Abstract: A system converts the data of data objects stored in a DDOS from one data format to another while the system is live and available to process requests for access to the data objects being converted. This process does not require taking the DDOS offline and also does not require locking a data object for the entire conversion of the data object.

Abstract: Various embodiments discussed herein enable the detection of malicious content. Some embodiments do this by determining a similarity score between content, computer objects, or indications (e.g., vectors, file hashes, file signatures, code, etc.) known to be malicious and other content (e.g., unknown files) or indications based on feature weighting. Over various training stages, certain feature characteristics for each labeled malicious content or indication can be learned. For example, for a first malware family of computer objects, the most prominent feature may be a particular URL, whereas other features change considerably for different iterations of the first malware family of computer objects. Consequently, the particular URL can be weighted to determine a particular output classification corresponding to malicious behavior.

Abstract: An apparatus may comprise an electronic circuit configured to perform one or more functions or operations, and a memory associated with the electronic circuit. The memory stores a customer-side circuit identification (ID) comprising watermark value combined with a pseudo-random number that is generated as a function of a seed value, wherein the seed value is based on a timestamp generated by computer. An external interface may be coupled to the memory, wherein the external interface provides read-access to the customer-side circuit ID.

Abstract: A device receives an access-key package. The access-key package comprises a signature. The device obtains a validation package. The validation package comprises a validation device ID and validation timestamp. The device validates the signature in the access-key package. The device also obtains an updated timestamp. The device then compares the validation timestamp to the updated timestamp.

Abstract: A computer-implemented method of permitting authentication of data added to an initial plurality of unique data items stored on a computer, all of the data items being converted via a one-way function to respective equal length unique digests (or hashes); and the hashes being stored as a linked dataset in which the value of each successive hash is dependent on the value of the previous hash combined with a new hash resulting from the hashing of the most recently added data. The most recent hash in the linked dataset (hash chain) is the cumulative result of all previous hashes in their original sequence, each hash in the dataset being unique to the most recently added data. Each cumulative hash is constructed by incorporating one or more pre-existing cumulative hashes into the source data, before the new hash is calculated.

Abstract: The present disclosure relates to systems, non-transitory computer-readable media, and methods for dynamically controlling ephemeral messaging threads and ephemeral message duration settings across computing devices while improving security by maintaining end-to-end encryption. In particular, in one or more embodiments, the disclosed systems can transmit encrypted ephemeral messages, including ephemeral message duration settings and ephemeral setting timestamps. The disclosed systems can decrypt received messages on receiving client devices and dynamically apply ephemeral message duration settings to different message threads. For example, the disclosed systems can modify existing duration settings at a receiving client device to match a received ephemeral message duration setting based on determining that the received ephemeral setting timestamp predates an existing setting timestamp.

Abstract: Described herein are systems and methods for host multihoming with no state synchronization between top-of-rack (ToR) switches coupled to multiple hosts. ToR switches of a multi-homing system share a virtual MAC address and respond to Address Resolution Protocol (ARP) requests and/or Neighbor Discovery (ND) solicitations for a default gateway IP address from the host with the virtual MAC address. Ports on a ToR switch may be configured either with a static ARP and/or ND entry, or be configured to learn via a discovery protocol. The lightweight host multihoming system may have modified flooding behavior, ARP/ND handling, and data path forwarding. ARP/ND traffic from a host is processed by a ToR switch, while other multicast traffic may be discarded. Embodiments of the host multihoming system provide a lightweight solution for software implementation with minimal changes imposed on the host or network design.

Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.

Abstract: A solid state drive (SSD) device includes: non-volatile memory, and volatile memory associated with an SSD device controller. In response to determining that the SSD device is to transition to a power saving mode, information is transferred from the volatile memory to a host memory of a host computer via a communication interface, and the at least some of the volatile memory is transitioned to an OFF state. In response to determining that the SSD device is to transition from the power saving mode to a normal operating mode, the at least some of the volatile memory of the SSD device is transitioned to an ON state in which the at least some of the volatile memory is capable of retaining data, and the information from the host memory is transferred to the volatile memory of the SSD device via the communication interface.

