Abstract: An authentication correlation (AC) computing device is provided. The AC computing device includes a processor and a memory. The AC computing device receives a first authentication request from a requesting computer device including an account identifier, a first timestamp, and at least one authentication factor, and determines a first security level of the first authentication request. The AC computing device stores the first security level and the first timestamp. The AC computing device is also configured to receive a second authentication request including the account identifier and a second timestamp, determine that the second authentication satisfies an authentication rule based on the account identifier, the second timestamp, and the stored authentication data wherein the rule defines a timeframe and an authentication threshold, and generate an authentication response based on the determination and the authentication rule wherein the authentication response includes an approval indicator.

Abstract: A redundancy system includes a first computational device and a second computational device each configured to receive at least one input and to generate a first output and a second output, respectively, based on the at least one input; a random sequence generator configured to generate a random bit sequence; a random delay selector configured to determine a random delay based on the random bit sequence; a first random delay circuit configured to delay outputting the at least one input to the first computational device based on the random delay; a second random delay circuit configured to delay outputting the second output based on the random delay; and a fault detection circuit configured to receive the first output and the delayed second output, and to generate a comparison result based on comparing the first input to the delayed second output.

Abstract: The systems and methods of the present disclosure can allow for uploading and signing of one or more electronic documents, e.g., by multiple users or participants. Information for each transaction (e.g., uploading, signing, verification, etc.) by the users/participants related to the uploaded and signed document further can be generated and provided to one or more blocks in a blockchain. In addition, the electronic information of the uploaded and signed document can be hashed and provided to one or more blocks in the blockchain. Accordingly, with embodiments of the present disclosure, an immutable transaction history can be provided for uploaded and electronically/digitally signed documents.

Abstract: A data protection circuit of a chip, a chip, and an electronic device, where the data protection circuit performs bit width expansion and scrambling processing on a first alarm signal using an operation circuit to obtain a second alarm signal, and outputs the second alarm signal to a processing circuit. The processing circuit performs descrambling processing after receiving the second alarm signal to obtain a descrambling result. When the second alarm signal is attacked, the descrambling fails, and the descrambling result is an active level. The processing circuit outputs the descrambling result to a reset request circuit, and the reset request circuit generates a reset request signal according to the descrambling result.

Abstract: A method for dynamic firewall configuration for accessing service hosted in virtual networks includes monitoring, in a virtual network, changes in an Internet protocol (IP) address of a service hosted in a virtual network. The method further includes detecting a change the IP address of the service hosted in the virtual network. The method further includes communicating notification of the change in IP address to a firewall policy management interface. The method further includes, automatically configuring a firewall to allow access to the service hosted in the virtual network.

Abstract: Provided are methods and systems for establishing secure sessions. A method for establishing secure sessions may commence with receiving a request to establish a secure session between a client and a server. Client security parameters may be provided in client extension fields of the request. The method may include forwarding the request to the server and receiving a secure session response from the server. Server security parameters may be provided in server extension fields of the secure session response. The method may include receiving a server key secret, forwarding the secure session response and the server key secret to the client, receiving a client key secret, and forwarding the client key secret to the server. The method may continue with calculating a session key and establishing a first secure session between the security gateway and the server and a second secure session between the security gateway and the client.

Abstract: A dual lock step processor system includes a first processor connected to a first memory, a second processor connected to a second memory, compiler engine, a first instruction engine operably connected to a first memory, and a second instruction engine operably connected to a second memory. The first instruction engine is configured to store a program value; encode the first program value using a first differential encoding and the compiler engine to generate a first encoded program value; and write the first encoded program value into a first address location of a plurality of first address locations. The second instruction engine is configured to store a program value; to encode the first program value using a second differential encoding and the compiler engine to generate a second encoded program value and write the second encoded program value into a second address location of a plurality of second address locations corresponding to the first selected address location.

Abstract: Systems, apparatuses, and methods for improving security of a silicon-based system by creating a glitch-resistant process for executing a software code block on the silicon-based system are disclosed. An example method may begin by marking the software code block as non-executable. Second, intent to execute the software code block is registered with a staging register. Third, the software code block is compressed into a compression constant. Fourth, the compression constant is compared with a first predetermined value using two comparators. Fifth, responsive to the comparators providing a true result after comparison, the software code block is marked as executable to allow the software code block to execute. In another aspect, the example method may be repeated for n>1 iterations, and in each iteration i, an ith software code block is compressed into an ith compression constant that is compared to an ith predetermined value.

Abstract: A method of encryption using spatial voting can include determining a first feature and a second feature of user data, wherein the first feature and the second feature correspond to a cell of a subset of cells of a grid of cells, each cell of the subset of cells including a character associated therewith, altering one or more values of the first feature and the second feature to generate an altered first feature and an altered second feature, and concatenating the altered first feature and the altered second feature to generate encrypted data.

