Abstract: This disclosure is directed to a sequential biometric verification system and process. A device receives (502) a first biometric input and determines a match with a first predetermined biometric input of a verification sequence. The device provides (504) a first prompt that includes a request for a next biometric input user selection or a complete verification sequence user selection. The device receives the next biometric input user selection in response to the first prompt and a second biometric input, and then determines a match with a second predetermined biometric input of a verification sequence. The device provides a second prompt. The device receives the complete verification sequence user selection in response to the second prompt. Upon determining that at least the first and second biometric inputs (508) and the order of inputs match the predetermined biometric inputs of the verification sequence (510), the device enables receiving a user command.

Abstract: Methods and systems are provided for an AdHoc enrollment process. A user may be able to enroll and be verified by a system for a variety of actions or authentications without being forced to turn over personally identifiable information and without having to formally enroll. The system may compare captured biometric information with existing biometric information and may identify the user without the use of personally identifiable information.

Abstract: A system, method and one or more wireless earpieces for authenticating utilization of one or more wireless earpieces. A request is received through the one or more wireless earpieces. Biometric readings are performed for a user utilizing sensors of the one or more wireless earpieces. The biometric readings are analyzed to determine whether a biometric profile authorizes the one or more wireless earpieces to fulfill the request. The request is authenticated in response to determining the biometric profile authorizes fulfillment of the request.

Abstract: Provided is a processing system including a moving body identification information acquisition unit that acquires moving body identification information for identifying a moving body, an authentication unit that executes an inspector authentication process, based on biological information of an inspector, an inspection item identification information acquisition unit that acquires inspection item identification information for identifying an inspection item, and an output unit that stores the moving body identification information, the inspection item identification information, and inspector identification information of the inspector which is authenticated in the inspector authentication process in a storage unit in association with each other.

Abstract: A system performs identification system enrollment and validation and/or authentication. In some examples, the system receives a digital representation of a biometric for a person from a device, biographic information for the person, and monitoring of capture of the biometric and determines whether the biometric is genuine. In others, the system obtains data from a network search using the biometric and the information, generates a comparison of the biometric and the information to the data from the network search, and uses the comparison to determine whether the person is who the person asserts. In still others, the system performs a number of identity checks using the information and the biometric, weights certainty and risk of each of the number of identity checks, and determines whether to approve the person for identification system enrollment using an aggregation of the identity checks.

Abstract: Systems and methods provide an Information Handling System (IHS) comprising one or more host processor modules configured to host pluggable hardware devices and a secure control module configured to host a baseboard management controller. The baseboard management controller obtain an SPDM alias certificate from at least one pluggable hardware device, and retrieve an extended reality content link from the SPDM alias certificate and an error code database from the SPDM alias certificate. The extended reality content link may include one or more of a virtual reality content link, an augmented reality content link, and a mixed reality content link. The extended reality content link comprises a URL or address where virtual, augmented, or mixed reality content associated with the at least one pluggable hardware device is available. The error code database identifies error states associated with the at least one pluggable hardware device.

Abstract: Methods and systems for managing operation of data processing systems are disclosed. To manage operation of the data processing systems, the data processing systems may present unified communication and management systems. The unified communication and management systems may be used to manage the operation of any number of management controller embedded devices hosted by the data processing systems. The unified communication and management systems may be implemented using access to the management controller embedded devices.

Abstract: Example implementations include a method, apparatus, and computer-readable medium comprising determining, by a processor of a control panel, that a security event has happened, wherein the security event is associated with a user identification or authentication; capturing one or more still images or videos by at least one camera in the control panel subsequent and in response to determining that the security event has happened; and using the one or more still images or videos to perform facial recognition.

Abstract: A system is provided for validation and authentication of resources in a virtual environment. In particular, the system may embed a digital source identifier into a digital or virtual resource within the virtual environment. For instance, in some embodiments, the digital source identifier may be an image file that may be stored within one or more pre-defined areas or regions of the virtual resource, where the image file serves as an indicator of authenticity and validity of the virtual resource. Accordingly, the system may comprise a scanner that may be configured to scan the one or more pre-defined areas or regions to detect the presence of the digital source identifier. If the digital source identifier is found, the system may determine that the virtual resource has been validated and authenticated.

Abstract: According to embodiments of the present disclosure, systems and methods for SPDM device and BMC pairing are provided. According to one embodiment, an Information Handling System (IHS) includes a Security Protocol and Data Model (SPDM)-enabled device conforming to a SPDM specification, and a Baseboard Management Controller (BMC) configured with computer executable instructions to provision a SPDM identity certificate of the BMC in the SPDM-enabled device, verify that the BMC has been paired with the SPDM-enabled device using the SPDM identity certificate, and when the authentication of the SPDM-enabled device fails, inhibit operation of the SPDM-enabled device in the IHS.