Abstract: A method by a wireless transmitting device for distinguishing between a quality of service (QoS) management frame and a non-QoS management frame is described. The method includes generating a frame that includes a frame header, wherein the frame header includes a frame control field, wherein the frame control field includes a partial traffic identifier or subtype (PTID/subtype) subfield, wherein the PTID/subtype subfield indicates whether the frame is a quality of service (QoS) management frame or a non-QoS management frame and transmitting the frame through a wireless medium.

Abstract: Methods and systems for a device identification system may be provided. The device identification system may determine an identity of a user device associated with a transaction. The identity may be determined by network address information, hard link information, soft link information, and/or other such information. The network address information may include IPv4 information, IPv6 information, a device ID, and/or other such information. The identity of the user device may be determined and a transaction conducted from the user device may be assigned a fraudulent transaction risk score according to the information. Transactions that are determined to be at a high risk of fraud may be reviewed or otherwise flagged and/or canceled.

Abstract: Data messages such as data packets in an IPv4 or IPv6 format are processed with a view to compression/decompression, using information obtained from sources other than the data packet itself, or the stream to which it belongs. This may involve additional dynamic processing defined in specifications identified by a shared marker, or obtained from an additional data source such as a static file, database application or the like. Embodiments described herein enhance this approach with a dynamic determination of data components.

Abstract: A system for signaling coordinated workers in a common goal through intelligent icons transferred across networks to computer screens. The system can comprise one or more electronic data processors. The system can also include a module configured to execute on the more or more electronic data processors, where the module can be configured to display a plurality of intelligent icons, each containing authorizing information that is retained in a file associated with a authorizing entity on a computer screen. The intelligent icons can be potentially loaned to authorized individuals on a list and used to authenticate users of the system with biometric, image, machine readable codes stored surreptitiously within the intelligent icon. Also, the intelligent icon can be used for friend-foe identification in battlefield and homeland security/border control scenarios.

Abstract: A method for a system includes receiving with a first transceiver of a first smart device, an advertisement signal from a stationary beacon, outputting with the first transceiver of the first smart device, a first ephemeral ID that is not permanently associated with the first smart device, to the stationary beacon, receiving with the first transceiver of the first smart device, a beacon identifier from a stationary beacon, outputting with a second transceiver of the first smart device, the first ephemeral ID, a first user identifier and the beacon identifier to an authentication service, storing in an association log in the authentication service, the first ephemeral ID, the first user identifier and the beacon identifier, and storing in a beacon log in the authentication service, a log of the stationary beacon including the first ephemeral ID.

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

Abstract: A methodology for requesting at least one signed security measurement from at least one module is provided. The methodology includes receiving the at least one signed security measurement from the at least one module; validating the at least one signed security measurement; generating a signed dossier including all validated signed security measurements in a secure enclave, the signed dossier being used by an external network device for remote attestation of the device.

Abstract: Methods and systems for providing data manifests as a service (DMAAS) are described herein. A first computing system, may generate a first data manifest comprising a first count parameter and a first hash parameter associated with a first data exchange transaction between the first computing system and a second computing system, store the first data manifest to a blockchain data store and transfer a data payload of the first data exchange transaction. The second computing system may analyze the data payload received via the transport mechanism, generate a second data manifest including a second count parameter and a second hash parameter and store the second data manifest to the blockchain data store. A DMAAS computing system facilitates access to the blockchain data store, identifies transmission errors, and triggers acceptance of data at the second computing system upon a successful data exchange transaction.

Abstract: A method for rendering a multimedia data stream tamper-proof and of evidential value when recorded in a block chain system reads and decodes the multimedia data stream to obtain multiple frames of data arranged in sequence, and calculates a hash value of each frame of data of the multimedia data stream. One or more items of data are selected from the multiple frames of data based on a predetermined rule and information as to properties of the one or more items of data is uploaded to the block chain system for recording purposes. A device for applying the method to a multimedia data stream is also disclosed.

Abstract: A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

Abstract: A set of security templates is maintained including first and second templates. The first template specifies time and location stamp authentication for a file, and contextual security conditions that must be met before the file can be accessed. The second template specifies the time and location stamp authentication, but not the contextual security conditions. One of the first or second security templates is applied to the particular file. When the second security template is applied, a GPS-crypto device adds a time and location stamp to the particular file. The particular file is signed using a private key associated with the GPS-crypto device to generate an authentication signature based on the time and location stamp. The authentication signature is added to the particular file to allow a recipient to verify the time and location stamp of the particular file using a public key corresponding to the private key.

