Abstract: A system and method for modification of a passcode for accessing the system are provided. The system includes a premises control unit. The premises control unit including control processing circuitry configured to: receive an expected code message, the expected code message instructing an initiation to monitor for an input from a user, receive a input code that is input by the user, determine whether the input code matches a predefined verification code, and if the input code matches the predefined verification code, cause transmission of a verification message to a monitoring server, the verification message indicating the input code matched the predefined verification code and triggering the monitoring server to allow a passcode for accessing the system to be modified.

Abstract: A method for performing secure computations on records, comprising: receiving a request to apply a computation on a record; assigning a respective partial record of a plurality of partial records of the record to each of a plurality of computational processes; instructing each of the plurality of computational processes to perform a computation scheme comprising: applying a semi honest multiparty computation on the partial record; iteratively repeating a predetermined number of times: using a secure multiparty arithmetic computation to generate random terms; using the secure multiparty arithmetic computation to assign the random terms and an outcome of the application to at least one predetermined equation; verifying an integrity of the semi honest multiparty computation by comparison of the assignments to the at least one predetermined equation to at least one constant; and when the integrity is valid, combining the applications of the semi honest multiparty computations on the partial records.

Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.

Abstract: An embodiment of the present invention is directed to quantifying the value of an individual log source sent to the SIEM. Through vendor-agnostic measurement, an algorithmic model utilized by a Log Quality Value (LQV) index enables security engineers and incident response (IR) teams to determine which logs provide the most value for security investigations. An embodiment of the present invention recognizes a positive correlation between the LQV index and critical logs used to investigate the attack. An embodiment of the present invention may be extended to evaluate the LQV algorithms against a more extensive dataset from live production environments and to further measure the tool effectiveness through periodically comparing the LQV index to logs used to detect security incidents.

Abstract: A method for operating an apparatus according to various embodiments may comprise the operations of: detecting whether a first signal transmitted from a control device to a storage device includes a designated address; and transmitting a second signal to the control device if the first signal includes the designated address, wherein the first signal may be a signal for transmitting, by the control device, a request for data to the storage device, and the second signal may be a signal for detecting whether uncommon data is included in a signal generated from the first signal.

Abstract: A system for detecting directory reconnaissance in a directory service includes a sensor and a directory reconnaissance detector, each of which is executing on one or more computing devices. The sensor determines whether a query that is submitted to a directory server is a suspicious query and, if the query is determined to be a suspicious query, transmits the suspicious query to the directory reconnaissance detector. The director reconnaissance detector includes a receiver, a context obtainer, an alert determiner and an alert transmitter. The receiver receives the suspicious query from the sensor and the context obtainer obtains context information associated with the suspicious query. The alert determiner determines whether a security alert should be generated based at least on the suspicious query and the context information. The alert transmitter generates the security alert responsive to a determination that the security alert should be generated.

Abstract: A data processing apparatus comprises branch prediction circuitry adapted to store at least one branch prediction state entry in relation to a stream of instructions, input circuitry to receive at least one input to generate a new branch prediction state entry, wherein the at least one input comprises a plurality of bits; and coding circuitry adapted to perform an encoding operation to encode at least some of the plurality of bits based on a value associated with a current execution environment in which the stream of instructions is being executed. This guards against potential attacks which exploit the ability for branch prediction entries trained by one execution environment to be used by another execution environment as a basis for branch predictions.

Abstract: Provided is a signature generation device, etc., generating signature information with high accuracy. The signature generation device calculates hash values for at least a partial area in individual files; calculates a similarity degree between the calculated hash values and classifies the plurality of files into groups based on the calculated degree; specifies common strings among, at least, some of the files in strings included in files of a group, the strings being symbol strings or bit strings; and generates signature information being a criterion for determining whether or not at least a part of the common string in the specified common strings is included.

Abstract: A safeguarding method, a safeguarding apparatus, and a computer storage medium are provided. The method includes detecting a program operating on a terminal, and intercepting an operation performed by the program; identifying an object on which the program performs the operation; obtaining configuration information of the object on the terminal, and determining, based on the configuration information, that the object is a targeted monitored object. The method further includes determining, based on the configuration information of the targeted monitored object, whether the operation performed by the program on the object is a legitimate operation; and canceling intercepting the operation if the operation is a legitimate operation, and continuously intercepting the operation if the operation is an illegitimate operation.

