase information the appearance tendency of which has changed from the information storing unit.

Abstract: A novel compiler is described. The compiler is able to view source code of the application in its entirety and can do so from the inside. Unlike other tools which examine the forensic data from an application crash after the fact, from the outside, the compiler of the present invention can provide novel data on function call stacks and function profiles during runtime. The application may be stopped immediately during runtime to prevent further or potential damage, but the forensic data that is collected is focused and can be used to show where vulnerabilities exists in the application and how they were exploited. Hashes are taken of function call stacks and used as unique identifiers or thumbprints which can be used to reduce the volume of forensic data that needs to be analyzed after an attack.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: receive a client event report, the client event report including an operating system event trace for an attempt to exploit a patched vulnerability, and first feature data for a malware object that made the attempt; receive second feature data for an unknown object; compare the first feature data to the second feature data; and if the second feature data match the first feature data above a threshold, convict the unknown object as malware.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; converting the security related activity to entity behavior catalog data, the entity behavior catalog providing an inventory of entity behaviors; and, accessing an entity behavior catalog based upon the entity behavior catalog data; and performing a security operation via a security system, the security operation using the entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.

Abstract: A containerisation orchestrator (26) is controlled by an analysis system (20, 21, 22) which assesses an application and a device for compatibility to have a candidate application installed on the device using the orchestrator. The analysis includes an assessment of the vulnerability of the installed application to failure or malicious attack, and a risk assessment of the consequences of such an event. The candidate containerised configuration (20) for the application is also assessed for compatibilities and vulnerabilities.

Abstract: Systems and methods for key management. An aspect of the disclosure provides for a key management system including an authenticating function, a key-management function, and at least one function. The system provides for separation of authentications and key-management functions. The authenticating function configured for receiving an authentication request associated with a terminal device (TD), authenticating the request, and sending an authentication response to the at least one function. The key-management function configured for receiving a key request associated with the TD, generating a key according to the key request, and sending the key to the at least one function. The at least one function configured for receiving a request for service, sending, to the authenticating function, the authentication request, and receiving, from the authenticating function, the authenticating response.

Abstract: According to one aspect disclosed herein, a provider device can receive, from a requester device, a network access request requesting, on behalf of the requester device, access to a Wi-Fi network associated with a network provider and provided, at least in part, by a network device. In response, the provider device can prompt the network provider to accept or deny the requester device access to the Wi-Fi network. The provider device can receive input indicating that the network provider accepts the network access request, and in response to the input, can create a network access package that includes a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with the requester device to provide the requester device access to the Wi-Fi. The provider device can encrypt the network access package to create an encrypted network access package.

Abstract: An electronic device for receiving and seamlessly providing cybersecurity analyzer updates and concurrent management systems for detecting cybersecurity threats including a processor and a memory communicatively coupled to the processor. The memory stores an analyzer logic to generate a first analyzer configured to receive a suspicious object for threat evaluation, an inspection logic to manage a first queue of suspicious objects for threat evaluation to the first analyzer, and an update logic to receive updated cybersecurity analytics content data. The analyzer logic receives updated cybersecurity analytics content data and can generate a second analyzer that incorporates at least a portion of the parsed updated cybersecurity analytics content data.

Abstract: Methods, systems, and devices for leveraging data already collected on a user in a secure and private manner, in particular to verify user credentials for third parties. The methods, systems, and devices innovate beyond traditional security and privacy platforms in computer systems by processing the data to create a useable metric for the purposes of the third parties, in which the useable metric preserves the security and privacy of the underlying data.