Abstract: This disclosure provides systems, methods, and apparatuses for wireless communication. In some aspects, An example method includes receiving, from a second wireless communication device, a frame associated with one or more wireless sensing measurements, verifying an integrity of the received frame associated with a message integrity code (MIC) in the received frame, and obtaining one or more wireless sensing measurements associated with the received frame.

Abstract: Systems and methods for a machine learning based approach for identification of malware using static analysis and a machine-learning based automatic clustering of malware are provided. According to various embodiments of the present disclosure, a processing resource of a computer system receives a potential malware sample. A plurality of feature vectors is extracted from the potential malware sample and is converted into an input vector. A byte sequence is generated by walking a plurality of decision trees based on the input vector. Further, a hash value for the byte sequence is calculated and a determination is made regarding whether the hash value matches a malware hash value of a plurality of malware hash values corresponding to a known malware sample. Upon said determination being affirmative, the potential malware sample is classified as malware and is associated with a malware family of the known malware sample.

Abstract: A microcontroller includes a CPU and a cryptographic circuit, and when a first program uses the cryptographic circuit, the second program transmits installation information of the first program and encrypted program installation information to the cryptographic circuit. The cryptographic circuit decrypts the encrypted program installation information and compares it with the installation information of the first program. In the case of match, the use of the cryptographic circuit by the first program is permitted.

Abstract: Described herein are embodiments that provide out-of-band authentication for vehicular communications using Joint Automotive Radar Communications (“JARC” if singular, “JARCs” if plural). A method includes receiving, by a directional radio of a connected vehicle, a directional communication having a payload that includes the first temporary identifier and sensor data for a purported transmitter of the directional communication. The method includes initiating, by the directional radio and a radar of the connected vehicle, a set of JARCs with the purported transmitter to determine an authenticity status of the first temporary identifier. The method includes executing a vehicular action for the payload of the directional communication responsive to the authenticity status.

Abstract: A multi-functional authentication apparatus and an operation method for the same are provided. The multi-functional authentication apparatus integrates multiple communication modules into one device. A biometric authentication procedure is firstly performed when activating this multi-functional authentication apparatus. A security code is generated through a security authentication mechanism provided by this apparatus after reading biometric features. After that, according to a connection protocol, one of the communication modules of the multi-functional authentication apparatus is activated to connect with an external host. The security code is transmitted to the host via the communication module for identifying a user. The multi-functional authentication apparatus acts as an authenticator that allows a user to login to a computer system or obtain a network service after authentication.

Abstract: Some embodiments are directed to a keyed message authentication code (MAC) device (100) for computing a keyed MAC for an input message using encoded representations. The keyed MAC device may be configured to apply a sequence of compressions functions, at least one of which takes a state as input in an encoded representation.

Abstract: Techniques are disclosed for managing encrypted data stored in one or more blocks of a first data structure. One embodiment presented herein includes a computer-implemented method, which includes retrieving the encrypted data from the one or more blocks. The method further includes placing the encrypted data in a container object. The method further includes applying an encryption technique to the container object to generate an encrypted container object and a key. The method further includes generating a second data structure. A first block of the second data structure may include either the encrypted container object or information related to the encrypted container object.

Abstract: An embodiment of the present invention is directed to Branch Migration Tool that migrates accounts in an efficient manner. The Branch Migration Tool enables a user to select and copy key tables within the iDDA Global platform to a local instance. In addition, the Branch Migration Tool is transparent to clients with existing account numbers being retained.

Abstract: A system and method for providing multifactor authentication. A disclosed method includes receiving a request at a server to launch a new session for an application on a client device, generating a plurality of codes, each of the plurality of codes associated with a respective identifier, and forwarding the plurality of codes via a short messaging service (SMS) message to a user associated with the client device. The method further includes sending the respective identifier associated with a given code of the plurality of codes to the application and receiving a submitted code entered into the application from the client device. Once received, the method compares the submitted code with the given code associated with the respective identifier and authenticates the user in response to the submitted code matching the given code.

Abstract: Techniques are disclosed for migrating data objects stored by the source DDOS from the source DDOS to the target DDOS while at least the source DDOS is live and available to process requests for access to the data objects being migrated. The techniques also provide eventual consistency between data objects that are created, updated, or deleted in the source DDOS that are applicable to the migration and that occur while the migration is being performed.

