Abstract: An instruction and logic for a Simon-based hashing for validation are described. In one embodiment, a processor comprises: a memory the memory to store a plurality of values; and a hash circuit comprising a Simon cipher circuit operable to receive the plurality of values from the memory, to apply a Simon cipher, and to generate an output for each of the plurality of values; and circuitry coupled to the Simon cipher circuit to combine outputs from the Simon cipher circuit for each value of the plurality of values into a hash digest that is indicative of whether the values in the memory are valid.

Abstract: A system may register a use case with the use case including an application. An application identifier may be assigned to the application. The system may generate a transformation associated with the use case. The transformation may include logic to derive an output variable from a source variable. The system may also execute the transformation to derive output data for the output variable from source data of the source variable. The system may further lookup an access permission for the application using the application identifier in response to an access request.

Abstract: A method for generating a blockchain configured for fast navigation includes: storing a blockchain comprised of a plurality of blocks, each block including a header comprised of a fast track flag, fast track reference, timestamp, and hash value, where the plurality of blocks includes standard blocks having a deactivated fast track flag and fast track blocks having an activated fast track flag; identifying a most recent fast track block based on the timestamp in the fast track blocks; identifying a most recent overall block based on the timestamp included in the plurality of blocks; generating a fast track hash value via hashing the most recent fast track block; generating a chain hash value via hashing the most recent overall block; and writing a new block to the blockchain including a block header comprised of a timestamp, activated fast track flag, the fast track hash value, and the chain hash value.

Abstract: A system that provides responses to requests obtains a key that is used to digitally sign the request. The key is derived from information that is shared with a requestor to which the response is sent. The requestor derives, using the shared information, derives a key usable to verify the digital signature of the response, thereby enabling the requestor to operate in accordance with whether the digital signature of the response matches the response.

Abstract: The disclosed computer-implemented method for making security-related predictions may include (i) gathering information that comprises both signatures of events that occurred on computing systems during consecutive time slots and incident labels about incidents on the computing systems during the consecutive time slots, (ii) using the gathered information to train a machine learning model, (iii) predicting, by the machine learning model, at least one of an incident label about an incident and a signature of an event on a computing system during a time slot, wherein the computing system does not comprise at least one of an application capable of generating the signature and information about events occurring during the time slot due to the time slot having not yet occurred, and (iv) performing an action in response to the prediction. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Communication devices and a method of providing secure electronic content are general described. Content is encrypted using a time-invariant encryption algorithm on the binary bits and a time-varying baseband key encryption waveform with a time-varying phase or amplitude. The content is recovered using a waveform with a reference phase mixed with a reference LO signal or combining the waveform and content using an XOR to measure a change of the phase/amplitude of the received signal relative to the LO signal. The key for the time-invariant binary bit level encryption may be communicated on a different channel than the content prior to communication of the content or concurrently with the content. The phase/amplitude of the baseband key may vary after baseband waveform encryption of a predetermined number of symbols, independent of the time, or after a predetermined time independent of an amount of baseband signal encrypted.

Abstract: In a compression processing storage system, using a pool of encryption processing cores, the encryption processing cores are assigned to process either encryption operations, decryption operations, and decryption and encryption operations, that are scheduled for processing. A maximum number of the encryption processing cores are set for processing only the decryption operations, thereby lowering a decryption latency. A minimal number of the encryption processing cores are allocated for processing the encryption operations, thereby increasing encryption latency. The encryption operations, the decryption operations, and the decryption and encryption operations are scheduled between the pool of the plurality of processing cores according to a thread weight value (TWV) that is assigned to each one of the plurality of processing cores having a difference in processing power.

Abstract: A system and method for generating a unique identifier for a user. A processor hosted by the system transmits a prompt for user selection of a digital image and receives the selected digital image from the user. The received digital image is stored in a data storage device. The processor identifies a first code associated with the user. The processor embeds the first code into the digital image and generates a first modified digital image in response. The first modified digital image is also stored in the data storage device. The processor transmits the first modified digital image to the user over a data communications network. The modified digital image is then used as the unique identifier for the user.

Abstract: Methods, systems, and computer program products for authenticating an online user. Authentication involves sending a code from a server to a user device equipped with a source of illumination and a camera capable of capturing video imagery of the online user. The user device receives the code, modulates the source of illumination in accordance with the code, and captures video imagery of the user while the source of illumination is being modulated according to the code. The captured video imagery of the online user is sent to the server where it is analyzed to detect evidence of changes in illumination that correspond to the code. If good correspondence is found, the user may be authenticated. Similar methods may be applied to other biometric data. Applications of the authentication include identify validation, pseudonym verification, and distinguishing human from non human access attempts.

