A system and method for batched, supervised, in-situ machine learning classifier retraining for malware identification and model heterogeneity. The method produces a parent classifier model in one location and providing it to one or more in-situ retraining system or systems in a different location or locations, adjudicates the class determination of the parent classifier over the plurality of the samples evaluated by the in-situ retraining system or systems, determines a minimum number of adjudicated samples required to initiate the in-situ retraining process, creates a new training and test set using samples from one or more in-situ systems, blends a feature vector representation of the in-situ training and test sets with a feature vector representation of the parent training and test sets, conducts machine learning over the blended training set, evaluates the new and parent models using the blended test set and additional unlabeled samples, and elects whether to replace the parent classifier with the retrained version.

A method includes exposing a public cryptographic key associated with a peripheral device of a computing system to a guest running on the computing system. The method further includes receiving, from the guest, a message including a cryptographic nonce value encrypted with the public cryptographic key. The method further includes producing the cryptographic nonce value by decrypting the message using a private cryptographic key associated with the public cryptographic key. The method further includes using a shared cryptographic key generated from the cryptographic nonce value to access contents of a direct memory access (DMA) buffer associated with the peripheral device.

In an information processing apparatus, a second central processing unit (CICU) uses an alteration detection program stored in a second memory to perform alteration detection on a program to be executed at a time of activation of a first CPU stored in a first memory. In a case where no alteration is detected in the program to be executed at the time of activation, the second CPU activates the first CPU using the program to be executed at the time of activation, and uses the activated first CPU to switch a program to be executed by the second CPU from the alteration detection program stored in the second memory to another processing program stored in the first memory.

A key derivation provider (e.g., a key derivation enclave (KDE)) provides a stable key to trusted codes of application enclaves. The KDE receives, from a trusted code of an application enclave, a request for a key, the request including evidence of the trusted code of the application enclave and a specification of the key being requested. The KDE determines whether the evidence indicates that the trusted code of the application enclave is authorized to access the KDE. The KDE validates the request for the key against a key access policy for the requested key. Responsive to validating the request, the KDE obtains a master key corresponding to the specification of the key being requested, derives the requested key using materials of the obtained master key, and returns the master key to the requesting application enclave.

A robust, computationally-efficient and secure system is described for streaming content from a server to a client device via the Internet or another digital network. Various aspects relate to automated processes, systems and devices for securing a media stream with efficient yet effective digital cryptography. In particular, content may be transmitted in transport stream (TS) format in which all packets are encrypted (e.g., using a cipher block chain), in which control packets are exempted from encryption (e.g., using an electronic codebook), or in any other manner.

A storage apparatus includes a biological sensor configured to detect biological information on a user, an image acquisition unit configured to acquire, from an image capturing unit, an image that is captured around the user, an image processing unit configured to separate the image around the user into a line-of-sight direction image related to an image in a line-of-sight direction of the user and a peripheral image related to an image other than the line-of-sight direction image, an encryption unit configured to generate an encryption key for encrypting the line-of-sight direction image based on the biological information on the user, and encrypts the line-of-sight direction image by using the encryption key, and a storage control unit configured to store the line-of-sight direction image that is encrypted by the encryption unit in a storage unit.

Disclosed is a server for performing authentication or identification using biometric information including basic information and detailed information includes a storage for storing basic information and detailed information that are separately encrypted for each of a plurality of users, a communicator for communicating with an external device, and a processor configured to, based on separately encrypted basic information and detailed information being received from an external terminal device through the communicator, performing user authentication or user identification for the received basic information and detailed information by decrypting and comparing the stored encrypted basic information and the received encrypted basic information, and comparing the received detailed information with at least one piece of stored detailed information corresponding to a piece of basic information having a degree of similarity that is higher than or equal to a predetermined value and with the received basic information among the stored basic information.

An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.

One embodiment of this invention describes a method and apparatus for the use of Machine Learning to efficiently detect, identify, prevent, and predict cyber-attacks on Low Power and Low Complexity Sensor 100 (FIG. 1) networks that have low data transmission requirements, something that all current Machine Learning techniques are unable to accomplish due to numerous restrictions when applied to Low Power and Low Complexity Sensors. Low Power and Low Complexity Sensors are frequently found in various Internet of Things (IOT) network architectures. The IOT is a network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables them to connect and exchange data, providing more direct integration of the physical world into computer-based systems. However, this should not restrict the applicability of any potential embodiment of this invention as described in this patent application. A further understanding of the nature and the advantages of the particular embodiments disclosed herein may be realized by referencing the remaining portions to the specification.

This disclosure relates to, among other things, electronic device security systems and methods. Certain embodiments disclosed herein provide for protection of cryptographic keys and/or associated operations using both an operating system security service and a software-based whitebox cryptographic security service executing on a device. Leveraging operating system security services and software-based whitebox cryptographic security services may provide enhanced security when compared to using either service alone to protect cryptographic keys and associated operations. In additional embodiments, server-side cryptographic security solutions may be further used to enhance device security implementations.