公开(公告)号：WO2022005664A1

公开(公告)日：2022-01-06

申请号：PCT/US2021/034677

申请日：2021-05-28

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： BETSER, Michael A.

IPC: H04L29/06 ,  G06N20/00 ,  G06F16/35 ,  G06F16/285 ,  G06F16/353 ,  G06F21/554 ,  G06F21/56 ,  G06F2221/034 ,  H04L63/0245 ,  H04L63/1425 ,  H04L63/1483

Abstract: An approach for clustering large sets of categorical data involves iteratively ordering the data points, partitioning the data into blocks based on the ordering, and clustering the data points within each block, where different iterations use different orderings and, thus, different partitionings. In some embodiments, the data points are represented by multi-dimensional categorical vectors, and the orderings are based on permutations of the categorical dimensions. The iterative clustering may be repeated for multiple successive time windows to track the clusters. Various applications of the disclosed clustering approach, including for cyber security, are also described.

公开(公告)号：WO2022212193A1

公开(公告)日：2022-10-06

申请号：PCT/US2022/021911

申请日：2022-03-25

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： GUPTA, Diwakar ,  SHEVADE, Upendra Bhalchandra ,  HU, Kaixiang ,  EDARA, Kiran Kumar ,  HALL, Shane Ashley ,  PARULKAR, Ishwardutt

IPC: H04L41/18 ,  H04L41/0806 ,  G06F9/445 ,  H04W12/00 ,  G06F21/53 ,  G06F21/577 ,  G06F2221/034 ,  G06F9/44505 ,  G06F9/44526 ,  G06F9/547 ,  H04L67/10 ,  H04L67/34 ,  H04W12/03 ,  H04W12/06 ,  H04W84/042

Abstract: Disclosed are various embodiments that provide customizable data-processing network functions for radio-based networks. In one embodiment, a data-processing network function is operated in a radio-based network for a customer. Input data is received from the customer to configure the data-processing network function to perform a customized function for the radio-based network. The data-processing network function is configured, in response to the input data, to perform the customized function when executed in the radio-based network.

公开(公告)号：WO2022212043A1

公开(公告)日：2022-10-06

申请号：PCT/US2022/020465

申请日：2022-03-16

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： CHEN, Ling Tony ,  DOMKE, Felix ,  CHOUDHARY, Ankur ,  LITTERELL, Bradley Joseph

IPC: G06F21/57 ,  G06F21/79 ,  G06F21/55 ,  G06F21/76 ,  G06F2221/034 ,  G06F2221/2135 ,  G06F2221/2143

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.

公开(公告)号：WO2022007574A1

公开(公告)日：2022-01-13

申请号：PCT/CN2021/099067

申请日：2021-06-09

Applicant: KYNDRYL, INC.

Inventor： LAKKUNDI, Abdul Kareem ,  ARADHYA, Siddalinga ,  KULKARNI, Santosh

IPC: G06F11/00 ,  G06F21/561 ,  G06F21/564 ,  G06F21/565 ,  G06F21/566 ,  G06F2221/034 ,  G06N20/00 ,  G06N5/04

Abstract: A plurality of blocks of a first storage device are monitored. The first storage device is related to a computer system. A subset of blocks of the plurality a compared to a first storage signature of the first storage device. Based on the comparing of the subset of blocks to the first storage signature, a security anomaly is determined on the computer system. In response to the security anomaly, a security action is performed. The security action is related to the computer system.

公开(公告)号：WO2021262545A1

公开(公告)日：2021-12-30

申请号：PCT/US2021/038039

申请日：2021-06-18

Applicant: APPLE INC.

Inventor： KOVAH, Xeno S. ,  SCHLEJ, Nikolaj ,  MENSCH, Thomas P. ,  BENSON, Wade ,  HAUCK, Jerrold V. ,  DE CESARE, Josh P. ,  JENNINGS, Austin G. ,  DONG, John J. ,  GRAHAM, Robert C. ,  FORTIER, Jacques

IPC: G06F21/57 ,  H04L29/06 ,  H04L9/32 ,  G06F21/575 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/034 ,  G06F9/4406 ,  H04L63/0823 ,  H04L63/123 ,  H04L63/126 ,  H04L9/0897 ,  H04L9/3226 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3268

Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.