Abstract: Embodiments of the present application relate to a method and system for determining whether a terminal logging into a website is a mobile terminal. The method includes receiving a login request to access a website from a terminal, generating a first token, sending information including a redirect script to the terminal, the redirect script configured to cause the terminal to execute the redirect script and to access an activation link, receiving a verification request from the terminal, determining whether the version of the first token included in the verification request is valid relative to the generated first token, sending an indication that the first token is valid to the terminal, receiving an access request, the access request including the second token, determining whether the second token is valid, and determining whether the terminal is a mobile terminal according to whether the second token is valid.

Abstract: A secure provisioning manifest used to authenticate and securely communicate with peripherals attached to a computer is provided with techniques to learn about a new peripheral not authorized to be attached to the computer and possibly gain authorization for the peripheral. A secure I/O module, that is separate from an operating system and transaction software executed by a processor of the computer, uses the secure provisioning manifest to authenticate and establish a secure encrypted session for communicating with each peripheral authorized to be attached to the computer. When an unauthorized peripheral is found, identifying information for the peripheral is transmitted to an enterprise provisioning server with a request to authorize the peripheral.

Abstract: Managing a storage array includes: receiving, by a client-side array services module from a cloud-based security module through data communications on a wide area network, a token representing authentication of user credentials; and managing, by the client-side array services module, a storage array only through data communications on a local area network, including sending, to the storage array, the token with a management instruction.

Abstract: A system can receive a request to modify a universal integrated circuit card, generate a package comprising configuration data for modifying the universal integrated circuit card, instruct an over-the-air system to transmit the package encrypting the package with a transport key to generate an encrypted package, and transmit the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card. The system can provide a mobile network operator trusted service manager system information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation of the universal integrated circuit card.

Abstract: Technologies for control flow exploit mitigation include a computing device having a processor with real-time instruction tracing support. During execution of a process, the processor generates trace data indicative of control flow of the process. The computing device analyzes the trace data to identify suspected control flow exploits. The computing device may use heuristic algorithms to identify return-oriented programming exploits. The computing device may maintain a shadow stack based on the trace data. The computing device may identify indirect branches to unauthorized addresses based on the trace data to identify jump-oriented programming exploits. The computing device may check the trace data whenever the process is preempted. The processor may detect mispredicted return instructions in real time and invoke a software handler in the process space of the process to verify and maintain the shadow stack. Other embodiments are described and claimed.

Abstract: A method of identifying a device includes receiving a device transaction request from a remote device, receiving a first device fingerprint of the remote device, and receiving a second device fingerprint of a known device. The first device fingerprint is compared with the second device fingerprint and a first metric indicative of a similarity of the first device fingerprint and the second device fingerprint is generated. A third device fingerprint corresponding to an expected current value of the second device fingerprint is generated, and the first device fingerprint is compared with the third device fingerprint to generate a second metric indicative of a similarity of the first device fingerprint and the third device fingerprint. A response to the transaction request is formulated based on the first metric and the second metric.

Abstract: A method and system for aggregating and correlating disparate and unrelated events to enable faster security event detection. A plurality of event logs generated by a number of disparate, unrelated, independent components of a fault-tolerant server and platform-specific data are contextualized through the use of a security context map, enabling unrelated events to be correlated to identify security incidents indicative of security threats. User- or system-generated rules may then be applied to the contextualized data to enable more sophisticated security breach identification.

Abstract: A host computer supports a virtual guest system running thereon. The host system has a firewall that prevents it from communicating directly with the Internet, except with predetermined trusted sites. The virtual guest runs on a hypervisor, and the virtual guest comprises primarily a browser program that is allowed to contact the Internet freely via an Internet access connection that is completely separate from the host computer connection, such as a dedicated network termination point with its specific Internet IP address, or by tunneling through the host machine architecture to reach the Internet without exposing the host system. The virtual guest system is separated and completely isolated by an internal firewall from the host, and the guest cannot access any of the resources of the host computer, except that the guest can initiate cut, copy and paste operations that reach the host, and the guest can also request print of documents.

Abstract: An authentication relay and a NAT module of a telecommunication system facilitate communication between authentication clients and an authentication server. The authentication relay identifies authentication messages from the authentication clients intended for the authentication server. The authentication relay repackages the identified authentication message to add additional information. The NAT module translates the private IP address and UDP port number of the authentication client included in the original authentication message into a public IP address and unique UDP port number included with the repackaged authentication message sent to the authentication server. The same public IP address is used for authentication messages from a plurality of authentication clients thereby reducing the number of IP addresses required by the system.

Abstract: As provided herein, a first device may be registered as authorized to authenticate a user login into a service from a second device (e.g., a smart phone may be used to log the user into a webmail service on a computer without the user having to enter a password through the computer). Responsive to the user attempting to access the service through the second device, a login interface may be displayed on the first device. The user may confirm or deny that the user wants to log into the service on the second device, thus allowing the user to seamlessly log into the service on the second device (e.g., without entering a password) while mitigating unauthorized logins into the service from unknown devices. Further, the user may use the first device to delegate the authority to authenticate the user login into the service to one or more other devices.

Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.