Abstract: A connector lock structure includes an insulating body, a plurality of terminals, a shell, a locking assembly, a sliding board, a pressing element and an unlocking tool. The insulating body is molded around the plurality of the terminals. The shell surrounds the insulating body. The locking assembly includes at least one lacking groove, and at least one elastic arm formed in the at least one lacking groove. The at least one elastic arm has a hook structure. The hook structure is cooperated with a blocking groove of a docking connector. The pressing element is mounted in the insulating body. The sliding board is slidably mounted under the pressing element. One end of the pressing element has a locking portion. The locking portion has a keyhole. The unlocking tool is inserted in the keyhole.

Abstract: In certain embodiments, systems and methods are provided for authenticating a user of a computing device. In some embodiments, a request to authorize a transaction associated with a user may be received, and a current location of the user may be determined. A determination of whether a threshold proximity exists (between the current location of the user and at least one location of at least one known associate) may be performed. The authorization request may be approved based on the determination of the threshold proximity. As an example, the known associate of the user may be determined from among a plurality of associates based on a geographical relationship between the location of the known associate and the current location of the user. The authorization request may be approved in response to a determination that the threshold proximity exists between the user's current location and the known associate's location.

Abstract: Methods and apparatus for creating a physically unclonable function for SRAM are disclosed. An example method includes decreasing a supply voltage of a memory array to a first voltage level, the first voltage level being below a normal operating voltage associated with the memory array, reading a first value of a bit cell after the supply voltage has been at the first voltage level, and determining a function based on the first value of the bit cell and a second value, the second value stored in the bit cell when the memory array is operating at a voltage level above the first voltage level, the function to represent an identification of a circuit including the memory array.

Abstract: In one aspect, a computerized method for automatically identifying and solving for vendor data abuse in an enterprise network, includes the step of implementing a vendor detection at one or more gateways of the enterprise network. The method includes the step of mapping a set of data along with any associated data attributes of the set of data that are being shared with a vendor via the one or more gateways. The method includes the step of detecting and identifying an access anomaly with respect to the set of data associated with a vendor access. The method includes the step of implementing a specified data minimization process to the access anomaly.

Abstract: The disclosure relates to an operating method for an autonomously operatable device. According to the method, sensor data relating to a current surroundings condition of the device are detected using at least one sensor device in an autonomous operating mode, and the sensor data is supplied to a control algorithm which is implemented as a machine learning algorithm and which learns in a self-contained manner. The control algorithm estimates the current surroundings condition of the device on the basis of the sensor data and makes a control decision. A degree of quality relating to the control decision is ascertained using a monitoring algorithm which is independent of the control algorithm, and the device is operated according to the control decision depending on the ascertained degree of quality of the control decision or the control decision is rejected and the device is set to a secure operating state.

Abstract: An example electronic device includes a first communication unit, a second communication unit, and a processor for performing control such that the second communication unit operates in a scan state in which an undirected advertising packet can be received when a preset IR signal is received from a remote control device through the first communication unit, acquiring identification information of a target device from the undirected advertising packet when the undirected advertising packet is received from the remote control device in the scan state, and providing a user interface (UI) for guiding a Bluetooth connection with remote control device when the acquired identification information of a target device matches identification information of the electronic device.

Abstract: The disclosed method may include detecting, by a control circuit coupled to a first read only memory (ROM) device and a second ROM device, a failure of a first output signal from the first ROM device to a common output. The first ROM device is connected to the common output and the second ROM device is disconnected from the common output. The method also includes switching, by the control circuit in response to detecting the failure, the common output from the first ROM device to the second ROM device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A set of redundant industrial control system communications/control modules includes at least a first communications/control module and a second communications/control module.

Abstract: A first apparatus sends a first random number to a second apparatus, where a vehicle carries the first apparatus and a first set. The second apparatus belongs to the first set. The first set further includes a third apparatus. The first apparatus communicates with the third apparatus using the second apparatus. The first apparatus receives a first message from the second apparatus. The first message includes first verification information to perform identity verification on the second apparatus. The first verification information is based on identity information of the second apparatus and the first random number. The first apparatus determines, based on the first verification information and the first random number, that the identity verification on the second apparatus has succeeded.