Abstract: A method and apparatus for identifying computer virus variants are disclosed to improve the accuracy of virus identification and removal, and may relate to the field of internet technology. The method includes running a virus sample to be tested and recording an API call sequence produced during running of the virus sample. The method further includes obtaining a characteristic API call sequence for each one of a plurality of virus families, matching the API call sequence produced during running of the virus sample to be tested with the characteristic API call sequences of the virus families, and obtaining a matching result. The method also includes determining the virus sample to be tested is a virus variant by extent of a match between the API call sequence produced by the virus sample and any characteristic API call sequence of any one of the virus families.

Abstract: A technique is described for protecting file data from malicious programs, in particularly, by decrypting data that has been maliciously encrypted by software such as ransomware. The described technique generates a copy of a first block of a plurality of files stored on a computing device, and also intercepts request(s) from a process executing on the computing device to obtain certain types of random data and system entropy, which are recorded. When the system detects that the plurality of files have been encrypted by a malicious program, the described system determines a cryptographic key determined based on the generated copies of the first blocks of the plurality of files and on the recorded random data, and uses that key to decrypt the plurality of files.

Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options.

Abstract: The disclosed embodiments generally relate to detecting malware through detection of micro-architectural changes (morphing events) when executing a code at a hardware level (e.g., CPU). An exemplary embodiment relates to a computer system having: a memory circuitry comprising an executable code; a central processing unit (CPU) in communication with the memory circuitry and configured to execute the code; a performance monitoring unit (PMU) associated with the CPU, the PMU configured to detect and count one or more morphing events associated with execution of the code and to determine if the counted number of morphine events exceed a threshold value; and a co-processor configured to initiate a memory scan of the memory circuitry to identify a malware in the code.

Abstract: An attachment to an e-mail message is replaced with a URL before that message is delivered to an end user, thus providing more time to perform a better scan at a cloud server computer. The attachment is removed from the e-mail message and sent to the cloud server computer for a dynamic scan and a static scan which will likely include updates better able to detect malicious software. The e-mail message with the URL is delivered to the end user and there is a delay before the end user reads the message or attempts to open the attachment. An artificial delay may be introduced at an e-mail gateway before the message is delivered to the end-user. If the attachment is benign then the end user is allowed to download it via the URL; if the attachment is malicious then the end user is only given a warning message.

Abstract: Computer-implemented methods and systems are provided for the detection of software presence remotely through the web browser by detecting the presence of webinjects in a web browser that visits a detection webpage. The methods can include delivering a detection webpage to a web browser, in which the detection webpage has detection code configured to detect a presence of the webinject in the detection webpage; and inspecting, by the detection code, rendering of content of the detection webpage in the browser to detect webinject content in the detection webpage by the webinject, the webinject content including one or more Hypertext Markup Language (HTML) components. The method can further include, if webinject content is detected, generating a fingerprint for each of the one or more HTML components; transmitting the one or more fingerprints to an external server; and classifying, by the external server, the webinject based on the one or more fingerprints.

Abstract: Examples associated with firmware encryption are described. One example device firmware includes a base module. The base module controls a base function of the device. The device firmware also includes a first encrypted module that modifies a first function of the device. The first encrypted module is inactive until decrypted. A decryption module decrypts the first module using a first encryption key and controls activation of the first encrypted module.

Abstract: A method includes receiving a firmware update package at an information handling system, the package including a payload containing a first firmware image. In response to executing the firmware update package while the information handling system is under control of an operating system, identifying a non-volatile storage device; authenticating the first firmware image; and storing the first firmware image at the non-volatile storage device. In response to successfully authenticating the first firmware image, initiating a reboot of the information handling system to invoke an initialization routine. The initialization routine includes retrieving the first firmware image from the non-volatile storage device and installing the first firmware image at a first device.

Abstract: A verification circuit provided in an information processing apparatus verifies the presence or absence of the tampering of a boot program stored in a memory. A monitoring circuit monitors a signal communicated between the verification circuit and the memory and detects that the start-up of a system has failed due to the tampering of the boot program based on a monitoring result of the signal. Subsequently, the monitoring circuit provides notification of information related to a cause of failure of the start-up of the system.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Abstract: An electronic apparatus that is configured to detect tampering with predetermined software shifts to one of a power-off mode and a suspended mode based on a power-off instruction. The electronic apparatus performs detection of tampering with the predetermined software at activation of the electronic apparatus from the power-off mode and does not perform detection of tampering with the predetermined software at activation of the electronic apparatus from the suspended mode.

Abstract: A system and method is provided for changing parameter values of a computer system without changing security properties. An exemplary method includes receiving a request to change a system configuration of the computer system and identifying a parameter relating to system configurations based on the received request. Furthermore, based on the identified parameter, the method includes receiving instructions to change the identified at least one parameter and initiating a transaction to change the identified at least one parameter based on the received instructions. The initiated transaction is then analyzed to determine whether the change to the parameter will lower a security level of the computer system. If not, the method will execute the change of the identified parameter related to the system configuration.

