Abstract: A method of secure reception, in a card reader, of a piece of data entered into a terminal connected to the card reader. The method includes the following acts by the card reader: obtaining an encipherment reader key from the card reader; encrypting the encipherment reader key by using an authentic encipherment key shared between the card reader and an authentication server, delivering an encrypted reader key; sending the encrypted reader key to the authentication server for transmission of the reader key from the authentication server to the terminal; receiving an encrypted key sent by the authentication server, resulting from an encryption of a terminal key, obtained by the authentication server, by using the authentic key; and receiving encrypted data sent by the terminal, resulting from an encryption, by using at least the reader key and of the terminal key, of the at least one piece of data.

Abstract: A method comprises registering, by a first device having a public key, with a gateway server by providing a proof of work based on the first device public key and encrypting and decrypting data using cryptographic information transmitted via the gateway server between other devices similarly registered.

Abstract: Disclosed in some examples are devices, systems, and machine readable mediums for establishing peer to peer mobile wallet communications (P2PMW) over short range wireless communication networks. These P2PMW communications allow exchange of information between two wallet clients. Example communications include payments, providing identification, providing loans, and the like. The use of P2PMW communications opens up the prospect of anyone accepting payment from anybody else at any time. All that is needed is a computing device with a mobile wallet. Example short range wireless communications include Wireless LANs (WLAN) such as WIFI (e.g., communicating according to an Institute for Electrical and Electronics Engineers (IEEE) 802.11 family of standards), BLUETOOTH® or the like.

Abstract: The present disclosure provides various embodiments of systems and related methods to track and cryptographically verify system configuration changes. More specifically, systems and methods are disclosed herein to track an original system configuration of an information handling system (IHS) as the system was built by a manufacturing facility, and any system configuration changes that are made to the original system configuration after the IHS leaves the manufacturing facility. Once a user takes ownership of the IHS, systems and methods disclosed herein may be used to cryptographically verify a current system configuration of the IHS. In doing so, the present disclosure provides a way to authenticate or validate system configuration changes that may occur after the IHS leaves the manufacturing facility.

Abstract: A method includes receiving, by an embedded universal integrated circuit card (eUICC), first information from a local profile assistant (LPA), where the first information includes a first certificate issuer (CI) public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package from the OPS, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

Abstract: Embodiments described herein provide a tree-based key management protocol with enhanced computational and bandwidth efficiency. A tree structure including a plurality of nodes is formulated according to modules in a vehicle. A group key and a blinded key are computed for a leaf node from the plurality of nodes based at least in part on a multiplication operation defined in an ecliptic curve group. Or a group key and a blinded key are recursively computed for a non-leaf node based at least in part on a key derivation function and the multiplication operation involving a group key and a blinded key corresponding to nodes that is one level down to the non-leaf node.

Abstract: Systems, methods, and computing device readable media for implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange.

Abstract: Disclosed are various examples for enrollment of gateway enrollment for Internet-of-Things (IoT) device management. In one example, the gateway device transmits an enrollment request to a management service. The enrollment request includes enrollment credentials that are entered through a user interface. The gateway device receives gateway credentials that authenticate communications with a management service. Subsequent communications transmitted from the gateway device to the management service are authenticated using the gateway credentials.

Abstract: Disclosed are techniques for determining network configurations through machine logic from security certificates of destination computer devices in the network. When a security component of a network receives an incoming data packet sent to a destination computer device in the network, a security certificate is requested from the destination computer device. The security component then configures a set of network rules for forwarding data packets to the destination computer device based on information in the security certificate of the destination computer device. Properties of the incoming data packet are compared to the set of network rules to determine whether to forward the incoming data packet to the destination computer.

Abstract: A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.

Abstract: A cryptographic key management service receives a request, associated with a principal, to use a cryptographic key to perform a cryptographic operation. In response to the request, the service determines whether a rate limit specific to the principal is associated with the cryptographic key. If the rate limit is associated with the cryptographic key, the service generates a response to the request that conforms to the rate limit. The service provides the response in response to the request.

Abstract: A key server network device may install, on the key server network device, a new decryption key based on a timer-based key rollover setting and may provide, to peer network devices, messages identifying the new decryption key. The key server network device may utilize an original encryption key, to encrypt traffic, until all of the peer network devices provide acknowledgements of installation of the new decryption key. The key server network device may be configured to utilize the original encryption key based on the timer-based key rollover setting. The key server network device may generate an alarm. The alarm may include information indicating that the key server network device is waiting for the acknowledgements from one or more peer network devices and information identifying the one or more peer network devices.

Abstract: A communication device may receive a specific signal from a first external device; display a first instruction screen; in a case where it is instructed that the target process is to be executed in a situation where the first instruction screen is displayed, send a public key to the first external device, wherein in a case where it is not instructed that the target process is to be executed in the situation where the first instruction screen is displayed, the public key is not sent; after the public key has been sent to the first external device, receive an authentication request from the first external device; send an authentication response to the first external device; receive connection information from the first external device; and establish, by using the connection information, a wireless connection between the communication device and a second external device.

Abstract: A user device may connect to a wireless network despite the user device lacking the correct network credentials to access the wireless network. When the user device is unable to connect to a first network due to an incorrect network credential, the user device may automatically connect to a second network to obtain the correct network credentials associated with the first network. The network credentials associated with the first network may enable the user device to then connect and/or reconnect to the first network.

Abstract: Provided herein are compositions, devices, systems and methods for the generation and use of biomolecule-based information for storage. Additionally, devices described herein for de novo synthesis of nucleic acids encoding information related to the original source information may be rigid or flexible material. Further described herein are highly efficient methods for long term data storage with 100% accuracy in the retention of information. Also provided herein are methods and systems for efficient transfer of preselected polynucleotides from a storage structure for reading stored information.

Abstract: Techniques for providing localization at scale for a cloud-based security service are disclosed. In some embodiments, a system/method/computer program product for providing localization at scale for a cloud-based security service includes receiving a connection request at a network gateway of a cloud-based security service; performing a source Network Address Translation (NAT) from a registered set of public IP addresses associated with a tenant; and providing secure access to a Software as a Service (SaaS) using the cloud-based security service.

Abstract: Embodiments disclosed describe a security awareness system may adaptively learn the best design of a simulated phishing campaign to get a user to perform the requested actions, such as clicking a hyperlink or opening a file. In some implementations, the system may adapt an ongoing campaign based on user's responses to messages in the campaign, along with the system's learned awareness. The learning process implemented by the security awareness system can be trained by observing the behavior of other users in the same company, other users in the same industry, other users that share similar attributes, all other users of the system, or users that have user attributes that match criteria set by the system, or that match attributes of a subset of other users in the system.

Abstract: A Software in the Loop (SiL) system and method is disclosed which may include a simulator operable to provide an environment to simulate dynamic systems, enable rapid development, validation of systems, and testing of complex systems. The system and method may include assembling one or more unsecured models operable to simulate the real-world system. The system and method may then encrypt and generate at least one secured model from the one or more unsecured models using a first cryptographic key. The at least one secured model may be decrypted using a sealed decryption key. The decrypted secured model may then be executed within the one or more TEEs. The at least one secured model may be operable to process incoming data and outgoing data.

Abstract: A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.

Abstract: Developing a cyber security protocol to enable two members of a community to conduct a conversation without revealing neither their identity, nor the fact that a conversation took place. Secret randomized matching is used to allow people to claim certain personal attributes like age, place of residence, having a license, but without exposing their individual identity.