Abstract: A memory sub-system, such as a solid state drive (SSD), having host interface configured to receive at least read commands and write commands from an external host system. The SSD has memory cells formed on at least one integrated circuit die, and a processing device configured to control executions of the read commands to retrieve data from the memory cells and executions the write commands to store data into the memory cells. During an autonomous self-test operation of the memory sub-system, the memory sub-system is configured to generate random challenges of proof of space, generate using a proof of space plot, stored in the memory cells, responses to the random challenges respectively, and determine validity of the responses to evaluate health of the memory cells.

Abstract: The disclosed embodiments relate to authenticating devices to a cellular network. In one embodiment, a method is disclosed comprising reading a mobile identifier from a storage area of a memory device, the mobile identifier comprising a value associated with a subscriber of a cellular network; signing the mobile identifier using a private key to generate a digital signature, the private key generated using a physically unclonable function (PUF); transmitting the digital signature and a public key to a cellular network, the public key associated with the private key; and receiving, from the cellular network, a confirmation of access to the cellular network, the confirmation generated based on the public key and the digital signature.

Abstract: The present application provides a circuit design method and an associated circuit. The circuit design method is for generating a circuit, and the method includes: arranging a plurality of attack detection circuits around a specific circuit unit, wherein the specific circuit unit is in the circuit; determining a number of a plurality of spare cells required by the circuit according to a number of the attack detection circuit; and placing the spare cells in the circuit according to the number of the spare cells.

Abstract: An information handling system housing is secured against unauthorized access with a security device integrated in the housing that selectively enables and disables screw movement relative to threads disposed in the housing. For instance, a freewheeling nut in the housing interfaces with an actuator that selectively releases or holds the freewheeling nut relative to the housing. When released, a screw coupled to the freewheeling nut cannot rotate relative to the threads of the freewheeling nut so that the screw maintains the housing secured until the freewheeling nut is held in position to allow removal of the screw.

Abstract: A digital fingerprint generation circuit based on an integrated circuit is provided. In the digital fingerprint generation circuit, a control unit is configured to: generate a first control word and a second control word, and transmit the first control word and the second control word to a first clock generator and a second clock generator respectively, so that the first clock generator generates a first clock signal based on the first control word, and the second clock generator generates a second clock signal based on the second control word; and a frequency detector generates a digital fingerprint of the integrated circuit based on the first clock signal and the second clock signal.

Abstract: A matrix includes a plurality of volatile switches, each of the volatile switches including an active layer made of an OTS material, the plurality of volatile switches being divided into two groups in such a way as to form a message, each of the volatile switches of the first group having been initialized beforehand by an initialization voltage, none of the volatile switches of the second group having been initialized beforehand, the message being formed by the initialized or non-initialized states of each of the switches of the matrix.

Abstract: A device includes a memory. The device also includes a controller. The controller includes a register configured to store an indication of whether an ability of a received command to alter an access protection scheme of the memory is enabled. The received command may alter the access an access protection scheme of the memory responsive to the indication.

Abstract: Embodiments of systems are disclosed herein to detect tampering and/or provide evidence of tampering without human interaction or oversight. In the disclosed embodiments, tampering is detected and tamper evidence is provided by incorporating at least one tamper-evident assembly and at least one processing device within an enclosure. The tamper-evident assembly includes a tamper-evident fastener having an integrated circuit (IC) chip, which is embedded within the tamper-evident fastener and configured to transmit a data signal through the tamper-evident fastener to the at least one processing device when the tamper-evident fastener is coupled to a surface of the enclosure to secure a point of entry on the enclosure. In some embodiments, the at least one processing device is configured to detect tampering and/or provide evidence of tampering when the data signal transmitted from the IC chip is not received.

Abstract: A sensor may obtain sensor data. The sensor may transmit the sensor data to a controller via a sensor-controller interface. The sensor may determine, based on the sensor data, a security characteristic for the sensor data. The sensor may encrypt the security characteristic to generate an encrypted security characteristic. The sensor may transmit the encrypted security characteristic to the controller via the sensor-controller interface.

Abstract: A debug system includes a chip to be tested and a debug controller. The chip to be tested includes a circuit to be tested, a debug access circuit and a debug protection circuit. When a protection function is not enabled, the debug protection circuit enables a communication between the debug access circuit and the chip to be tested, the debug controller accesses the data of the chip to be tested via the debug access circuit for debugging the circuit to be tested. When the protection function is enabled, the debug protection circuit blocks the communication between the debug access circuit and the chip to be tested, the debug controller transmits a message to the debug protection circuit via the debug access circuit, and the debug protection circuit determines whether to disable the protection function according to the message.

