Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker; causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.

Abstract: A system includes a first computer including a processor programmed to receive, from a remote device, a first digital document including a digital signature from a server and specifying access to one or more vehicle systems for a user. The processor is further programmed to receive, from the server, a second digital document authorizing the specified access to the one or more vehicle systems; and provide, to the remote device, the specified access to the one or more vehicle systems based on the first digital document and second digital document.

Abstract: A key exchange device is provided that includes: a shared secret key storage in which shared secret information mkik which is information different from a secret key of the key exchange device is stored; an authentication information addition unit that generates authentication information ?i, by which authentication is performed and falsification is detected, for key exchange information ei, which is output to the outside, by using the shared secret information mkik; and an authentication information verification unit that receives key exchange information es and authentication information ?s corresponding to the key exchange information es from the outside, verifies the authentication information ?s using the shared secret information mkik, and, if the authentication information ?s is not successfully verified, stops a key exchange, and the shared secret information mkik is a value that is used in a generation process in a key exchange.

Abstract: In an approach to quarantining source code to prevent confidential information exposure, one or more computer processors store a pushed codebase associated with a user to an isolated quarantine area, wherein access to the quarantine area is restricted to the user through user interface code visibility enforcement and protocol code visibility enforcement. The one or more computer processors dynamically adjust a timeout period based on codebase complexity, user preferences, associated dependencies, codebase size, minimum execution temporal period for one or more scans, and system specifications. The one or more computer processors responsive to identifying one or more instances of confidential information, perform one or more remedial actions.

Abstract: Systems and methods for secure electric vehicle (EV) charging are provided. One embodiment includes an EV charger, where the EV charger includes a power management unit, a processor, a low power short range point-to-point communication system, a memory containing an authentication software application, where the processor is configured by the authentication software application to receive an authentication request from a mobile device via the low power short range point-to-point communication system, send encrypted EV charger access credentials to the mobile device, receive a digital token from the mobile device, verify the digital token, and initiate a charging session based upon a command contained within the digital token.

Abstract: A system for predicting future outcomes of dynamic and complex systems using simulation results driven by a parametric and blended analytic and modeling approach. A model engine and simulation engine in combination with a visualization engine using such an approach has been developed to produce geospatial and temporal context aware system models for use in generating predictive results which may be used to recommend future outcomes from continuously competing models derived from ingesting large amounts of varied but related data.

Abstract: A distance-based packet filtering method includes a maximum filtering distance calculating step, a vehicle distance calculating step and a packet filtering step. The maximum filtering distance calculating step is performed to configure a processing unit to calculate a maximum filtering distance according to a dynamic adjustment distance parameter. The vehicle distance calculating step is performed to configure a modem to obtain a host vehicle location message and a vehicle-to-everything (V2X) safety packet. The V2X safety packet includes a remote vehicle location message, and then the host vehicle location message and the remote vehicle location message are calculated to generate a vehicle distance. The packet filtering step is performed to configure the modem to compare the vehicle distance with the maximum filtering distance from the processing unit to generate a comparison result, and judge whether the V2X safety packet is a passed packet according to the comparison result.

Abstract: A method for creating a smart contract detailing an ordered set of events is disclosed. A smart contract can include information about multiple events and responses for each event. The events and response can be arranged in a predefined order. The responses can include adding new records to a blockchain.

Abstract: A tamper detecting component for a quantum communication system is a trusted node, configurable as a first endpoint trusted node, a middle-trusted node and a second endpoint trusted node. The trusted node has a tamper detection module and a secure memory. The tamper detection module deletes critical system parameters responsive to detecting physical tampering. The trusted node, as the first endpoint trusted node, exchanges a quantum key, encrypts data and transmits encrypted data. The trusted node as the middle-trusted node exchanges a quantum key, exchanges another quantum key, decrypts and re-encrypts data and transmits encrypted data. The trusted node as the second endpoint trusted node exchanges a quantum key, and decrypts data.

