Abstract: The method includes identifying a computing device attempting to access content. The method further includes identifying a defined geographical boundary that is associated with the content, wherein the defined geographical boundary includes coordinates that define a geographical area that allows access to the content within the defined geographical boundary. The method further includes determining a geographical location of the computing device. The method further includes determining whether the geographical location of the computing device is within the identified defined geographical boundary.

Abstract: A system and method for managing consent for an enterprise to, for example, provide access to controlled data to another enterprise wherein the controlled data can be in the form of subject data records. The system includes a consent management module operative to associate a plurality of control levels with a subject data record and process a consent request requesting access to the controlled data. Access is determined based on the control levels associated with a subject of the controlled data, a requesting operator, and/or the controlled data itself, A control level data set comprising the control levels for use in controlling access to the controlled data and/or subject data records is stored in a database.

Abstract: Systems and methods for generation and use of short keys are disclosed. The systems and methods include the generation of a short key based on the location of a first device that requests the generation of the key. The short key is sent to the first device, which in turn communicates the short key to a second device, through a display, print receipt, direct communication, or other means. The short key is entered into the second device, which in turn communicates the entered short key to a server along with location information corresponding to the second device. The server authorizes communication between the first and second devices after it determines that the short key sent by the second device matches one of the keys active in a region corresponding to the location of the second device.

Abstract: An embodiment method for vehicle messaging includes obtaining initial trust information that includes a root public key (RPK), and obtaining a first pool of group certificate (GC) sets and a first vehicle authentication certificate that includes a first encrypted serial number. The method also includes: selecting from the first pool a first GC and a first group private key (Gpk); determining a first signature in accordance with a first message and a digest function; sending a first datagram that includes the first message and the first signature; receiving a second datagram that includes a second GC and a second signature, the second GC duplicating a GC in the first pool; receiving a third datagram that includes a third GC and a third signature, the third GC not duplicating any GC in the first pool; and verifying the second and third datagrams in accordance with the digest function and RPK.

Abstract: The disclosure relates to using a control service to control external access to APIs of IoT devices on a private network. An external application can request access to an API, and in response, the control service can monitor broadcasts from the IoT devices indicating what APIs they have available. If a match exists, the control service can request user authorization to allow the requested access. The user can grant or deny the requested access, and place limitations on the authorized access. The control service uses this information to open a connection between the requesting application and the IoT device having the requested API, and via this connection, the requesting application can access and control the device running the requested API.

Abstract: The present invention provides an operations, administration and maintenance (OAM) security authentication method and OAM packet transmitting/receiving devices. An OAM packet is authenticated by utilizing a random number and an authentication code. A threshold for the number of failed authentication is determined. If the number of failed authentication is greater than the threshold, the random number will be updated. According to the present invention, OAM packets constructed by malicious users or tampered with may be detected to increase security of OAM packets and avoid a denial-of-service (DOS) attack.

Abstract: A technique of performing knowledge based authentication (KBA) involves collecting activity data and time data based on operation of a mobile device, the activity data identifying an activity performed by the mobile device, and the time data identifying a time of the activity. The technique further involves generating a KBA question based on the activity data and the time data. The technique further involves providing the KBA question to a user to authenticate the user. Such a technique is capable of being performed by a remote server which communicates with the mobile device over time (e.g., in response to certain events, periodically, combinations thereof, etc.). Accordingly, the remote server is able to accumulate activity and time data which is not stored permanently (or perhaps even at all) by the mobile device, and then generate KBA questions based on that data.

Abstract: Some embodiments of cloud-based gateway security scanning have been presented. In one embodiment, some data packets are received sequentially at a gateway device. The data packets constitute at least a part of a file being addressed to a client machine coupled to the gateway device. The gateway device forwards an identification of the file to a remote datacenter in parallel with forwarding the data packets to the client machine. The datacenter performs signature matching on the identification and returns a result of the signature matching to the gateway device. The gateway device determining whether to block the file from the client machine based on the result of the signature matching from the datacenter.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as the legitimate human user. The system displays gauges indicating cyber fraud scores or cyber-attack threat-levels.

Abstract: A method includes receiving, at a server, a request from a DNS client. The request identifies a domain name to be resolved that is not able to be resolved by the server. The method includes identifying a hash of the domain name as being part of a set of hashes. The hash of the domain name identified at the server was computed using a first cryptographic technique. However, the hash can be computed by an external system using a second cryptographic technique. The first cryptographic technique is able to compute the hash in substantially fewer or substantially less complex operations than the operations required to compute the hash using the second cryptographic technique. The method further includes returning a result indicating that the domain name cannot be resolved, including returning an indicator identifying the set of hashes.