Abstract: Provided is an inspection system capable of inspecting whether or not a control device mounted to a vehicle normally operates also during usage. An inspection information generation unit of a server generates security inspection information for use in inspection of a function of an ECU on the basis of ECU design information and security information, and the security inspection information is transmitted to an ECU_GW. In the ECU_GW having received the security inspection information, an ECU_GW control unit performs a conversion process, and transmits information obtained by the conversion process to an ECU_A and an ECU_B. When receiving the information, each of the ECU_A and the ECU_B determines, with use of a determination reference held in advance, whether the received information is normal or abnormal.

Abstract: A computer security system includes a test management system and associated communication architecture that enables creation of customized tests of computer security application features. A server stores a test script in a custom scripting language. The test script includes a set of control statements that may be organized in a decision tree to control facilitation of the test. Clients poll the server to independently obtain and execute the control statements. Execution of the control statements control which clients participate in a test, which feature will be tested in the test, and what telemetry data will be collected from the clients to evaluate the test. The server evaluates the telemetry data to determine an outcome of the test and determines whether to further distribute or roll back the tested feature based on the test outcome. The testing can be utilized to rapidly and robustly deploy features that will enhance computer security.

Abstract: Embodiments disclosed herein describe systems and methods for providing secure entry of authentication data on computing devices, such as mobile devices. In some embodiments, the systems and methods are implemented on a mobile device having one or more vibration motors configured to operate at one or more speeds, and a touch-sensitive display. The mobile device may determine that an application executing on the mobile device is requesting entry of authentication data from a user via the touch-sensitive display. The mobile device may detect entry of a first character of the authentication data from the user. During the entry of the first character of authentication data, the mobile device activates a vibration motor at a first speed.

Abstract: In one embodiment, an apparatus includes: a memory encryption circuit to encrypt data from a protected device, the data to be stored to a memory; and a filter circuit coupled to the memory encryption circuit, the filter circuit including a plurality of filter entries, each filter entry to store a channel identifier corresponding to a protected device, an access control policy for the protected device, and a session encryption key provided by an enclave, the enclave permitted to access the data according to the access control policy, where the filter circuit is to receive the session encryption key from the enclave in response to validation of the enclave. Other embodiments are described and claimed.

Abstract: A data processing method comprises: in response to data to be encrypted or decrypted, determining, at a blockchain node, whether an adapter coupled to the node has been initialized; in response to determining that the adapter has not been initialized, determining an access address of the adapter; initializing the adapter based on the access address; and enabling the initialized adapter to encrypt or decrypt the data. As such, data encryption or decryption at the blockchain node is accelerated via the adapter.

Abstract: First data from a user device is received on an electronic computing device. The first data is encrypted to generate second data. The second data is fragmented and stored in a plurality of data stores.

Abstract: Described technologies enhance cybersecurity by leveraging collaborative filtering tools and techniques for security use by scoring attempts to access items in digital storage. Examples provided illustrate usage of accessor IDs and storage item IDs to compute recommendation scores which then operate as inverse measures of intrusion risk. Actions taken in response to recommendation scores that fall below a specified threshold may include preventing or terminating access, or alerting an administrator, for instance. A requested access may be allowed when the computed recommendation score is above a specified threshold, which indicates an acceptably low risk that the access is an unauthorized intrusion. Described cybersecurity technologies may be used by, or incorporated within, cloud services, cloud infrastructure, or virtual machines. Described cybersecurity technologies may also be used outside a cloud, e.g.

Abstract: System and method of decentralized services to make federated raw data sets owned by a plurality of Publishers Self-Governing for secure sharing and commingling allowing the commingled data to be productively used or analyzed by Subscribers only in an indirect manner that prevents extraction by any party and unauthorized in contradiction to the Self-Governing need-to-know policies defined by each Publisher.

Abstract: Provided herein are methods, systems and machine readable programs for enabling a secure channel for communicating self-destructive messages. In an embodiment, a method, system and machine readable program are provided for generating, communicating and receiving the self-destructive message is disclosed.

Abstract: One or more implementations of the present specification provide an invoice access method and apparatus based on a blockchain, and an electronic device. The method includes: receiving an access request initiated by an access user for a target invoice by using a client, the target invoice being encrypted and stored in the blockchain; determining, in response to the access request, whether the access user has an authority to access the target invoice; and in response to that the access user has the authority to access the target invoice, invoking decryption logic provided in a predetermined smart contract to decrypt ciphertext data of the target invoice stored in the blockchain, and returning decrypted plaintext data of the target invoice to the client.

