Abstract: Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.

Abstract: The disclosed computer-implemented method for selectively encrypting controlled information for viewing by an augmented reality device may include (i) automatically identifying, at a computing device and using at least one of natural language processing and/or a pre-defined data loss prevention policy, a portion of a source text including controlled information, (ii) tokenizing the portion of the source text, and (iii) performing a security action that may include (A) generating a public key, (B) encrypting the tokenized portion of the source text with the public key to produce an encrypted marker, and (C) replacing the portion of the source text with the encrypted marker to produce a replacement document. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An electronic device is disclosed. An electronic device comprises a display, a communication circuit configured to communicate with a first peripheral device, a memory configured to store first authentication information associated with the first peripheral device, and a processor, wherein the processor is configured to control the electronic device to: broadcast a first message via the communication circuit, receive a connection request message from the first peripheral device receiving the first message, authenticate the first peripheral device based on the first authentication information associated with the first peripheral device in response to the reception of the connection request message, and transmit screen data being displayed on the display to the first peripheral device via the communication circuit based on the authentication being valid.

Abstract: A system according to this invention is directed to a virtual network system that prevents unauthorized registration, alteration, or occurrence of erroneous registration even if an operator is to create a network system including a virtual network function produced by a third party.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

Abstract: A data analysis apparatus includes: a processor; and a memory including a set of instructions that, when executed by the processor causes the processor to perform operations including: obtaining anomaly analysis results each including information identifying anomaly data of first and second vehicles provided with an in-vehicle network including one or more networks; identifying, for each of the first and second vehicles, a primary ECU having higher relevance to the anomaly data among ECUs connected to the in-vehicle network; identifying, for each of the first and second vehicles, ECUs connected to a network in the one or more networks to which the primary ECU is connected as a secondary ECU set; and identifying an ECU included in both of the secondary ECU set identified for the first vehicle and the secondary ECU set identified for the second vehicle and satisfying a predetermined condition as an anomaly-relevant ECU.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving first user input by a primary device from a primary input device, where the user input is provided by a user to the primary input device that is coupled to a primary device. Receiving second user input provided by the user to a secondary input device that is in communication with the primary device. Determining a user credential based on the first user input and the second user input, where at least one or the first input and the second input includes at least a portion of the user credential. Receiving an indication that the user is authentic based on the user credential, and, in response, enabling the user to further interact with the primary device.

Abstract: A controller is provided to construct and run a container from one or more encrypted container images without persisting any decrypted data from the one or more encrypted container images to non-volatile storage at any time. The controller may retrieve a container image with encrypted first data and encrypted second data, and may store the container image to non-volatile storage of a particular node. The controller may construct a container by mounting the container image as part of an encrypted file system of the container. During runtime execution of the container, the encrypted first data may be extracted and decrypted from the file system in response to a file system request for the encrypted first data, and the decrypted first data may be entered into volatile storage of the particular node while the encrypted first data and the encrypted second data are retained on the non-volatile storage.

Abstract: A method and protocol for determining linear combinations of a first and second point for an elliptic curve cryptography scheme, including determining a first scalar multiplication of the first point with a first scalar, the first scalar multiplication including performing iteratively in relation to the value of the first scalar either one of: doubling of the first point in Jacobian projective coordinates; or mixed addition with the first point in affine coordinates; determining a combination point by adding the second point to the resultant of the first scalar multiplication; obtaining an affine coordinate representation of the combination point; determining a second scalar multiplication of the combination point with a second scalar, the second scalar multiplication including performing iteratively in relation to the value of the second scalar either one of: doubling of the combination point in Jacobian projective coordinates; or mixed addition with the combination point in affine coordinates.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based decentralized-identifier authentication, are provided. One of the methods includes: obtaining, from a computing device, a request for creating an authentication challenge for a decentralized identifier (DID); obtaining, from a blockchain network, a DID document corresponding to the DID; retrieving a public key associated with the DID from the received DID document; creating the authentication challenge by encrypting a piece of original text using the public key to create a piece of ciphertext; obtaining information associated with an authentication service endpoint for the DID from the received DID document; sending, to the authentication service endpoint according to the obtained information, the created authentication challenge.

Abstract: An authorized local domain service (ALDS) is deployed in a local network and is authorized to provision endpoints with a cloud-based service on behalf of an organization. The ALDS receives, from a local domain service (LDS) deployed in the local network and configured to connect with and register endpoints in the local network for communications on behalf of the organization, an identity of an endpoint acquired by the LDS when the endpoint registered with the LDS. The ALDS identifies for the organization an account associated with the identity, creates in the cloud-based service for the organization an association between the identity and the account, and notifies the endpoint via the local domain service to onboard against the cloud-based service for access to the cloud-based service.

Abstract: The invention relates to a building or enclosure termination opening and/or closing apparatus (10) having communication signed or encrypted by means of a key, and to a method for operating such. To allow simple, convenient and secure use by exclusively authorised users, the apparatus comprises: a first and a second user terminal (14, 30), with secure forwarding of a time-limited key from the first to the second user terminal being possible. According to an alternative, individual keys are generated by a user identification (42) and a secret device key (40).

Abstract: A method for multi-tenant authorization includes receiving, from a user account of a multi-tenant computer system, a request for a resource of the multi-tenant computer system. The method further includes determining whether the resource corresponds to a local resource that is local to the user account or to a nonlocal resource that is not local to the user account. The method further includes identifying, by a processing device, a local access control policy of the user account, corresponding to the local resource, or a visiting access control policy of the user account, corresponding to the nonlocal resource. The method further includes determining that the identified access control policy of the user account comprises an access permission corresponding to the resource. The method further includes controlling access to the resource of the multi-tenant computer system based on the access permission.

Abstract: A signal modulation unit modulates an actuator control signal for controlling an actuator by using a modulation signal. A correlation calculation unit calculates, when a measurement signal indicating a physical state measured by a passive sensor is received from the passive sensor after a modulated actuator control signal being the actuator control signal having been modulated by the signal modulation unit is transmitted to the actuator, a correlation between the measurement signal received and a modulation signal used for modulation of the actuator control signal by the signal modulation unit. The signal determination unit determines whether or not the measurement signal is a legitimate signal by using a correlation value obtained by the correlation calculation unit.

Abstract: A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

Abstract: A method, device and machine-readable storage device for transferring data between identity modules is disclosed. Data is stored in one of a first removable storage module coupled to a donor communication device and a memory of the donor communication device, or both. A first portion of the data is provided to a server. The server provides the first portion of the data to a second removable storage module coupled to a recipient communication device responsive to a determination that a recipient communication device has a right to the data. Additional embodiments are disclosed.

Abstract: Provided are an unlocking method and a virtual reality device, including displaying A candidate icons, the A candidate icons including M password icons related to latest operations; in response to an operation of selecting an unlocking icon from the A candidate icons, acquiring the selected unlocking icon; and performing an unlocking operation according to the selected unlocking icon and the M password icons related to the latest operations. According to the unlocking method and apparatus provided by the embodiments of the present invention, by setting password icons related to latest operations, passwords can be updated in real time, so that the passwords are not easy to crack, and it is unnecessary to repeatedly and manually set the passwords.

Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Abstract: A method for providing different message information to users based on authorization level is disclosed. In one embodiment, such a method includes detecting an event, such as an error or abnormal termination, in a hardware or software product. The method generates a message in association with the event and determines an authorization level of a user intended to receive the message. In the event the user is associated with a first authorization level, the method includes first content in the message. In the event the user is associated with a second authorization level, the method includes second content in the message. The second content may be more comprehensive than the first content. A corresponding system and computer program product are also disclosed.