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices across domains. Attestation information for an attester node in a first domain is received at a verifier gateway in the first domain. The attestation information is translated at the verifier gateway into translated attestation information for a second domain. Specifically, the attestation information is translated into translated attested information for a second domain that is a different administrative domain from the first domain. The translated attestation information can be provided to a verifier in the second domain. The verifier can be configured to verify the trustworthiness of the attester node for a relying node in the second domain by identifying a level of trust of the attester node based on the translated attestation information.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may transmit to a base station (BS), information indicating a medium access control (MAC) security capability of the UE. The UE may receive from the BS, a communication that includes an indication of a MAC security configuration for communications between the UE and the BS. The indication of the MAC security configuration may be based at least in part on the MAC security capability of the UE. Numerous other aspects are provided.

Abstract: An information processing apparatus includes a normal user interface (NUI) functional unit, a secure user interface (SUI) functional unit having a protection level higher than that of the NUI functional unit, and an input/output unit that receives an input of information and displays and outputs the information. The NUI functional unit causes the input/output unit to display a NUI screen which receives an input of a query and transmits, as a query, the query input via the NUI screen to the SUI functional unit. The SUI functional unit produces a summary corresponding to the query on the basis of certification data including a query and a summary corresponding to the query and causes the input/output unit to display a SUI screen having the query and the summary.

Abstract: In a cloud-based multiple client encryption and deduplication environment, secret plaintext data of a client is encrypted to produce ciphertext in an enclave comprising a trusted execution environment which is inaccessible by unauthorized entities and processes even with administrator privileges. Encryption is performed with an initialization vector and an encryption key calculated in the enclave. The encrypted ciphertext is deduplicated prior to storage by comparing a hash of the corresponding plaintext data to hashes of previously stored plaintext data.

Abstract: According to one aspect of the present disclosure, provided is a method for providing a notary service for a file, the method comprising the steps in which: (a) when a notary service request for a specific file is obtained, a server generates, by using a hash function, or supports the generation of, a message digest of the specific file; and (b) if a predetermined condition is satisfied, the server registers, in a database, or supports the registration of, a representative hash value or a value obtained by processing the representative hash value, the representative hash value being generated by calculating at least one neighboring hash value that matches a specific hash value, wherein the specific hash value is a hash value of the result of encrypting the message digest with a private key of a first user, a private key of a second user and a private key of the server.

Abstract: A detection device includes: an object data extraction unit that extracts, from one or more pieces of communication data which are transmitted from one or more electronic control units, at least part of a payload contained in communication data that satisfies a predetermined condition, information by which the communication interval between the communication data can be calculated, and a serial number of the communication data as object data; a partial sequence creation unit that creates, using the extracted object data, a partial sequence containing information corresponding to at least part of a payload and information indicating a communication interval from two or more pieces of object data with the same serial number; and a detection unit that detects, using the created partial sequence, predetermined communication data based on the order relation between at least part of a payload and the corresponding part of another payload and a communication interval.

Abstract: Aspects discussed herein relate to providing alerts to a community of devices located in or near a geographic are such as a building or property. The alerts override any alert-inhibiting state of the mobile device to deliver audio, visual, and/or haptic alerts in emergency situations. The communication and emergency alert system may be used to communicate with many different communities of people. Moreover, certain individuals may be members of more than one community at the same time, and the communities themselves may change over time based both on the user's preferences and on their physical locations. Multiple different alerts can be sent to different mobile devices for a single event. The alerts can be customized to particular mobile devices depending on the community to which the mobile device belongs for the event.

Abstract: A technique for oblivious filtering may include receiving an input data stream having a plurality of input elements. For each of the input elements received, a determination is made as to whether the input element satisfies a filtering condition. For each of the input elements received that satisfies the filtering condition, a write operation is performed to store the input element in a memory subsystem. For those of the input elements received that do not satisfy the filtering condition, at least a dummy write operation is performed on the memory subsystem. The contents of the memory subsystem can be evicted to an output data stream when the memory subsystem is full. The memory subsystem may include a trusted memory and an unprotected memory.

Abstract: A computer-implemented method includes determining, by a processor, an authenticity of a software object and its supply chain and providing an authenticity result indicative thereof; determining, by the processor, an integrity of the software object and its supply chain and providing an integrity result indicative thereof; and determining, by the processor, from the authenticity result and the integrity result, a score indicative of an amount of trust in the supply chain of the software object and in the software object, wherein the score is indicative of an amount of trust that the software object will work correctly if installed in a system that utilizes the software object.