公开(公告)号：WO2021257251A1

公开(公告)日：2021-12-23

申请号：PCT/US2021/033930

申请日：2021-05-24

Applicant: QUALCOMM INCORPORATED

Inventor： HALTER, Steven ,  ASBE, Samar ,  BALLESTEROS, Miguel ,  BHAT, Girish ,  NEMANI, Mahadevamurty

IPC: G06F21/57 ,  G06F21/62 ,  G06F21/572 ,  G06F21/575 ,  G06F2221/034 ,  G06F9/445 ,  G06F9/5016

Abstract: Resource access control in a system-on-chip (SoC) may employ an agent executing on a processor of the SoC and a trust management engine of the SoC. The agent, such as, for example, a high-level operating system or a hypervisor, may be configured to allocate a resource comprising a memory region to an access domain and to load a software image associated with the access domain into the memory region. The trust management engine may be configured to lock the resource against access by any entity other than the access domain, to authenticate the software image associated with the access domain, and to initiate booting of the access domain in response to a successful authentication of the software image associated with the access domain.

公开(公告)号：WO2022240563A1

公开(公告)日：2022-11-17

申请号：PCT/US2022/025664

申请日：2022-04-21

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： HEN, Idan Yehoshua ,  GROSSMAN, Ilay ,  DAVID, Avichai Ben

IPC: G06F21/55 ,  H04L9/40 ,  G06F21/554 ,  G06F2221/034 ,  G06F2221/2141 ,  G06N20/00 ,  G06N5/04 ,  H04L63/10 ,  H04L63/102

Abstract: A system to detect an abnormally permissive role definition, which can include an abnormally permissive custom role definition, and take action is described. The system receives a role definition for a security principal over a scope of resources in which the role definition includes a built-in role and a custom role. Permissions of the role definition and a creation event of the role definition are analyzed. A security score based on the role definition and creation event for the scope of resources is determined. An action is taken based on the security score and the creation event analysis.

公开(公告)号：WO2022237365A1

公开(公告)日：2022-11-17

申请号：PCT/CN2022/083880

申请日：2022-03-30

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： ZHOU, Yang ,  GIAGONE, Ronnie Salvador ,  ABUALHAOL, Ibrahim

IPC: G06F21/56 ,  G06F21/564 ,  G06F21/565 ,  G06F21/566 ,  G06F2221/033 ,  G06F2221/034 ,  G06N3/02

Abstract: Methods and systems for detecting whether an executable file comprises malware are disclosed. The methods and systems rely on various feature extraction and feature representation processes to allow patterns associated with Portable Executable (PE) files to be analyzed in an improved representation space. In one example, six different feature sets are extracted from a PE file and represented in six different feature spaces, before being input into a multivariate ensemble deep neural network-based model.

公开(公告)号：WO2022029340A1

公开(公告)日：2022-02-10

申请号：PCT/EP2021/072206

申请日：2021-08-09

Applicant: SOFTIRON LIMITED

Inventor： STRAW, Phil ,  LARMORE, Bryan K. ,  ANDERS, David P. ,  HARDWICK, Stephen ,  DRURY, Rob

IPC: G06F21/50 ,  G06F21/552 ,  G06F21/554 ,  G06F21/556 ,  G06F21/566 ,  G06F21/572 ,  G06F21/87 ,  G06F2221/034

Abstract: An apparatus includes an interface for an electronic device and a baseboard management controller (BMC). The BMC includes circuitry configured to, through the interface, monitor current usage by the electronic device, determine a security status of the electronic device based upon the current usage, and take a corrective action based upon the security status.

公开(公告)号：WO2022005647A1

公开(公告)日：2022-01-06

申请号：PCT/US2021/033956

申请日：2021-05-25

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： NEIL, Joshua Charles ,  ARGYLE, Evan John ,  BERTIGER, Anna Swanson ,  GRANIT, Lior ,  TSARFATY, Yair ,  KAPLAN, David Natan

IPC: H04L29/06 ,  G06F21/56 ,  G06F16/951 ,  G06F21/554 ,  G06F21/566 ,  G06F21/577 ,  G06F2221/034 ,  H04L63/1425 ,  H04L63/145

Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.