Abstract: The present technology relates to a signal processing device and a signal processing method for enabling reduction of a processing load while ensuring safety. The signal processing device includes a control unit that acquires designation information indicating a designated portion to be encrypted in output data and an encryption processing unit that encrypts the designated portion indicated by the designation information in the output data using a key. Furthermore, the designated portion indicated by the designation information is changed with time. The present technology can be applied to an in-vehicle camera.

Abstract: This disclosure provides methods and techniques of referencing row access policy (RAP) protected mapping tables in a RAP for a data table are disclosed herein. An example method of referencing a mapping table in a data table using nested RAP includes defining, by a processing device, a first access policy for the mapping table to control access by specific users or under specific conditions. The processing device further defines a second access policy attached to the data table referencing the mapping table. The processing device in response to a query, executes the second access policy of the data table to provide a response or operation of data associated with the data table and the mapping table. Executing the second access policy invokes executing the first access policy of the mapping table.

Abstract: Provided are mechanisms and processes for computational risk analysis and intermediation. Security practices information characterizing security measures in place at a first computing system may be received from the first computing system via a network. Computing services interaction information characterizing data transmitted from a second computing system to the first computing system may be received from the second computing system via the network. A processor may determine a risk profile for the first computing system based on the security practices information. Based on the risk profile and the computing services interaction information, the processor may then determine an estimate of the information security risk associated with transmitting the data from the second computing system to the first computing system. A risk assessment message including the estimate of the information security risk may be transmitted to the second computing system.

Abstract: A data privacy protecting tool operates on behalf of a user to watermark or otherwise fingerprint selected data provided to a digital service provider (DSP) sites/apps. The watermarked data can then be used to monitor a DSP's compliance with distribution or access rules for the user data.

Abstract: Systems and methods for controlling the exposure of data privacy elements are provided. The systems and methods may generate an artificial profile model. The artificial profile model may include a constraint for generating new artificial profiles. A signal may be received indicating that a computing device is requesting access to a network location. One or more data privacy elements associated with the computing device can be detected. An artificial profile can be determined for the computing device. The artificial profile may be usable to identify the computing device. The one or more data privacy elements may be automatically modified according to the constraint included in the artificial profile model. The method may include generating a new artificial profile for the computing device. The new artificial profile may include the modified one or more data privacy elements. The new artificial profile may mask the computing device from being identified.

Abstract: A peer to peer (P2P) system and method for sharing encrypted digital content may be used in a content delivery network system.

Abstract: A method for biometric authentication is disclosed. Reference biometric data established at a first device can be stored at a backend server computer. The server computer can then provide the reference biometric data with a second device when needed for biometric authentication at the second device.

Abstract: A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

Abstract: Apparatus and methods describe herein, for example, a process that can include receiving a potentially malicious file, and dividing the potentially malicious file into a set of byte windows. The process can include calculating at least one attribute associated with each byte window from the set of byte windows for the potentially malicious file. In such an instance, the at least one attribute is not dependent on an order of bytes in the potentially malicious file. The process can further include identifying a probability that the potentially malicious file is malicious, based at least in part on the at least one attribute and a trained threat model.

Abstract: A method, system, and computer-usable medium are disclosed, comprising: initiating a web transaction between an endpoint device and a target web server; automatically switching between a first communication mode and a second communication mode in response to one or more communication performance conditions associated with conducting the web transaction, where the endpoint device communicates with the target web server using an intermediate proxy server in the first communication mode; and the endpoint device communicates with the target web server without using the intermediate proxy server in the second communication mode. Other embodiments include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Abstract: According to an example aspect of the present invention, there is provided a method comprising: generating a certificate comprising an identifier of a base station, a public key of the base station, and a public key of a terminal; signing the certificate by a signature based on a private key belonging to the public key of the base station; sending the signed certificate to the terminal using an established security association; monitoring whether the base station receives a request for local authentication of the terminal, wherein the request comprises an encrypted certificate unit and a base station identifier; checking whether the base station identifier is the identifier of the base station and, if it is, decrypting the encrypted certificate unit using the private key; and using the public key of the terminal for a communication with the terminal if the certificate unit comprises the signed certificate.

