Abstract: The present disclosure provides a system and method of implementing a security algorithm using a reconfigurable processor, the method including: determining a plurality of sub-algorithms for constructing the security algorithm; and configuring the reconfigurable processor to implement the security algorithm according to a first configuration information of each sub-algorithm of the plurality of sub-algorithms and a first combination configuration information indicating a combination connection relationship of each of the sub-algorithms. The present disclosure also provides a system and method of implementing a decryption algorithm using a reconfigurable processor.

Abstract: A computer system includes a processor, a volatile storage device that stores a program to be executed by the processor, and a plurality of nonvolatile storage devices that store data. Each of the plurality of nonvolatile storage devices holds a first encryption key for encrypting and decrypting first data. Each nonvolatile storage device in the plurality of nonvolatile storage devices transfers the first data to another nonvolatile storage device in the plurality of nonvolatile storage devices in an encrypted or unencrypted state determined according to a predetermined rule.

Abstract: The invention utilizes a two-component system to detect third party security threats and drive improved security threat mitigation based on the detection. The first component of the system is a security threat assessment engine, which receives and/or identifies external data and internal data regarding third parties in order to determine information security threats posed by third-parties. The second component of the system is an analytics engine, which may comprise a machine learning component which is configured to detect threat patterns and anomalies. In response to the detection of the threat patterns and anomalies the security threat assessment engine may be modified in order to more accurately determine security threats. The system after identifying a security threat, generates a notification associated with the security threat and transfers the notification to a first set of third parties that may be affected by the security threat.

Abstract: The invention utilizes a two-component system to detect third party security threats and drive improved security threat mitigation based on the detection. The first component of the system is a security threat assessment engine, which receives and/or identifies external data and internal data regarding third parties in order to determine information security threats posed by third parties. The second component of the system is an analytics engine, which may comprise a machine learning component which is configured to detect threat patterns and anomalies. In response to the detection of the threat patterns and anomalies the security threat assessment engine may be modified in order to more accurately determine security threats.

Abstract: Embodiments allow join operations to be performed upon encrypted database tables stored on an unsecure server (e.g., as part of a DBaaS offering), with reduced information leakage. Such secure join operations may be implemented through the combination of two cryptographic techniques: non-deterministic (randomized) searchable encryption; and attribute based encryption. The searchable encryption (e.g., Symmetric Searchable Encryption: SSE) allows join values to be revealed only for rows fulfilling additional predicate attributes that the client has filtered for, thereby offering fine granular security. The attribute based encryption (e.g., Key-Policy Attribute-Based Encryption: KP-ABE) avoids the unmanageable consumption of memory that would otherwise result from the creation of intermediate constructions on the server. Embodiments offer a solution reducing information leakage of join values not contained in the result of the actual database query.

Abstract: A memory subsystem includes a memory interface for accessing a non-volatile memory (NVM), a host interface for communicating with a host, and a processor. The processor is configured to calculate a signature over program code that is used by the host and is stored in the NVM, to verify, upon detecting a boot process performed by the host, whether the boot process is legitimate, and, only if the boot process was verified to be legitimate, to provide the signature to the host for authentication to a remote server.

Abstract: A method includes monitoring system call invocations made to an operating system of a computer system by an application as the application renders a digital file. The method automatically featurizes the system call invocations into a set of features corresponding to the digital file, and compares each feature set against benign features of a set of known benign features. The comparing includes, for each feature of the set of features, applying entity resolution between the feature and benign feature(s) of the set of known benign features to find a correlation between the feature and a benign feature representing a common semantic interaction between the application and the operating system. The method identifies a number of features that do not correlate to the benign features, and determines maliciousness of the digital file based on the identified number of features that do not correlate to the benign features.

Abstract: A method includes determining, by a tracker controller of a hardware security module, that a first processor has submitted a first request to access a computing resource. The method also includes determining, by the tracker controller, whether the first request and a second request both request access to the same computing resource. The second request is submitted by a second processor. The method also includes preventing access to the computing resource based on a determination that the first request and the second request do not request access to the same computing resource. The method also includes permitting access to the computing resource based on a determination that the first request and the second request both request access to the same computing resource.

Abstract: The invention relates to a method for transmitting data implemented between a terminal and an integrated circuit, said terminal and said integrated circuit communicating by means of an interface for transmitting and receiving data. According to the invention, said method comprises at least one iteration of the following steps, implemented by the terminal, generating (10) a command intended for said integrated circuit, said command comprising a command header; encrypting (20) said command (CX), delivering an encrypted command (CC); creating (20) a second command (CY), said command comprising a command header and data, said data being constituted at least partly by said encrypted commands (CC); transmitting (40) said second command (CY) to said integrated circuit.

Abstract: A method for providing a brain computer interface that includes detecting a neural signal of a user in response to a calibration session having a time-locked component and a spontaneous component; generating a user-specific calibration model based on the neural signal; prompting the user to undergo a verification session, the verification session having a time-locked component and a spontaneous component; detecting a neural signal contemporaneously with delivery of the verification session; generating an output of the user-specific calibration model from the neural signal; based upon a comparison operation between processed outputs, determining an authentication status of the user; and performing an authenticated action.

