Abstract: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.

Abstract: Various embodiments of information handling systems (IHS) and related methods are provided to prevent tampering and verify the integrity of non-volatile data stored within non-volatile memory, such as but not limited to non-volatile random access memory (NVRAM). More specifically, information handling systems and methods are provided herein to: (a) prevent tampering of non-volatile data stored within non-volatile memory by preventing unauthorized write operations to the non-volatile memory, and either (b) verify the integrity of the non-volatile data read from the non-volatile memory, or (c) detect tampering, if the integrity of the non-volatile data cannot be verified.

Abstract: Examples herein describe a scalable tweak engine and prefetching tweak values. Regarding the scalable tweak engine, it can be designed to accommodate different bus widths of data. The scalable tweak engine described herein includes multiple tweak calculators that can be daisy chained together to output multiple tweak values every clock cycle. These tweak values can be sent to multiple encryption cores so that multiple data blocks can be encrypted in parallel. Regarding prefetching tweak values, previous encryption engines incur a delay as the tweak value (e.g., a metadata value) for a data block is calculated. In the embodiments herein, the encryption engine can include an independent metadata engine that determines the metadata value for a subsequent data block while the current data block is being encrypted.

Abstract: Methods, systems, and computer storage media provide a privacy compliance notification indicating a database's level of compliance with a privacy policy after restoring the database to the database's backup copy. The database is associated with a database management engine. The database supports privacy-based first-class data entities. The privacy-based first-class data entities are database entities having privacy system-level metadata properties associated with data operations in a database language syntax. The privacy compliance notification may be generated based on determining whether a privacy database operation associated with a database journal and a privacy journal has been executed on a database since the database was restored to a backup copy of the database.

Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.

Abstract: A memory controller for improving data integrity and providing data security. The memory controller including a transmit data path to transmit write data to a memory device, the transmit data path comprising a scrambling component, wherein the scrambling component includes a scrambling logic and an exclusive OR logic, wherein the write data is divided into a first portion and a second portion, wherein input of the scrambling logic comprises the first portion of the write data and an address associated with the write data to generate a pseudo-random output, and wherein input of the exclusive OR logic comprises the second portion of the write data, the pseudo-random output and a fixed seed corresponding to the first portion of the write data to generate a scrambled data.

Abstract: Decrypting data at a first storage system that has been encrypted at a second, separate, storage system includes the first storage system requesting a key that decrypts the data from the second storage system, the second storage system determining if the first storage system is authorized for the key, the second storage system providing the key to the first storage system in response to the first storage system being authorized, a host that is coupled to the first storage system obtaining the key from the first storage system, and the host using the key to decrypt and access the data at the first storage system. The host and the first storage system may provide failover functionality for a system that includes the second storage system. The host may obtain the key from the first storage system in response to a failure of the system that includes the second storage system.

Abstract: A computer-implemented method for remote management of hardware security modules (HSMs) includes receiving a command request from a mobile device. The command request includes an encrypted key part and an encrypted signing key. The HSM decrypts the command request using a key associated with a security zone of the mobile device. The HSM decrypts the encrypted key part and the encrypted signing key. Decrypting the encrypted key part and the encrypted signing key includes using the key associated with the security zone of the mobile device and a key associated with a remote administrator associated with the mobile device. A command is generated for a domain with a target HSM. The command is generated using the decrypted key part and the decrypted signing key. The command is transmitted to the domain for execution by the target HSM. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for providing a brain computer interface that includes detecting a neural signal of a user in response to a calibration session having a time-locked component and a spontaneous component; generating a user-specific calibration model based on the neural signal; prompting the user to undergo a verification session, the verification session having a time-locked component and a spontaneous component; detecting a neural signal contemporaneously with delivery of the verification session; generating an output of the user-specific calibration model from the neural signal; based upon a comparison operation between processed outputs, determining an authentication status of the user; and performing an authenticated action.

Abstract: A first authenticator payload is obtained that includes a first authenticator random value. A first authenticator encrypted file is generated with an authenticator public key that is related to a client authenticator application. The first authenticator encrypted file is generated based on a first cryptographic algorithm. The first authenticator encrypted file includes the first authenticator payload. A first target payload is obtained that includes a first target random value. A first target encrypted file is generated with the first authenticator random value. The first target encrypted file is generated based on a second cryptographic algorithm. The first target encrypted file includes the first target payload.

Abstract: This disclosure describes techniques for device authentication and/or pairing. A display system can comprise a head mountable display, computer memory, and processor(s). In response to receiving a request to authenticate a connection between the display system and a companion device (e.g., controller or other computer device), first data may be determined, the first data based at least partly on audio data spoken by a user. The first data may be sent to an authentication device configured to compare the first data to second data received from the companion device, the second data based at least partly on the audio data. Based at least partly on a correspondence between the first and second data, the authentication device can send a confirmation to the display system to permit communication between the display system and companion device.