Abstract: Described embodiments provide systems and methods for detecting autonomous programs is provided. A device, intermediary to a plurality of clients and a plurality of servers, can receive a first request from a first client of the plurality of clients to a server of the plurality of servers via a connection between the device and the first client. The device can include, into a response from the server to the first client, a uniform resource locator (URL) comprising one or more randomly generated characters within a predetermined character space. The device can determine that the first client has an autonomous program responsive to receiving a second request from the first client using the URL. The device can terminate, responsive to the determination, the connection to the first client.

Abstract: A secure module can be configured to: provide the trusted execution environment; and load secure-software for processing in the trusted execution environment to perform operations. The operations can include generating a private key and a corresponding public key; maintaining the private key in the trusted execution environment; receiving at least one attestation request from at least one attestation server; responding to the received attestation requests with attestation responses generated with the private key; initiating encrypted connections with client devices using the private key, the encrypted connections having an endpoint within the trusted execution environment such that contents of the encrypted connections are secure from observation and manipulation by other operations outside of the secure module and outside of the client devices; and communicating data with the client devices through the encrypted connections.

Abstract: A vehicle communication system, including plural control devices configured to carry out communication with one another, wherein a transmitting device and a receiving device each include a memory and a processor. The processor at the transmitting device generates first authentication information based on a message and the encryption key, and in a case in which there is an abnormality at the encryption key, transmits the predetermined authentication information and the message to the receiving device. The processor at the receiving device generates second authentication information based on the encryption key and the received message, collates the first authentication information and the second authentication information, and authenticates the message, and in a case in which, after starting-up of the receiving device, authentication has not succeeded even once, and the received first authentication information and the predetermined authentication information match, accepts the received message.

Abstract: Methods and apparatus are disclosed for facilitating online storage of files (e.g., audio tracks, video, etc.) for playback/access or sale/exchange by the owners of the files without violating copyrights that copyright holders have in the files. For example, by providing a playback service that does not store additional versions of an audio file when the file is transmitted to, and immediately played on, a user device without buffering, the present invention avoids violating copyright laws by not making copies of the file. Numerous other aspects are disclosed.

Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Abstract: Technologies are shown for session centric access control of a remote connection that involve receiving a connection request, redirecting the request to a trusted authority, and receiving a redirection of the request along with a profile or role determined for the client. A container is created for a remote connection with a certificate and a public key along with an identifier for each endpoint authorized in association with the profile or role determined for the client. Single use credentials are created and a secure shell initialized for the remote connection using the credentials, certificate and public key. The secure shell is presented to the client and the credentials expired. When an access request for an endpoint is received via the shell, it is determined whether an identifier corresponding to the requested endpoint is stored in the container for the shell and, if so, access is allowed to the requested endpoint.

Abstract: A method is provided for obfuscating program code to prevent unauthorized users from accessing video. The method includes receiving an original program code that provides functionality. The original program code is transformed into obfuscated program code defining a randomized branch encoded version of the original program code. The obfuscated program code is then stored, and a processor receiving input video data flow uses the obfuscated program code to generate an output data flow.

Abstract: Embodiments of the present invention provide a system for establishing permanent records based on micro-interactions. In particular, the system may be configured to identify initiation of an event based on receiving first set of interaction requests from user devices of one or more users, initiate a first set of micro-interactions, wherein initiation of the first set of micro-interactions comprises transferring resources to one or more resource pools associated with the one or more users, identify completion of the event based on receiving a second set of interaction requests from the user devices of the one or more users, revert the first set of micro-interactions, wherein reverting the first set of micro-interactions comprises transferring the resources back from the one or more resource pools associated with the one or more users, and create a permanent record associated with the initiation of the event and the completion of the event.

Abstract: A server interacts with a bot detection service to provide bot detection as a requesting client interacts with the server. In an asynchronous mode, the server injects into a page a data collection script configured to record interactions at the requesting client, to collect sensor data about the interactions, and to send the collected sensor data to the server. After the client receives the page, the sensor data is collected and forwarded to the server through a series of posts. The server forwards the posts to the detection service. During this data collection, the server also may receive a request from the client for a protected endpoint. When this occurs, and in a synchronous mode, the server issues a query to the detection service to obtain a threat score based in part on the collected sensor data that has been received and forwarded by the server. Based on the threat score returned, the server then determines whether the request for the endpoint should be forwarded onward for handling.