Abstract: A pseudonym certificate management method, performed by a pseudonym certificate management apparatus interworking with an external server, may comprise: receiving, from the external server, a pseudonym certificate in a state locked based on a root value identifiable only by the external server; periodically receiving an unlocking key for the pseudonym certificate from the external server; activating the pseudonym certificate with the unlocking key; and when the activated pseudonym certificate is abnormal, deactivating the pseudonym certificate.

Abstract: Novel tools and techniques for an IoT shell are provided. A system includes an internet of things (IoT) device, a database, and a license manager. The database may include one or more sets of authorized licenses, each set of authorized licenses associated with a respective vendor software. The license manager may be in communication with the IoT device and the database, and further include a processor and a non-transitory computer readable medium comprising instructions executable by the processor. The license manager may be configured to receive a request to reserve a license for a first vendor software, determine an availability of the license associated with the first vendor software, register a unique identifier of the IoT device in association with the license, and grant the license to the IoT device.

Abstract: Methods and systems for determining whether a software application that is executable by an electronic device is compliant under the Health Insurance Portability and Accountability Act (HIPAA) are provided. A software application is accessed over a network. A programmed computer processor is used to determine whether said software application, upon execution, is at or above an (i) access control threshold, (ii) audit control threshold, (iii) data integrity threshold, (iv) authentication threshold, and (v) transmission security threshold, which thresholds are minimum thresholds for HIPAA compliance. Additionally, a determination that said software application is HIPAA compliant is made if said software application, upon execution, is at or above (i) said access control threshold, (ii) audit control threshold, (iii) data integrity threshold, (iv) authentication threshold, and (v) transmission security threshold. Further, a determination as to whether said software application is HIPAA compliant is output.

Abstract: The present disclosure relates to the field of identity generation and verification systems and discloses a system and a method for generation and verification of identity of a subject associated with an organization. The system comprises an identity generation tool, an identity verification tool, and a validating server. The identity generation tool is installed in a first electronic device associated with the subject and is configured to generate an ephemeral identity instance for the subject based on its association record, a digital signature of the association record, and a one-time token. The identity verification tool is installed in a second electronic device associated with the verifier and is configured to receive the identity instance and verify the association record of subject using the digital signature. The validating server is configured to verify the validity status of the association record.

Abstract: Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Verification of a token communication to an IoT gateway that failed in turn to pass the token to another IoT gateway indicates that the IoT gateway is a threat that may include malicious code.

Abstract: During provisioning of a biometric device, a hardware root of trust is established between the biometric device and a server. The biometric device includes a cryptographic processor with a first encryption key stored in secure storage. The first encryption key is used to establish a mutually authenticated communication channel with the server. A set of additional encryption keys between the device and the server are established via the communication channel. Biometric data generated by the biometric device is encrypted using the additional keys and digitally signed. The server receives the encrypted and signed data via the communication channel and verifies the signature. Once the signature is verified, the biometric data is then decrypted. The server then processes the decrypted biometric data. Data that does not arrive via the communication channel, that fails the verification, or that fails decryption is deleted or disregarded.

Abstract: [Problem] A terminal registration system and a terminal registration method that enable the number of communication operations between terminals to be reduced are provided.

Abstract: Systems and methods include receiving a request, in a cloud system from a user device, to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the cloud system, the application, and the user device to provide access to the application.

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

Abstract: A processor of a device may provision a component of the device with a digital signature algorithm and an authentication key algorithm and/or server-provisioned private and/or public keys. The processor may generate one or more private keys and public keys and/or store them in a secure memory of the device. The processor may transmit the generated public keys to an owner server and receive a pedigree document in response, which may be signed with the private key. The owner server may determine a change in an ownership of the device and append the pedigree document in an immutable fashion in response to the determining to reflect the change in the ownership and/or sign the appended pedigree document with a private key. A chain of ownership of the device is verifiable using only information contained within the appended pedigree document and rooted in the processor itself.

Abstract: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.