Abstract: Disclosed are provided a method and a system for network connection chain traceback by using network flow data in order to trace an attack source site for cyber hacking attacks that goes by way of various sites without addition of new equipment of a network or modification a standard protocol when the cyber hacking attack occurs in the Internet and an internal network.

Abstract: An Artificial Intelligence (AI) interface and engine is described that enables the monitoring and analysis of vehicle information to determine if the vehicle has had at least one of hardware and software maliciously changed, added, or removed. The AI interface may determine the presence of the maliciously changed, added, or removed hardware and/or software such as by receiving an emergency condition from at least one sensor that is in disagreement with another sensor.

Abstract: Embodiments for preventing data loss and allowing selective data access are provided. In some embodiments, the system and method are configured to receive task protocols and registration requests; determine an allowed list based on the protocols or requests, the list comprising registered data and codes needed to execute a task; allow a user to establish a connection to a device to execute the task on the device; identify data being transferred to and from the device; compare the data being transferred and the allowable list; and determine that at least some of the data being transferred is allowable.

Abstract: A method of obfuscating a code is provided, wherein the method comprises performing a first level obfuscating technique on a code to generate a first obfuscated code, and performing a second level obfuscating technique on the first obfuscated code. In particular, the code may be a software code or a software module. Furthermore, the first level obfuscating technique and the second obfuscating may be different. In particular, the second level obfuscating technique may perform a deobfuscation.

Abstract: A method and a terminal device for making multi-system constraint of a specified permission in a digital rights. A rights object related to content object is obtained by an executing device. The specific permission descriptions of the rights object include system constraint descriptions of a plurality of systems of the same type. The executing device obtains a corresponding system information in the device according to the system constraint descriptions and compares the system information in the device with the system information in the system constraint descriptions, so as to judge whether there is any system permitted in system constraint descriptions. If yes, it determines to permit executing the specific permission for the content object; otherwise, it determines not to permit executing said specific permission for the content object.

Abstract: A system includes a memory configured to store executable code and a processor operably coupled to the memory. The processor is configured to execute the code to receive a request from a developer of a first web application to provide a notification corresponding to the first web application, authenticate the developer using a client identifier, after authenticating the developer, receive a content of the notification and a first user identifier, and provide the content of the notification to at least one of a plurality of computing devices associated with the first user identifier, based on an account associated with the first user identifier. The system syncs the notification and a plurality of computing devices associated with the first user identifier, based on the account.

Abstract: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a plurality of processing devices communicatively coupled to the architecturally protected memory, each processing device comprising a first processing logic to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory, or preventing an unauthorized access to the architecturally protected memory; wherein each processing device further comprises a second processing logic to establish a secure communication channel with a second processing device of the processing system, employ the secure communication channel to synchronize a platform identity key representing the processing system, and transmit a platform manifest comprising the platform identity key to a certification system.

Abstract: In a network to which a plurality of electronic devices and a server are connected, an electronic key system controls locking and unlocking of ID information output of each electronic device. Each electronic device includes a switching device that locks or unlocks output of ID information of each electronic device. The server includes an availability changing unit and a management unit. The availability changing unit unlocks only one of the plurality of electronic devices and locks the other electronic devices. The management unit updates a state at which the locking of ID information output and the unlocking of ID information output are swapped between a pair of the electronic devices.

Abstract: In an embodiment, an apparatus includes a first logic to receive from a first node a synchronization portion of a message and to generate a set of state information using the synchronization portion, to synchronize the apparatus with the first node. The apparatus may further include a second logic to decrypt a data portion of the message using the set of state information to obtain a decrypted message. Other embodiments are described and claimed.

Abstract: A method and system for providing a plurality of tamperproof digital certificates for a plurality of public keys of a device by a certification authority wherein a respective signing request for requesting a digital certificate is initially created for each of a plurality of public keys, where the signing request for the ith public key is signed using the jth private key in accordance with a signing rule, the jth private key being dissimilar to the ith private key belonging to the ith public key, and wherein all signing requests are transmitted to the same certification authority in each case, and each signing request is verified in the certification authority, in which case a check is performed to determine whether the ith signing request has been signed using the jth private key in accordance with the signing rule.