Abstract: An information processing system includes: a first authentication unit that authenticates a user by a first method; a first providing unit that provides a service to the user authenticated by the first authentication unit; a second authentication unit that authenticates a user by a second method; and a second providing unit that provides a service to the user authenticated by the second authentication unit and also provides a service to the user authenticated by the first authentication unit in a case where the first method satisfies a condition determined according to the second method.

Abstract: Systems and methods are provided for authenticating a user of a computing device. An example system includes a memory storing instructions, and a processor configured to execute the instructions to receive an authentication request from a user of a computing device, determine a context of the authentication request, determine a physical location of the user, and perform, based on the context of the authentication request and the physical location of the user, an associate proximity detection. The associate proximity detection includes steps to identify an associate based on at least one of the context of the authentication request or the physical location of the user, determine a physical location of the identified known associate, and determine a proximity of the user to the identified known associate. The authentication request may be approved when the determined proximity is within a threshold.

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

Abstract: Agnostic domain communication via a user interface of a communication platform is described. A user interface associated with the communication platform can be presented via a client, wherein an instance of a first workspace of the communication platform that is associated with a first domain is presented via the user interface. A request to access a second workspace of the communication platform that is associated with a second domain that is different from the first domain can be received. Based at least partly on a determination that the request is associated with an attribute that satisfies a criteria, an instance of the second workspace can be presented via the user interface.

Abstract: Provided is a method for erasing security-relevant information in a device, having the method steps of: ascertaining at least one movement parameter of the device over time, monitoring the ascertained movement parameters over time on the basis of at least one prescribed movement pattern, and triggering an erase process for the security-relevant information if the ascertained movement parameter over time is consistent with the at least one prescribed movement pattern. An apparatus and a computer program product for carrying out the method to ensure that security-relevant data of the device are erased reliably and completely even in the event of an accident or another unforeseen event is also provided.

Abstract: Computer systems and methods are disclosed to implement a virtual machine monitor (VMM) that stores cryptographic keys for guest virtual machines (VMs) and securely executes cryptographic operations on the VMs' behalf using the stored cryptographic keys. The cryptographic keys are maintained in a key store that is accessible to the VMM but not accessible to the guest VMs. The cryptographic operations are executed in a manner that does not reveal the cryptographic keys to the guest VMs. In embodiments, the guest VMs may invoke the cryptographic operations via a device driver, a memory access interface, or some other mechanism. Advantageously, the guest VMs cannot obtain the cryptographic keys in their own memory space, so that the keys cannot be exfiltrated from the guest VMs. Embodiments of the VMM may be used to implement cryptographic operations such as request signing and verification, data encryption and decryption, and others.

Abstract: An integrated circuit (122) includes an on-chip boot ROM (132) holding boot code, a non-volatile security identification element (140) having non-volatile information determining a less secure type or more secure type, and a processor (130). The processor (130) is coupled to the on-chip boot ROM (132) and to the non-volatile security identification element (140) to selectively execute boot code depending on the non-volatile information of the non-volatile security identification element (140). Other technology such as processors, methods of operation, processes of manufacture, wireless communications apparatus, and wireless handsets are also disclosed.

Abstract: A portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure. One computer module is for Higher-Security applications (refer higher-security to as “red”) and the other is for Lower-Security applications such as email and internet (refer lower-security to as “black”). The two modules are coupled together to secure Peripheral Sharing Switch that enables intuitive user interaction while minimizing the security risk resulted from sharing same peripheral device.

Abstract: In some examples, a dock may determine that computing device is connected to the dock. The dock may authenticate the computing device, a user of the computing device, or both. The dock may select a policy based on the type (e.g., provided by a corporation or by the user) of the computing device, the type of user (e.g., employee, contractor, or visitor), or both. The dock may configure the dock to enforce the policy. For example, for one or more of the ports of the dock, the dock may enable a port, disable the port, monitor data sent and received using the port, restrict an upload and/or download speed of the port, prevent the port from accessing one or more locations (e.g., addresses or paths), or any combination thereof.