Abstract: Securing package delivery via unmanned aerial vehicles (UAVs), drones, robots, etc. is contemplated. The package delivery may include assigning a provenance certificate to a package scheduled for drone delivery, determining a plurality of vehicles to be used in transporting the package to an autonomous receiver, determining credentials assigned to each of the vehicles, pairing the credentials with the package to generate a delivery pairing, the delivery pairing identifying the credentials of the vehicles authorized to transport the package, and transporting the delivery pairing to each of the vehicles to prevent vehicles having certificates omitted from the delivery pairing from transporting the package.

Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.

Abstract: To provide a secure arithmetic processing environment even in a system with an unreliable hypervisor.

Abstract: A method for tracing system call execution includes instantiating, by at least one hardware processor of a compute node, a first process and a second process. The second process executes at the compute node as a child process of the first process. detecting a notification associated with a system call initiated by the child process. The child process is pause based on the notification. At least one permission associated with the system call is retrieved via the first process. A determination is made on whether to resume the child process based on the at least one permission.

Abstract: A method at a computing device, the method including placing a trace on a plurality of behaviors within a kernel on the computing device; generating data from the trace; assembling the data into an event; and formatting the event into a security sensor output. Further, a computing device having a processor and communications subsystem, wherein the computing device is configured to place a trace on a plurality of behaviors within a kernel on the computing device; generate data from the trace; assemble the data into an event; and format the event into a security sensor output.

Abstract: A method and a system for detecting an anomalous sequence of events in stream data are provided. The method includes: receiving a first set of raw data; analyzing the first set of raw data in order to determine a first event sequence; applying a first Hidden Markov Model (HMM) to the first event sequence in order to generate a first output; and determining, based on the first output, whether the first event sequence is classifiable as being an anomalous event sequence. The HMM is trained by using known sequences of normal events and event sequences that are known to be anomalous.

Abstract: A method at a computing device, the method including receiving security sensor data; normalizing the security sensor data to create normalized security sensor data; determining that an anomaly exists within the normalized security sensor data; and generating an alert based on the determining. Also, computing device comprising a processor, and a communications subsystem, where the computing device is configured to receive security sensor data; normalize the security sensor data to create normalized security sensor data; determine that an anomaly exists within the normalized security sensor data; and generate an alert based on the determining.

Abstract: A system and method for cybersecurity remediation based on a digital forensic finding is disclosed. In an embodiment, the method includes generating an inspectable disk from a disk of a resource deployed in a computing environment; mounting the inspectable disk at a mount point on a forensic analyzer; configuring the forensic analyzer to generate a forensic finding based on the inspectable disk; and initiating a remediation action based on the forensic finding.

Abstract: A system and method for iterative cybersecurity remediation based on a digital forensic finding is disclosed. In an embodiment, the method includes detecting a forensic finding, the forensic finding based on a forensic artifact detected on a disk of a resource in a computing environment; generating an inspectable disk based on the disk of the resource; inspecting the inspectable disk for a cybersecurity object based on the forensic artifact; and initiating a remediation action on the disk based on the cybersecurity object detected on the inspectable disk.

Abstract: A processor records in a memory a plurality of data interactions conducted using a first user device associated with a first user and determines a behavior log associated with the first user, wherein the behavior log stores events associated with the plurality of data interactions conducted using the first user device. The processor monitors a computing network for future events that are to occur in the computing network and determines based on the monitoring that a first future event is to occur in the computing network. The processor compares the first future event with the behavior log and determines that a first data interaction was previously conducted using the first device in relation to a second event that is associated with the first future event. The processor initiates the first data interaction in relation to the first future event using the first user device.

Abstract: Disclosed implementations include a method of detecting attacks on Machine Learning (ML) models by applying the concept of anomaly detection based on the internal state of the model being protected. Instead of looking at the input or output data directly, disclosed implementation look at the internal state of the hidden layers of a neural network of the model after processing of data. By examining how different layers within a neural network model are behaving an inference can be made as to whether the data that produced the observed state is anomalous (and thus possibly part of an attack on the model).

Abstract: A system and method for generating a compact representation of a computing environment having a remediated cybersecurity threat is disclosed. In an embodiment, the method includes generating an inspectable disk based on a disk of a resource in the computing environment; detecting a forensic artifact on the inspectable disk; traversing a security graph for a forensic finding based on the forensic artifact, wherein the security graph includes a representation of the computing environment; detecting a remediation node connected to a node representing the forensic finding; and initiating a remediation action, represented by the remediation node.