Abstract: An application running in a container is able to access files stored on disk via normal file system calls, but in a manner that remains isolated from applications and processes in other containers. In one aspect, a namespace virtualization component is coupled with a copy-on-write component. When an isolated application is accessing a file stored on disk in a read-only manner, the namespace virtualization component and copy-on-write component grant access to the file. But, if the application requests to modify the file, the copy-on-write component intercepts the I/O and effectively creates a copy of the file in a different storage location on disk. The namespace virtualization component is then responsible for hiding the true location of the copy of the file, via namespace mapping.

Abstract: A computer-implemented method for propagating queries across a plurality of datasources that includes receiving user input via an administrative user interface. The input at least in part defines a plurality of asset paths within the datasources. A plurality of adapters corresponding to the datasources is automatically invoked and the input is automatically consolidated via the adapters for collective invocation in response to queries. A search query is received via an application user interface and the datasources are automatically queried at least in part by invoking the adapters and passing the input and the search query to the adapters. Responsive results for the search query from at least one of the datasources are automatically presented at an end user computing device.

Abstract: A method for sharing read access to a document stored on memory hardware. The method includes receiving a shared read access command from a sharor sharing read access to a sharee for a document stored on memory hardware in communication with the data processing hardware, and receiving a shared read access request from the sharee. The shared read access command includes an encrypted value and a first cryptographic share value based on a write key, a read key, a document identifier, and a sharee identifier. The method also includes multiplying the first and second cryptographic share values to determine a cryptographic read access value. The cryptographic read access value authorizes read access to the sharee for the document. The method also includes storing a read access token for the sharee including the cryptographic read access value and the encrypted value in a user read set of the memory hardware.

Abstract: A system for accessing data includes and interface and a processor. The interface is configured to receive a request to move stored data to a new location and requestor information. The stored data comprises sensitive data. The processor is configured to determine whether read access, storage access, and deletion access are allowed based at least in part on the requestor information; in the event that read access, storage access, and deletion access are allowed: read the sensitive data at an original location using an original token, store the sensitive data to the new location and receive a new token associated with the new location, and delete the original token and the sensitive data at the original location.

Abstract: Methods and apparatus are provided for preserving privacy of data collected from a vehicle. In one embodiment, a method includes: receiving, by a processor, privacy preferences entered by a user of the vehicle; receiving, by the processor, the data collected from the vehicle; distorting, by the processor, the data; downsampling, by the processor, the distorted data based on the privacy preferences; and communicating, by the processor, the downsampled, distorted vehicle data to a third-party entity.

Abstract: Aspects of the present disclosure involve a system comprising a computer-readable storage medium storing a program and a method for determining whether data utilization is privacy compliant. The program and method includes receiving input, via a graphical user interface, that includes identification of an application feature that utilizes user data collected from a plurality of users of the application; generating, for display in the graphical user interface, a plurality of fields that characterize utilization of user data; receiving, via the graphical user interface, a selection of one or more fields, the selected one or more fields characterize the utilization of the user data by the application feature; determining, based on the selected one or more fields, whether the utilization of the user data is privacy compliant; and generating, for display, an approval status indicating whether the utilization of the user data is privacy compliant.

Abstract: In an aspect, the present application may describe a method. The method may include: receiving, from a remote computing device, a first indication of consent for an authenticated entity to share data with a first third party server, the first indication of consent associated with a first sharing permission defining a first sharing scope; in response to receiving the first indication of consent: configuring a server to share data for the authenticated entity with the first third party server based on the sharing permission; identifying a first safety score, the first safety score associated with the first third party server; and updating a risk score for the authenticated entity based on the first safety score and the first sharing permission; and sending the updated risk score for the authenticated entity to the remote computing device for display thereon.

Abstract: An electronic device is disclosed. In addition, various embodiments recognized through the specification are possible. The electronic device includes a sensor, a processor operatively connected with the sensor, and a memory, operatively connected with the processor, including instructions. The instructions, when executed by the processor, cause the processor to perform biometric authentication for a user of the electronic device using the sensor, while a call connection procedure is performed with an ARS server, receive a voice signal for requesting private information of the user from the ARS server and convert the voice signal into text, and determine private information requested by the ARS server among at least one private information of the user, the at least one private information being previously stored in the memory, based on the converted text, and transmit the determined private information to the ARS server.