Abstract: Techniques are disclosed relating to automating authentication decisions for a multi-factor authentication scheme based on computer learning. In disclosed embodiments, a mobile device receives a first request corresponding to a factor in a first multi-factor authentication procedure. Based on user input approving or denying the first request, the mobile device sends a response to the first request and stores values of multiple parameters associated with the first request. The mobile device receives a second request corresponding to a factor in a second multi-factor authentication procedure where the second request is for authentication for a different account than the first request. The mobile device automatically generates an approval response to the second request based on performing a computer learning process on inputs that include values of multiple parameters for the second request and the stored values of the multiple parameters associated with the first request.

Abstract: A system and protocol for integrating a plurality of service providers across a plurality of domains with an application using a hosted platform have been described. The system involves registration of metadata corresponding to the service providers, their services, their types and their set of parameters. When a new integrating application is provided, then it also includes a wrapper protocol. The wrapper protocol includes six predefined methods. The hosted platform in turn can execute the request of the “integrating application” by internally connecting with the plurality of service providers across a plurality of domains and provide the output in a standard format. Since the wrapper protocol standardizes the format of communication (input & output), hence it reduces effort substantially at the end of the integrating application. The ability of the platform to increase the list of service providers is augmented as it relies on metadata for request generation and invocation.

Abstract: Systems, computer program products, and methods are described herein for optimizing access control for server privilege. The present invention is configured to electronically receive, from a first computing device associated with a user, a server access request to access one or more servers; determine a first time period associated with the server access request based on an amount of time required to execute a first action on the one or more servers, wherein the first time period is defined by a first time stamp and a second time stamp; initiate an access window at the first time stamp from which the first computing device is capable of executing the first action on the one or more servers; and automatically terminate the access window at the second time stamp.

Abstract: An encryption system is provided. The system includes a plurality of communication devices, one or more processors, one or more memory components, one or more network connections, and a data repository. The data repository is stored by the plurality of communication devices on the one or more memory components thereof. A polynomial function is developed to point to message data within the data repository, wherein the polynomial function is transmitted between the plurality of communication devices to exchange the message data.

Abstract: Electronic communications passing through a communication gateway or similar device for an enterprise can be monitored for indicators of malicious activity. When potentially malicious activity is identified, a user-based inquiry can be employed to identify potential sources of the malicious activity within the enterprise network. More specifically, by identifying a user that sourced the communication, instead of or in addition to a network address, devices within the enterprise network associated with the user can be located, analyzed, and remediated as appropriate.

Abstract: In one embodiment, a service classifies a device in a network as human-controlled or self-controlled. The service also classifies an online resource as designed for access by human-controlled devices or by self-controlled devices. The service obtains traffic data regarding an attempt by the device to access the online resource via the network. The service determines that the attempt by the device to access the online resource is a security violation, based on the classifications of the device and the online resource. The service initiates a mitigation action in the network for the security violation.

Abstract: In one embodiment, a security device in a computer network determines a plurality of values for a plurality of features from samples of known malware, and computes one or more significant values out of the plurality of values, where each of the one or more significant values occurs across greater than a significance threshold of the samples. The security device may then determine feature values for samples of unlabeled traffic, and declares one or more particular samples of unlabeled traffic as synthetic malicious flow samples in response to all feature values for each synthetic malicious flow sample matching a respective one of the significant values for each corresponding respective feature. The security device may then use the samples of known malware and the synthetic malicious flow samples for model-based malware detection.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: A method for authorizing online sharing of content including a digital photograph or video, includes receiving, at an electronic device, the content, identifying an image of a person in the content, identifying authorization conditions associated with the person, identifying an image of an object or audio in the content, based on both the image of the person identified and the image of the object or audio identified, determining if the authorization conditions associated with the person are met, and in response to determining that the authorization conditions are met, providing online access to the digital photograph or video.

Abstract: Embodiments of the present disclosure are directed to methods and systems for providing secure over-the-air firmware updates to one or more vehicles. More specifically, the present disclosure describes applying to firmware images distributed to one or more vehicles encryption that is unique to each update version. The encryption is also unique to each vehicle receiving the update. Embodiments of the present disclosure can also include determining and verifying the integrity of an available OTA firmware update prior to authorizing installation of the firmware update in a vehicle.

Abstract: Electronic communications passing through a communication gateway or similar device for an enterprise can be monitored for indicators of malicious activity. When potentially malicious activity is identified, a user-based inquiry can be employed to identify potential sources of the malicious activity within the enterprise network. More specifically, by identifying a user that sourced the communication, instead of or in addition to a network address, devices within the enterprise network associated with the user can be located, analyzed, and remediated as appropriate.