Abstract: An operation method of a UE in a communication system includes receiving, from a base station, a security mode command message including information requesting reporting of capability information and security configuration information; identifying the security configuration information included in the security mode command message; and transmitting, to the base station, a security mode complete message including the capability information requested by the security mode command message.

Abstract: In one aspect, a system for managing data processes in a network of computing resources is configured to: receive, from an instructor device, a parent request for execution of at least one parent data process executable by a plurality of computing resources at least one computing resource; generate at least one child request for execution of at least one corresponding child data process for routing to at least one corresponding destination device, each of the at least one child data process for executing at least a portion of the at least one parent data process, and each of the at least one child request including a respective destination key derived from at least one instructor key; and route each of the at least one child request to the at least one corresponding destination device. The at least one child request can be obtained by a supervisor server via the routing.

Abstract: Methods, computer program products, and/or systems are provided that can perform the following operations: receiving a connection request from a first user device; creating an authentication container for the first user device; authenticating the first user device using the authentication container; in response to authentication for the first user device being successful, creating a first user request processing container for the first user device; and processing user requests received from the first user device using the first user request processing container.

Abstract: Techniques for providing data protection in an integrated circuit are provided. An example method according to these techniques includes determining that an unauthorized update has been made to software or firmware associated with the integrated circuit, and corrupting an anti-replay counter (ARC) value, maintained in a one-time programmable memory of the integrated circuit and used by the integrated circuit to protect contents of a non-volatile memory, responsive to determining that the unauthorized update has been made to the software or the firmware.

Abstract: Embodiments of the disclosure relate to a memory system and an operating method thereof. The memory system may decrypt first firmware which is stored in the memory device and is encrypted using a symmetric-key encryption algorithm, with a first key stored in the memory device, may generate a second key based on second firmware, which is obtained by decrypting the first firmware, first data stored in a first area in the memory controller, and second data stored in a second area in the memory device, and may drive the second firmware when the first key and the second key are the same.

Abstract: Techniques for securing communication. The techniques include using at least one device to perform: selecting a first operation from a plurality of operations, each of the plurality of operations associated with a respective type of data to be encrypted; generating first data to be encrypted at least in part by performing the first operation; encrypting both information identifying the first operation and the first data to obtain corresponding first ciphertext; and outputting the first ciphertext.

Abstract: The present disclosure is directed to systems and methods that include a beacon that includes an antenna; data storage configured to store a code that is calculated according to an algorithm and based on a first variable, the first variable being defined according to a first interval of time; and a processor configured to cause the code to be emitted by the beacon.

Abstract: Herein are techniques for dynamic aggregation of results of a database request, including concurrent grouping of result items in memory based on quasi-dense keys. Each of many computational threads concurrently performs as follows. A hash code is calculated that represents a particular natural grouping key (NGK) for an aggregate result of a database request. Based on the hash code, the thread detects that a set of distinct NGKs that are already stored in the aggregate result does not contain the particular NGK. A distinct dense grouping key for the particular NGK is statefully generated. The dense grouping key is bound to the particular NGK. Based on said binding, the particular NGK is added to the set of distinct NGKs in the aggregate result.

Abstract: A processing system of a vehicle having at least one processor may obtain, from a network-based security system, at least a first security code, apply a hash operation to a firmware code of the vehicle in accordance with the at least the first security code to generate a first hash value, and transmit the first hash value to the network-based security system. The processing system may then obtain from the network-based security system at least a first verification code, the network-based security system providing the at least the first verification code in response to a confirmation of the first hash value, apply the at least the first verification code to a verification function, and generate a signal to enable the operation of the vehicle, in response to a positive verification via the verification function.

Abstract: According to one embodiment, an electronic apparatus used in a vehicle generates a first to fourth log of the vehicle for a first to fourth period, a first to fourth code used to validity of the first to fourth log, a fifth code used to collectively determine a validity of the first log and the second log, a sixth code used to collectively determine a validity of the third log and the fourth log, and a seventh code used to collectively determine a validity of the first to fourth logs, and transmits the first to seventh codes to a server, and transmits the first to fourth logs to the server after a transmission of the first to seventh codes.