Systems and methods for detecting and/or identifying an attack on a battery management system (BMS) or a battery system. The voltage and/or state of charge (SOC) of the BMS or battery system can be monitored, and one or more datasets can be obtained. A principal component analysis (PCA) based unsupervised k-means approach can be applied on the one or more datasets to monitor for irregularities that indicate an attack.

A method of generating a predictive model for malware detection using federated learning includes transmitting, to each of a plurality of remote devices, a copy of the predictive model, where the predictive model is configured to predict whether a file is malicious; receiving, from each of the plurality of remote devices, model parameters determined by independently training the copy of the predictive model on each of the plurality of remote devices using local files stored on respective ones of the plurality of remote devices; generating a federated model by training the predictive model based on the model parameters received from each of the plurality of remote devices; and transmitting the federated model to each of the plurality of remote devices.

A system, method and computer program product for open innovation including an asset valuation device receiving asset information about tangible or non-tangible assets, and generating a valuation signal, based on the asset information; a self-executing code device receiving the valuation signal, and generating a self-executing code signal, based on the valuation signal; an air router device having both a low band radio channel, and an internet router channel for redundant internet communications, and a malicious code removal device for scrubbing malicious code from data received, receiving the valuation signal, and generating a node voting request signal, based on the valuation signal; and a mesh network having a plurality of node devices receiving the node voting request signal, and generating vote confirmation signals, based on the node voting request signal. Computing devices are connected to the node devices to perform problem solving, smart contract processing, and/or cryptocurrency mining.

An optical code scanner being operated using an algorithm is provided. The scanner may scan an optical label. The label may include machine-readable code. The scanner may derive a single set of instructions from the code or multiple sets of instructions from the code. The scanner may process the code. The processing may upload a set of instructions from the code to the scanner and store the set of instructions in an instructions library. The scanner may also derive a picture associated with the instructions and store the picture in the library. The scanner may display a plurality of pictures. Each of the pictures may correspond to a set of uploaded instructions stored on the scanner. Each of the plurality of pictures may be selectable by a user. In response to a user selection of a picture, the scanner may be configured to execute the uploaded instructions that correspond to the selected picture.

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

A system including a guest virtual machine with one or more virtual machine measurement points configured to collect virtual machine operating characteristics metadata and a hypervisor control point configured to receive virtual machine operating characteristics metadata from the virtual machine measurement points. The hypervisor control point is further configured to send the virtual machine operating characteristics metadata to a hypervisor associated with the guest virtual machine. The system further includes the hypervisor configured to receive the virtual machine operating characteristics metadata and to forward the virtual machine operating characteristics metadata to a hypervisor device driver in a virtual vault machine. The system further includes the virtual vault machine configured to determine a classification for the guest virtual machine based on the virtual machine operating characteristics metadata and to send the determined classification to a vault management console.

Examples relate to computer attack model management. In one example, a computing device may: identify a first set of attack models, each attack model in the first set specifying behavior of a particular attack on a computing system; obtain, for each attack model in the first set, performance data that indicates at least one measure of attack model performance for a previous use of the attack model in determining whether the particular attack occurred on the computing system; and update the first set of attack models based on the performance data.

Examples relate to model-based computer attack analytics orchestration. In one example, a computing device may: generate, using an attack model that specifies behavior of a particular attack on a computing system, a hypothesis for the particular attack, the hypothesis specifying, for a particular state of the particular attack, at least one attack action; identify, using the hypothesis, at least one analytics function for determining whether the at least one attack action specified by the hypothesis occurred on the computing system; provide an analytics device with instructions to execute the at least one analytics function on the computing system; receive analytics results from the analytics device; and update a state of the attack model based on the analytics results.

Vulnerability testing tasks can be received and distributed, via a work scheduler, to computer test environments. Each of the test environments can have a detector computing component running in the environment. Each detector component can respond to receiving one of the tasks from the work scheduler by conducting a vulnerability test on an endpoint of a target, detecting results of the vulnerability test, generating output indicating the results of the vulnerability test, and sending the output to an output processor. The work scheduler can initiate dynamic scaling of the test environments by activating and deactivating test environments in response to determining that the test environments are overloaded or underloaded, respectively. Also an overall time-based limit on testing for a target can be enforced via the work scheduler.