Abstract: A generation device includes generation circuitry configured to acquire information on software, extract a feature quantity of the software from the information of the software acquired, generate a cluster for each software on the basis of the feature quantity extracted, calculate a clustering result including a center of gravity of the cluster, match the clustering result calculated with the past clustering result when a distance between a center of gravity of a cluster included in the past clustering result calculated from information on malware is equal to or less than a predetermined value, and generate a graph representing a relationship between the software and the malware on the basis of a result of matching.

Abstract: Provided are methods, systems, and non-transitory computer-readable media for generating a feature vector for malware, including storing, in memory of a computing device, program code for a trained neural network that produces embedded representations for antivirus scan data; executing, by a processor of the computing device, the program code for the trained neural network to perform the operations of: (a) receiving an antivirus scan report (AVSR) for a malware file; (b) normalizing each label in the AVSR by separating the label into a sequence of tokens including a set of token strings; (c) embedding a first token and plural second tokens to generate an input sequence for the malware file; (d) inputting the input sequence into a neural model for producing antivirus scan data; and (e) outputting the antivirus scan data produced by the neural model as one or more feature vectors.

Abstract: A tampering detection device includes tampering detection circuitry configured to acquire an access frequency of a monitoring target file, calculate a number of times of scanning in a scan pattern for each monitoring target file on a basis of the access frequency acquired, and determine the scan pattern on a basis of the number of times of scanning calculated.

Abstract: A request is received to scan a package integration for a malicious dependency. A subset of dependencies of the package integration is determined that, if executed by an application, would be used. A known package cache is referenced to determine that at least a portion of a file of the subset was not previously scanned. A graph representation of the portion is generated, the graph representation including a tree with edges that connect the portion with one or more further dependent files that depend from the portion. The portion and its further dependent files are scanned for malware, and the known package cache is updated with the tree and with results of the scan. It is determined whether malware is within the package integration using the known package cache and the results of the scan, and an alert is output where malware is detected.

Abstract: A request is received to scan a package integration for a malicious dependency, the package integration to be integrated into an application. Using a known package cache, a subset dependencies of the package integration that have not been previously scanned is determined. Content of each file of the subset is input into a malware detection model, and an identification of an ambiguous pattern is received from the malware detection model. Responsive to receiving the identification of the ambiguous pattern, the ambiguous pattern is input into a severity model, and a level of severity that the ambiguous pattern would impose on an assumption that malware is present is received. Where the level of severity is above a threshold minimum level of severity, a query is transmitted to a generative machine learning model to determine whether malware is present.

Abstract: A behavioral system level detector and method that filters local alerts to generate system alerts with an increased confidence level is provided. The method includes receiving local alerts from a local detector that detects events from a processing unit, wherein each local alert comprises information of an event from the processing unit and a timing relationship for the event, filtering the local alerts to determine events indicating an undesirable behavior or attack, and responsive to the determination that there are events indicating the undesirable behavior or the attack, generating a system alert. The behavioral system-level detector includes a shared data structure for storing local alerts received from at least one local detector and system processing unit coupled to the shared data structure to receive the local alerts and coupled to receive state information from the processing units.

Abstract: A method of protecting networks may include detecting a compromised computing device associated with a security event generated by a unified security policy from a plurality of sites within a network. A context of the compromised computing device may be extracted. The context may be propagated to a controller. The method may further include fetching from an identity services engine (ISE), user identity associated with the compromised computing device, and provisioning the controller with a dynamic list and a data policy matching the dynamic list. The method may also include advertising the dynamic list and the data policy to at least one of the plurality of sites.

Abstract: Directed to implementing Internet of Things (“IoT”) functionality, and, in particular embodiments, implementing added services for OBD2 connection for IoT-capable vehicles. In various embodiments, a portable device (when connected to an OBD2 DLC port of a vehicle) might monitor wireless communications between a vehicle computing system(s) and an external device(s), might monitor vehicle sensor data from vehicular sensors tracking operational conditions of the vehicle, and might monitor operator input sensor data from operator input sensors tracking input by a vehicle operator. The portable device (or a server) might analyze either the monitored wireless communications or a combination of the monitored vehicle sensor data and the monitored operator input sensor data, to determine whether vehicle operation has been compromised. If so, the portable device (or the server) might alert the operator of the vehicle via a user interface and might initiate one or more remediation operations.