Abstract: In various embodiments, a personal data processing system may require guardian consent (e.g., parental consent) for a data subject in order to collect, store, and or process the subject's personal data. The system may prompt the data subject to initiate a request for guardian consent or the system may initiate a request for guardian consent without initiation from the data subject (e.g., in the background of a transaction). In some embodiments, the system may require guardian consent when a data subject is under the age for valid consent for the particular type of personal data that will be collected as part of a particular transaction. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects and/or from guardians on their behalf (e.g., in the case of a minor data subject).

Abstract: Systems, related methods and other means for providing the securing of JavaScript and source code are provided herein. The system and methods may be configured to poll a client device and/or to otherwise determine whether a debugging console is active on a client device and deny access to the JavaScript and source code if the debugging console is active. Additionally or alternatively, the system and methods may receive a request to access the JavaScript and source code form a client device, and may determine whether the request is from a trusted referrer. When the request is from an untrusted referrer, the system and method can deny access to the JavaScript and source code. When the request is from a trusted referrer, the system and method can grant access to the JavaScript and source code.

Abstract: A method for manipulation-proof storage of payload data is provided, including: storing the payload data in a chain of data records; forming, for each data record in the chain, a current hash value at least using the payload data comprised and stored in the respective data record; storing, in the data record, a predecessor hash value that corresponds to a hash value of a preceding data record, such that in a first data record in the chain, a predetermined root hash value replaces the predecessor hash value; storing, in a persistent memory, a chain of hash values including the current hash value, the predecessor hash value, and the predetermined root hash value, such that content, once stored in the persistent memory, is no longer modifiable or removable from the persistent memory; and storing the data records in a reversible memory that is distinct from the persistent memory.

Abstract: A computer-implemented index creation method includes obtaining, by a server storing data in a blockchain ledger, an identifier, in which the identifier identifies an attribute value of a data record; determining location information of the data record in the blockchain ledger, in which the location information includes a block height of a data block in which the data record is located and an offset of the data record in the data block; and writing the location information into an index, in which the index stores a correspondence between the location information and the attribute value, the attribute value being used as a primary key in the index.

Abstract: Computer code embedded in an electronic component (e.g., a processor, a sensor, etc.) of a medical device, such as a dialysis machine, can be authenticated by comparing a metadata signature derived from the computer code of the electronic component to a key derived from a pre-authenticated code associated with the electronic component. The metadata signature can be derived by running an error-check/error-correct algorithm (e.g., SHA256) on the computer code of the electronic component. A use of the metadata signature enables detection of any unauthorized changes to the computer code as compared to the pre-authenticated code.

Abstract: A processor chip including a memory controller, application processor and a communication processor, where the memory controller is configured to define an area of memory as secure memory, and allow only an access request with a security attribute to access the secure memory. The application processor is configured to invoke a secure application in a trusted execution environment, and write an instruction request for a secure element into the secure memory using the secure application. The communication processor is configured to read the instruction request from the secure memory in the trusted execution environment, and send the instruction request to the secure element. The application processor and the communication processor need to be in the trusted execution environment when accessing the secure memory, and access the secure memory only using the secure application.

Abstract: An access control system includes a processor configured to provide a trusted execution environment isolated from a rich execution environment. A rich OS operates in the rich execution environment while a trusted OS operates in the trusted execution environment. A plurality of protected data files are stored in non-volatile memory. When a process requests access to a protected data file, the computer system can permit the requesting process to access the requested data file only if a validated application token is present that corresponds to the requesting process. An application token is generated for the associated application by: detecting initiation of a first process associated with the associated application; determining that a valid user code is available within the trusted execution environment; and generating the application token using the valid user code upon determining that the valid user code is available within the trusted execution environment.

Abstract: In an example, a system may include an object store for storing objects, wherein each object is identified by an object signature generated according to a first cryptographic function, wherein the objects stored in the object store exhibit a hierarchical relationship from a root object. The system may receive a second cryptographic function for the object store, receive an I/O request affecting an object in the object store, encode the affected object according to the second cryptographic function, and persist the affected object alongside other objects in the object store encoded according to the first cryptographic function.

Abstract: The present invention relates to a storage device that is able to execute higher level commands, such as network-level, file-system commands, with privileged access to various resources, such as the storage media, hardware, memory, firmware, etc. In one embodiment, the storage device is configured to receive and execute network-level file-system commands, such as Server-Message-Block protocol commands. In particular, the storage device comprises a drive having a storage media and a communications interface, such as a network interface, and a controller. The controller is configured to interpret and execute network-level, file-system commands received from the communications interface on data stored on the storage media. Accordingly, the storage device can service the network-level, file-system commands more efficiently and without the need for user-space applications.

Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.