Abstract: An apparatus includes integrated circuitry (IC) and a further circuit. The IC includes internal circuits having sensitive/secret data (SSD) to be maintained as confidential relative to a suspect Hardware Trojan (HT) and including access ports through which information associated with the internal circuits is accessible by external circuitry associated with the HT. The further circuit to learn behavior of the internal circuits that is unique to the integrated circuitry under different operating conditions involving the internal circuits, involving the SSD and involving other data that is functionally associated with an application of the integrated circuitry.

Abstract: An electronic circuit includes a plurality of processing elements, a register bank, and a control circuit. The processing elements consume power by processing a plurality of operands to generate a plurality of result values. The register bank has a plurality of registers. The control circuit is configured to determine one or more unused processing elements among the processing elements by snooping one or more incoming operands and an instruction type, control routing of one or more random operands from the register bank to the unused processing elements, and control routing of a random result value generated by one of the unused processing elements into a trash register of the registers. The power consumed by the unused processing elements in the generation of the random result value and a write of the random result value into the trash register temporally blurs a total power consumed by the electronic circuit.

Abstract: An information processing apparatus includes a verification unit that performs verification of software to be executed by an execution unit, a retaining unit that retains information indicating a voltage supposed to be applied to the execution unit, a power supply unit that applies a predetermined voltage to the execution unit on the basis of the information, and a clock signal output unit that outputs clock signals having frequencies, and the clock signal output unit outputs a clock signal having a first frequency to the verification unit when verification of the software is performed, outputs a clock signal having a second frequency lower than the first frequency to the execution unit before the predetermined voltage is applied to the execution unit, and outputs a clock signal having a third frequency higher than the second frequency to the execution unit after the predetermined voltage is applied to the execution unit.

Abstract: An apparatus and a method for preserving the privacy of at least a user, wherein the method includes an authentication phase during which authentication information specifying a first level of access and a second level of access are detected, a determination phase during which it is determined, on the basis of the authentication information, whether the first or the second level of access is enabled, a first output phase during which at least one first set of personal information (P1) is outputted, through the output apparatus, if either the first level of access or the second level of access is enabled, and a second output phase during which at least one second set of personal information (P2) is outputted, through the output apparatus, only if the second level of access is enabled.

Abstract: An application-specific integrated circuit (ASIC) and method are provided for executing a memory-hard algorithm requiring reading generated data. A processor or state machine executes one or more steps of the memory-hard algorithm and requests the generated data. At least one specialized circuit is provided for generating the generated data on demand in response to a request for the generated data from the processor. Specific embodiments are applied to memory-hard cryptographic algorithms, including Ethash and Equihash.

Abstract: Disclosed is an electronic device that receives a first input received through a stylus pen connected with the electronic device through wireless communication in a lock state of the electronic device, identifies unlock history information by at least one user authentication method in response to receiving the first input, and changes a state of the electronic device to an unlock state, based at least partially on an existence of the identified unlock history information.

Abstract: Embodiments of the present application provide an acoustic sensing-based text input method, comprising: obtaining audio information corresponding to text to be input; dividing the audio information to obtain an audio segment for each letter to be recognized in the text to be input; sending to the server, a type of the text to be input, the audio segments for letters to be recognized, and arrangement of the audio segment for the letter to be recognized in the audio information; receiving input result returned by the server, and displaying, based on the input result, text information corresponding to the text to be input on the display screen of the mobile terminal. The method allows effective text input without relying on a display screen.

Abstract: A first fraction of an electrical stimulation is allocated to a first electrode. In response to user input, the first fraction of the electrical stimulation is fixed to the first electrode such that the first fraction is user-adjustable but cannot be automatically changed. In response to the first fraction being fixed to the first electrode, a respective second fraction of the electrical stimulation is automatically allocated to a plurality of second electrodes. The second fraction is a function of the first fraction and a total number of the second electrodes. Thereafter, a new electrode is added to, or deleting from, the second electrodes, while the first fraction is still fixed to the first electrode. The respective second fractions are automatically adjusted in response to the adding or the deleting, without affecting the first fraction of the electrical stimulation that has been fixed to the first electrode.

Abstract: Magnetic PUFs (Physical Unclonable Function) may utilizes a single 3-axis Hall-effect sensor for enrollment. When a PUF is manufactured, a Hall-effect sensor is used to model the PUF disk and store that data where it may be accessed. This process is called “enrollment.” This invention improves upon the PUF implementation by introducing controlled variability into the enrollment, the reading of the PUF data from the Hall-effect sensors (the number and position of read sensors), the sampling method of the read sensor(s), and the processing of the PUF data.