Abstract: The disclosed embodiments relate to method and/or device which is effective at cancelling or altering electrical signals or pulses, generated by, for example, digital electronic systems and components, that are induced, reflected or otherwise made present on the mains power supply conductors and/or the earthing or grounding conductor (if present.) The disclosed embodiments cancel these electrical signals thereby providing an effective means of preventing the exfiltration of various data from a computing or similar system by means of power line emissions. The disclosed embodiments may perform this subjugation by: altering the shape of the fundamental current and voltage waveforms and also altering and diminishing any non-fundamental frequency waveforms to a point where they are no longer measurable or detectable; and preventing the communication via inductive coupling of any electrical signals on mains current onto the grounding path or vice versa.

Abstract: Systems and methods provide an Information Handling System (IHS), comprising a host processor module and a secure control module. A baseboard management controller executes a process that binds the host processor module to the secure control module using a hash value calculated from characteristics of components of the first host processor module. The process to bind the first host processor module to the secure control module comprises retrieving hardware identity certificates from all SPDM-capable hardware devices in the first host processor module, retrieving firmware measurements from all SPDM-capable hardware devices in the first host processor module, calculating an initial hash value from the hardware identity certificates and the firmware measurements, and storing the initial hash value either in the baseboard management controller or in the security processor.

Abstract: An information handling system instantiates a system health monitor that detects a change to an attribute of the information handling system from a first state to a second state, compares the change to a policy related to the attribute, and remediates the change in response to determining that the change is critical.

Abstract: Embodiments described herein relate to methods, systems, and non-transitory computer readable mediums storing instructions for migrating BIOS settings to a new computational device. Using telemetry and other sources, one or more embodiments of the invention determine the identity of the one or more hardware elements and from that produces a compatible tree for the new computation device. The method then retrieves previous BIOS settings that are to be migrated, and determines, using the compatible tree, one or more BIOS settings of the previous BIOS settings that need to be changed. The BIOS is changed, and the updated BIOS settings are then migrated to the new computational device, wherein the BIOS on the new computational device is configured with the updated BIOS settings.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more processes may: provide a first chip select signal to a chip of an information handling system (IHS), which stores at least a portion of IHS firmware, while at least one processor of the IHS is executing processor instructions; determine that a second chip select signal is provided to the chip; provide, to an embedded controller of the IHS, a signal that indicates that the second chip select signal has been provided to the chip; receive a signal to boot the IHS; determine if the embedded controller has received the signal that indicates that the second chip select signal has been provided to the chip; if so, prevent the IHS from booting; and if not, permit the IHS to boot utilizing the at least the portion of the IHS firmware stored by the chip.

Abstract: Examples described herein relate to multiple processor sockets comprising processors connected thereto and first circuitry. The first circuitry is to: based on a first mode of operation: configure the multiple processor sockets to operate with a single memory address space and share interfaces and based on a second mode of operation: configure the interfaces accessible to the multiple processor sockets to provide isolated communications to processor sockets in different partitions and configure the multiple processor sockets to operate in independent memory address spaces.

Abstract: Methods, systems, and computer readable media for breach and attack simulation. An example method includes detonating malware within a sandbox; analyzing one or more impacts of the malware based on detonating the malware within the sandbox; generating, based on analyzing the one or more impacts of the malware, an executable malware emulation file; executing the executable malware emulation file on an endpoint system featuring an installed endpoint detection and response (EDR)-under-test solution; analyzing the performance of the EDR-under-test in response to executing the executable malware emulation file; and reporting one or more test results based on analyzing the performance of the EDR-under-test.

Abstract: Flaws in a codebase for an organization are triaged with a naïve Bayes classifier that determines likelihoods of triage decisions corresponding to actions (e.g., remediating via code change, deferring to due network mitigation, labeling as false positive) given the context of the flaw, application, and organization. The naïve Bayes classifier is trained on the triage outcomes of previously detected flaw instances in the codebase and provides interpretable results including feature-level likelihood scores of each triage approach. In addition to recommending the highest likelihood triage outcome provided by the naïve Bayes model, a flaw similarity model identifies previously triaged flaw instances from the organization to recommend more granular triage instructions that have been documented alongside the previous flaw instances.

Abstract: A method for checking the integrity of a compute node which is part of a network of compute nodes communicatively connected to one another, and on which at least one portion of a distributed application is executed. The method includes: providing test data for the compute node; generating test results by applying the at least one portion of the distributed application to the provided test data; and checking the integrity of the compute node by comparing the test results to expected results.

Abstract: The present disclosure is for systems and methods for data and model security in AI-based modeling approaches. Security techniques are applied at the user device level on edge devices to evaluate data and/or locally trained models for malicious content. Malicious content is detected and can be prevented from influencing central model updates or retraining.

