A method for obfuscating deep learning (DL) models includes the step of training a DL model to obtain weights of operation (OP) layers in the trained DL model. The DL model includes an interface to a public application programming interface (API) that provides access to a compiler of an artificial intelligence (AI) processor. The method further includes the steps of obfuscating the DL model by changing a structure of the OP layers to produce an obfuscated DL model, and publishing the obfuscated DL model for access by devices. The obfuscated DL model is executable by the AI processor after compilation by the compiler on an edge device.

In one embodiment, a computer implemented method of a data processing (DP) accelerator providing a watermark of an artificial intelligence (AI) model to a host device includes receiving, by the DP accelerator, from the host device, the AI model, and a watermark-enabled kernel to the DP accelerator. The DP accelerator further receives from the host device, first input data to the DP accelerator that, when the first input data is used as input to the watermark-enabled kernel, generates a watermark of the AI model. The watermark is provided to the host device. In an embodiment, the method further includes receiving a signature kernel from the host device and calling the signature kernel to digitally sign the watermark. In an embodiment, the method alternatively includes calling a digital signature routine in a secure unit of the DP accelerator to digitally sign the watermark.

In one embodiment, a computer implemented method of a data processing (DP) accelerator providing a watermark of an artificial intelligence (AI) model to a host device includes receiving, by the DP accelerator, from the host device, the AI model, and a watermark-enabled kernel to the DP accelerator. The DP accelerator further receives from the host device, first input data to the DP accelerator that, when the first input data is used as input to the watermark-enabled kernel, generates a watermark of the AI model. The watermark is provided to the host device. In an embodiment, the method further includes receiving a signature kernel from the host device and calling the signature kernel to digitally sign the watermark. In an embodiment, the method alternatively includes calling a digital signature routine in a secure unit of the DP accelerator to digitally sign the watermark.

The present invention permits automated on-screen identification and obfuscation of sensitive data. The protective system receives a user's attempt to access sensitive data in a session, determines the user's level of access to sensitive data, and then obscures any sensitive data for which the user must supply credentials by placing at least one data field block over the sensitive data before the sensitive data is displayed on a desktop. As such the sensitive data cannot be seen by the user. The system can receive at least one credential from the user and compare it to at least one protective analytics rule in order to determine if it should remove the block and allow the user to view the sensitive data.

The present invention permits automated on-screen identification and obfuscation of sensitive data. The protective system receives a user's attempt to access sensitive data in a session, determines the user's level of access to sensitive data, and then obscures any sensitive data for which the user must supply credentials by placing at least one data field block over the sensitive data before the sensitive data is displayed on a desktop. As such the sensitive data cannot be seen by the user. The system can receive at least one credential from the user and compare it to at least one protective analytics rule in order to determine if it should remove the block and allow the user to view the sensitive data.

A method for securing an integrated circuit chip includes obtaining a first value from a first storage area in the chip, obtaining a second value from a second storage area in the chip, generating a third value based on the first value and the second value, and converting a first opcode command obfuscated as a second opcode command into a non-obfuscated form of the first opcode command based on the third value. The first value corresponds to a physically unclonable function (PUF) of the chip. The second value is a key including information indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command. The third value may be an inversion flag indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command.

A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

An artefact is received. Thereafter, features are extracted from the artefact and a vector is populated. Later, one of a plurality of available classification models is selected. The classification models use different scoring paradigms while providing the same or substantially similar classifications. The vector is input into the selected classification model to generate a score. The score is later provided to a consuming application or process. The classification model can characterize the artefact as being malicious or benign to access, execute, or continue to execute so that appropriate remedial action can be taken or initiated by the consuming application or process. Related apparatus, systems, techniques and articles are also described.

An artefact is received. Thereafter, features are extracted from the artefact and a vector is populated. Later, one of a plurality of available classification models is selected. The classification models use different scoring paradigms while providing the same or substantially similar classifications. The vector is input into the selected classification model to generate a score. The score is later provided to a consuming application or process. The classification model can characterize the artefact as being malicious or benign to access, execute, or continue to execute so that appropriate remedial action can be taken or initiated by the consuming application or process. Related apparatus, systems, techniques and articles are also described.

A method for blocking external debugger application from analysing code of software program installed on computing device. The method including initializing software program including an application program and an internal debugger application. The software program, upon initialization thereof, instructs internal debugger application to load application program in internal debugger application. The internal debugger application is configured to utilize kernel resources of an operating system of the computing device. The method includes executing internal debugger application to set one or more break-points in code of application program to define execution path for code of application program, executing application program as per defined execution path for code thereof, stopping execution of code of application program upon reaching any of one or more break-points therein, and handing control to internal debugger application to provide an address for next instruction to be executed in defined execution path for code of application program.