Abstract: In various embodiments a plurality of computing devices may perform methods for providing information security services for a communication network, including performing a consensus operation to determine whether a client device is authorized to request a document operation, wherein each computing device is assigned to one of a plurality of trust zones each including a number of computing devices less than or equal to a threshold number of computing devices, and performing the document operation for the client device in response to determining by the plurality of computing devices that consensus exists among the plurality of trust zones that the client device is authorized to request the document operation.

Abstract: A smart card is provided. The smart card includes a peripheral circuit configured to control a fingerprint sensing array and generate a raw image, an authentication information processing module configured to process the raw image into fingerprint information for verification, a security module configured to determine whether the fingerprint information for verification matches registered fingerprint information to determine usage approval or disapproval for a payment request, and an active shield overlapping the security module. The peripheral circuit, the authentication information processing module, and the security module are integrated into one chip.

Abstract: There is provided a technique of clock managing in a packet data network implementing a time-transfer protocol. The technique comprises: modifying, by the timing-server, a timestamp record to enable a controllable access to data informative of the least significant part of clock-informative data (CLSP data), wherein modifying the timestamp record comprises modifying the least significant part of the timestamp record (RLSP) to comprise the CLSP data in an encrypted form or to comprise values substituting, in a predefined manner, the CLSP data; transferring the modified timestamp record to all timing-clients, wherein CLSP data are transferred in a controllable access manner; enabling access to the CLSP data merely to authorized timing-clients among the plurality of timing-clients; and enabling the authorized timing-clients to obtain the CLSP data and synchronize the respective clocks using the CLSP data together with data informative of the most significant part of the clock-informative data.

Abstract: A system and a method are disclosed for on-device storage at a mobile bug of data of a one-way communications session where quality deteriorates. In an embodiment, a mobile bug receives a request to establish a one-way communications session, and responsively transmits data to a database for storage while refraining from storing the transmitted data subsequent to the transmission of the data. The mobile bug detects a deterioration in the one-way communications session that prevents, at least in part, the transmission of the data. Responsive to detecting the deterioration, while the deterioration is detected, the mobile bug stores the data in an encrypted format. The mobile bug detects a request for the data stored at the mobile bug, and responsively transmits the data to the database and deletes the data from the mobile bug.

Abstract: Credential phishing attack mitigation is disclosed. A URL that is associated with a suspected credential phishing web page is received. The suspected credential phishing web page is one that includes at least one element soliciting at least one credential. The URL is included in a message having at least one intended recipient. An artificial credential is provided to the suspected credential phishing web page. An indication is received that, subsequent to providing the artificial credential to the suspected credential phishing web page, an attempted use of the artificial credential to access a resource was made. In response to receiving the indication that the attempted use of the artificial credential to access the resource has been made, at least one remedial action is taken with respect to the suspected credential phishing web page.

Abstract: An encrypting entity encrypts an instance of data using a cryptographic key and a cryptographic technique to generate the encrypted data instance; generates a decryption application based on the cryptographic key and at least one credential, the decryption application configured to decrypt the encrypted data instance; bundles the encrypted data instance and the decryption application to generate an encryption bundle; and provides the encryption bundle to be stored by an external data repository. In an example embodiment, the cryptographic technique is a post-quantum cryptographic technique.

Abstract: A data comparison device holds first and second encrypted data of first and second plaintext, respectively. The first plaintext is divided into a plurality of blocks and the first encrypted data is generated by executing encryption of each of the plurality of blocks and shuffling of the plurality of blocks. The second plaintext is divided into a plurality of blocks and the second encrypted data is generated by executing encryption of each of the plurality of blocks. In at least one of the first encrypted data and the second encrypted data, a plaintext value is embedded as a value indicating a magnitude comparison result, and the data comparison device compares blocks at the same position before shuffling of the first encrypted data and the second encrypted data based on the embedded value and determines a magnitude relationship between the first plaintext and the second plaintext.

Abstract: An apparatus and a method for registering a device in a cloud server are provided. The apparatus includes detecting the device by using short-range communication, requesting an authentication code used for registering the device in the cloud server from an account server in response to the device being detected, receiving the authentication code from the account server, and transmitting the received authentication code and connection address information of the cloud server to the device.

Abstract: A system and method to transform a block of data is disclosed. A block of original data is retrieved from a data store, block of original data including a N number of words, each word including one or more bits of data. A multiplier matrix is provided, the multiplier matrix having N×N words, a plurality of sub matrices arranged diagonally within the N×N matrix, with each of the sub matrix arranged as a binomial matrix. All the words in the multiplier matrix not part of the sub matrix are set to zero. Each of the sub matrix is represented as a product of a plurality of lower factorized matrix, a plurality of upper factorized matrix and a shift matrix. The block of original data is multiplied with the multiplier matrix to generate a transformed block of original data with N number of words.