Abstract: A request is received from a security tool, the request relating to an event involving data records in a storage device. An application programming interface (API) is used to interface with secure storage functionality of the storage device, the secure storage functionality enabling a set of secure storage operations. A security operation is caused to be performed at the storage device involving the data records based at least in part on the request. In one aspect, the set of secure storage operations can include a direct read operation, a direct write operation, a copy-on-write operation, and a save-attempted-write operation.

Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) code. The examples detect whether a change has occurred to the SMM code based on the monitoring of the expected functionality. The change indicates that the SMM code is compromised.

Abstract: An authentication tag and a method for producing the same are disclosed. For example, the authentication tag includes a substrate, a correlation mark printed on a first part of the substrate, a key printed on the second part of the substrate, wherein a portion of the substrate is transparent, and at least one raised feature is printed on the substrate.

Abstract: Methods and systems are presented for providing enriched technical security data to a risk engine of an online service provider, and for adjusting security settings based on the enriched data. The enriched security data may be generated by recursively deriving additional security information from an initial security data input. The initial security data input may be associated with a risk source, such as a person or a device that submits an electronic request to the online service provider. Based on the initial security data input, the risk engine may recursively derive additional security information that enriches the initial security data input. The risk engine may then use the derived security information as well as the initial security data input to assess a risk level of the risk source, and then adjust a security setting of the online service provider based on the assessed risk level of the risk source.

Abstract: A mobile device allows transmission of additional outgoing application data requests in response to occurrence of receipt of data transfer from a remote entity, user input in response to a prompt displayed to the user, and a change in a background status of an application executing on the mobile device. Additional outgoing application data requests are foreground application requests.

Abstract: An electronic system includes a plurality of hardware devices and an authenticated circuit. The authenticated circuit is integrated, as fixed hardware, in the electronic system together with the plurality of hardware devices during a manufacturing process of the electronic system, the authenticated circuit configured to verify system integrity based on a system identification code provided from inside of the electronic system by at least one of the plurality of hardware devices, the system integrity indicating that a combination of the authenticated circuit and the plurality of hardware devices has not been modified since the manufacturing process, the authenticated circuit configured to perform a mining operation to generate a next block, the next block to be linked to a blockchain only in response to the authenticated circuit verifying the system integrity. Indiscriminate mining competition may be prevented or reduced in likelihood of occurrence.

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

Abstract: Techniques are described for energy scoring of a monitored property and users of the monitored property. A system provides users with information related to the efficiency of the monitored property and aggregates data over multiple monitored properties. The system computes and outputs a score for a monitored property that reflects efficiency of the property and/or the users of the property. The system may track how that score changes through time, and how it relates to neighboring properties. The score may be expressed as both a number and a percentile.

Abstract: At the start of an I/O cutover process that changes host computer access to a logical volume from a source data storage appliance to a destination data storage appliance, and during which processing of host I/O operations directed to the logical volume is frozen, at least one I/O freeze timer is set. In response to expiration of the I/O freeze timer, and prior to completion of the I/O cutover process, processing of host I/O operations directed to the logical volume is resumed.

Abstract: A device includes a memory. The device also includes a controller. The controller includes a register configured to store an indication of whether an ability of a received command to alter an access protection scheme of the memory is enabled. The received command may alter the access an access protection scheme of the memory responsive to the indication.

Abstract: A method for secure boot includes, in a processor, retrieving from a memory device a firmware boot code for bootstrapping a firmware of the processor. The firmware boot code is authenticated using an authentication key. In response to failing to authenticate the firmware boot code using the authentication key, an attempt is made to authenticate a recovery firmware code, which has reduced functionality relative to the firmware boot code, using a recovery key. Upon successfully authenticating the recovery firmware code using the recovery key, the firmware boot code is restored from a host, the restored firmware boot code is authenticated by executing the recovery firmware code, and the firmware is bootstrapped using the authenticated firmware boot code.

Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.

Abstract: A method for processing data in a plurality of processing acts includes: configuring a plurality of processing circuits in a first configuration, in such a way that both a first and a second of the plurality of processing circuits execute a first of the plurality of processing acts; and configuring the plurality of processing circuits in a second configuration, in such a way that the first processing circuit executes a second processing act and the second processing circuit executes a third processing act, which is different than the second processing act. An apparatus is designed for carrying out the method.