Abstract: A device accesses a set of computer security alerts and generates a first training dataset comprising first training examples. Each first training example includes a computer security alert labeled with characteristics associated with a predetermined cause. The device trains an NLP model using the first training dataset for identifying a set of characteristics of a cause of the computer security alert. The device generates a second training dataset by generating variants of one or more of the accessed set of computer security alerts. Each generated variant computer security alert is associated with a variant set of characteristics of a variant cause of the variant computer security alert, and each second training example includes a generated variant computer security alert labeled as an above-threshold threat or a below-threshold threat. The device trains a neural network model to generate a measurement of threat of the computer security alert.

Abstract: A system may be configured for implementing targeted attacks on deep reinforcement learning-based autonomous driving with learned visual patterns. In some examples, processing circuitry receives first input specifying an initial state for a driving environment and user configurable input specifying a target state. Processing circuitry may generate a representative dataset of the driving environment by performing multiple rollouts of the vehicle through the driving environment, including performing an action for the vehicle from the initial state with variable strength noise added to determine a next state for each rollout resulting from the action. Processing circuitry may train an artificial intelligence model to output a next predicted state based on the representative dataset as training input. In such an example, processing circuitry outputs from the artificial intelligence model, an attack plan against the autonomous driving agent to achieve the target state from the initial state.

Abstract: In an exemplary embodiment, a method for managing a multimedia file related to a document is discloses. For instance, the method being performed by a first computing device. The method comprises, obtaining a multimedia file related to a document, generating character string data by encoding the multimedia file, generating a key value by encrypting the generated character string data, determining whether a key value equal to the generated key value exists in a pre-stored data table comprising a plurality of key values and character string data of the multimedia file corresponding to each key value, when the key value equal to the generated key value does not exist, storing the key value and the character string data in the data table by matching the generated key value and the generated character string data, and transmitting the multimedia file related to the document to the server so that server stores the multimedia file related to the document.

Abstract: Creating a replica of a storage system, including: receiving, by a first storage system from a computing device, data to be stored on the first storage system; reducing, by the first storage system, the data using one or more data reduction techniques; sending, from the first storage system to the second storage system, the reduced data, wherein the reduced data is encrypted; and sending, from the second storage system to a third storage system, the reduced data, wherein the reduced data is encrypted.

Abstract: This disclosure relates generally to data transmission between devices.

Abstract: The disclosure relates to, among other things, systems and methods for augmenting and/or otherwise supplementing content using watermarks. Consistent with embodiments disclosed herein, a user device such as a smartphone may be used to retrieve watermark information encoded in a watermark. The watermark information may comprise content that supplements an associated content item, link and/or location information that may be used to retrieve supplemental content, and/or the like. In some embodiments, the watermark information may comprise cryptographic and/or other access token information used to decrypt and/or otherwise access supplemental content.

Abstract: Aspects of the subject disclosure may include, for example, receiving one or more blocks of data for transmission to a destination, splitting the one or more blocks of data into a plurality of data shards, and communicating the plurality of data shards to the destination, wherein the communicating comprises providing a respective data shard of the plurality of data shards to a respective physical path of a plurality of physical paths to increase data security during the communicating. Other embodiments are disclosed.

Abstract: Provided is a file viewing system including: a comparison unit that compares biometric information of a comparison target person with biometric information of a person associated with an electronic file; and a viewing prevention unit that performs a process for preventing viewing of the electronic file based on a result of a comparison by the comparison unit.

Abstract: A centralized master data management system (CMDMS) includes a memory having instructions; and processing circuitry coupled to the memory, and being configured to execute the instructions, causing the processing circuitry to cause a graphical user interface (GUI) to be output by a user interface (UI), the GUI includes a first user input field configured to receive a first user input identifying an administrator to log in to the CMDMS; in response to a successful log in to the CMDMS, obtain master data from the memory, the master data being associated with the administrator; update the GUI to include a list of region configuration profiles (RCPs) managed by the administrator; and one or more functional elements, wherein each functional element trigger a respective action in response to being selected by the administrator; and authorize a user, within a predefined region, to be able to create and submit budget applications.

Abstract: In some examples, a computer-readable medium storing an outbound email quarantine (OEQ) tool includes computer-executable instructions, which, when executed by a processor, cause the processor to prompt a designated reviewer to determine whether to permit transmission of an outbound email in response to a quarantine status of the outbound email indicating that the outbound email is quarantined, where the designated reviewer is determined based on characteristics of the outbound email; modify a header of the outbound email to bypass the one or more DLP policies in response to an indication from the designated reviewer to permit transmission of the outbound email; and transmit the outbound email having the modified header.