Abstract: Using a recurrent neural network (RNN) that has been trained to a satisfactory level of performance, highly discriminative features can be extracted by running a sample through the RNN, and then extracting a final hidden state hh where i is the number of instructions of the sample. This resulting feature vector may then be concatenated with the other hand-engineered features, and a larger classifier may then be trained on hand-engineered as well as automatically determined features. Related apparatus, systems, techniques and articles are also described.

Abstract: A system and method of building a decision or prediction model used for analyzing and scoring behavioral transactions is disclosed. A customer dataset in a model development store is used to build an original model is subject to a data right usage withdrawal, the original model having coverage over the customer dataset extract, using data sampling, a portion of the customer dataset to generate a model surrogate dataset. The system and method discretize vectors present in both the model surrogate dataset and the customer dataset, and receive data representing the data right usage withdrawal from the customer dataset. The system and method determine a depletion of the model surrogate dataset according to the data right usage withdrawal, and compute an estimated mean time to coverage failure of the original model based on the depletion of the model surrogate dataset according to the data right usage withdrawal.

Abstract: An apparatus comprises a plurality of conductive elements arranged within at least a first conductive layer and a dielectric layer comprising a plurality of microcapsules. The first conductive layer is arranged on a first side of the dielectric layer. The apparatus further comprises monitoring circuitry coupled with the plurality of conductive elements and configured to detect a change in an electrical parameter for at least a first conductive element of the plurality of conductive elements. The change in the electrical parameter indicates a physical intrusion of the dielectric layer that causes a rupture of one or more microcapsules of the plurality of microcapsules.

Abstract: A method of creating an application purpose certificate, comprising: receiving from a software publisher an application code and declared privacy information, the declared privacy information includes at least one allowed usage purpose for each of a plurality of data types; analyzing the application's usage of data of each of the plurality of data types; verifying the usage is compliant with the least one allowed usage purpose according to the analysis; creating an encrypted digital purpose certificate, the digital purpose certificate is unique for the application code; and sending the digital purpose certificate to the software publisher to be bundled with the application code and a publisher authentication certificate.

Abstract: The invention utilizes a two-component system to detect third party security threats and drive improved security threat mitigation based on the detection. The first component of the system is a security threat assessment engine, which receives and/or identifies external data and internal data regarding third parties in order to determine information security threats posed by third parties. The second component of the system is an analytics engine, which may comprise a machine learning component which is configured to detect threat patterns and anomalies. In response to the detection of the threat patterns and anomalies the security threat assessment engine may be modified in order to more accurately determine security threats.

Abstract: A memory system includes a controller having a processor and one or more memory media, and a method of operating the memory system. A host generates honeypot files and the processor is configured to write the honeypot files onto the memory media at random locations. The controller monitors the locations of the randomly distributed honeypot files for access. The host may set a mode of operation concerning access of the honeypot files randomly distributed on the memory media. In a strict mode of operation, the controller may halt access to the memory media or require authentication if a single honeypot file is accessed. In a moderate mode of operation, the controller may analyze the memory media to determine if under attack if a single honeypot file is accessed. In a light mode of operation, the controller may not take any action until a predetermined number of honeypot files are accessed.

Abstract: The invention relates to the field of computer engineering and cryptography and, in particular, to methods for implementing linear transformations that operate with a specified speed and require minimum amount of memory, for further usage in devices for cryptographic protection of data. The technical result enables the selection of interrelated parameters (performance and required amount of memory) for a particular computing system when implementing a high-dimensional linear transformation. The use of the present method allows for a reduction of the amount of consumed memory at a given word size of processors employed. To this end, based on a specified linear transformation, a modified linear shift register of Galois-type or Fibonacci-type is generated according to the rules provided in the disclosed method, and the usage thereof enables to obtain the indicated technical result.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for utilizing an access log of a proxy server device of a content delivery network (CDN) to detect and mitigate a denial of service (DOS) on a web or content server hosted by the CDN. Through an analysis of the content requests received at the proxy server listed in the access logs, one or more IP addresses may be identified as involved in a potential DOS attack or other suspicious behavior. Once identified, the suspicious activities of the one or more IP addresses may be tracked and aggregated over a particular period of time, with each detected suspicious request to the content server being counted. The count of suspicious requests to the content server may then be compared to one or more threshold values and a remediation action may occur when the thresholds are met or exceeded.

Abstract: A computer-implemented method for automatically blocking Web Proxy Auto-Discovery Protocol (WPAD) attacks may include (i) automatically detecting, by a computing device, a WPAD request for a configuration file, (ii) identifying, by the computing device, a server attempting to fulfill the WPAD request for the configuration file, (iii) determining, by the computing device, that the server is not included in a whitelist of WPAD servers for the configuration file, and (iv) automatically performing, by the computing device and based on the determination that the server is not included in the whitelist, a security action to secure the WPAD request for the configuration file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.