Abstract: The present disclosure relates to systems, non-transitory computer-readable media, and methods for utilizing a digital permission mapping model to dynamically map entity members to digital survey resource permission roles based on metadata corresponding to the entity members. In particular, in one or more embodiments, the disclosed systems implement permissions based on identification of various resource classes and attribute values corresponding to the digital resources. The disclosed systems can compare survey resource classes, survey attribute categories, and attribute values of requested digital survey resources to the resource permission role of a requesting entity member. The disclosed systems can manage the digital content based on the digital survey resource permission role and these determined comparisons.

Abstract: A computer implemented method of detecting anomalous behavior within a computer network, the method including accessing data records each corresponding to an occurrence of communication occurring via the computer network and including a plurality of attributes of the communication; generating, for each of at least a subset of the data records, a training data item for a neural network, the training data item being derived from at least a portion of the attributes of the record and the neural network having input units and output units corresponding to items in a corpus of attribute values for communications occurring via the network; augmenting the training data by replicating each of one or more training data items responsive to one or more attributes of the data record corresponding to the training data item; training the neural network using the augmented training data so as to define a vector representation for each attribute value in the corpus based on weights in the neural network for an input unit cor

Abstract: A motor vehicle stores a first one-way hash of a password and an encrypted value from a second one-way hash of the password. A method for authenticating a device with respect to the vehicle includes the following: a PACE procedure is carried out so that the device and the motor vehicle determine the same session key; the motor vehicle generates a communication key on the basis of the session key and the encrypted one-way hash; and the device generates the communication key based on the session key and the second one-way hash.

Abstract: A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal.

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

Abstract: A primary platform (PP) can (i) support a first set of cryptographic parameters and (ii) securely download an unconfigured secondary platform bundle (SPB) that includes a configuration package (SPB CP). The SPB CP can establish a secure session with a configuration server (CS). The CS can select operating cryptographic parameters supported by the first set. The SPB CP can derive an SPB private and public key. The PP can use the selected operating cryptographic parameters to securely authenticate and sign the SPB public key. The CS can (i) verify the PP signature for the SPB public key and (ii) generate an SPB identity and certificate for the SPB and (iii) send the certificate and SPB configuration data to the SPB CP. The SPB CP can complete configuration of the SPB using the SPB identity, certificate, and configuration data. The configured SPB can authenticate with a network using the certificate.

Abstract: Embodiments of the present disclosure provide a method, an electronic device, and a program product implemented at an edge switch for data encryption. For example, the present disclosure provides a data encryption method implemented at an edge switch. The method may include receiving encryption and decryption information for an encryption operation or a decryption operation from a source device. In addition, the method may include encrypting a data packet received from the source device based on encryption information in the encryption and decryption information to generate an encrypted data packet. The method may further include sending the encrypted data packet to a target device indicated by the data packet. The embodiments of the present disclosure can reduce the computing loads of Internet of Things (IoT) devices, clouds, and servers while ensuring encryption performance, and can also reduce the time delay caused by encryption and decryption operations.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for hardware-level encryption. An example method includes receiving an instance of information/data by processing circuitry; and disassembling, by the processing circuitry, the instance of information/data into a plurality of sections. The processing circuitry assigns each section of the plurality of sections a location in an allocated portion of memory. The locations are determined based at least in part on a quantum obfuscation map (QOM). The QOM is generated based on one or more quantum obfuscation elements (QOEs) corresponding to a quantum state of a quantum particle. The processing circuitry then causes each of the plurality of sections to be stored at the corresponding assigned location in the allocated portion of the memory.

Abstract: Described herein are a system and techniques for enabling user control over usage of their information by data consumers, even when untrusted parties are involved, while also preventing collusion between the untrusted party and a data consumer. A user's information may be collected by a client device and provided to a host server. An encrypted version of the user's information may be stored at the host server so that it is processed on a private enclave of the host server. When the data is to be provided to multiple data consumers, the data may be encrypted for each of the data consumers and may be released to each of those data consumers simultaneously once confirmation has been received that the data has been made available to each of the data consumers.

Abstract: A method for controlling a remote control device includes capturing with a biometric device biometric data associated with a user, determining with processor whether the user is authorized to interact with the smart device, in response to the biometric data, determining with the processor user data, in response to the user being authorized to interact with the smart device, receiving with a short-range transceiver an authentication request from a reader device associated with a remote control device, outputting with the short-range transceiver a session token in response to the authentication request and to the user data, thereafter determining with a physical sensor physical perturbations in response to physical actions of the user, determining with the processor a requested action for the remote control device, in response to the user data and the physical perturbations, and outputting with the short-range transceiver the requested action to the reader device.

Abstract: A crypto processor, a method of operating a crypto processor, and an electronic device including a crypto processor. A method of operating a crypto processor for performing a polynomial multiplication of lattice-based texts includes transferring coefficients of polynomials for the polynomial multiplication to multipliers, performing multiplications for a portion of the coefficients in parallel using the multipliers, performing an addition for a portion of results of the multiplications using an adder, and determining a result of the polynomial multiplication based on another portion of the results of the multiplications and a result of the addition.

Abstract: Systems, computer program products, and methods are described herein for dynamically generating linked security tests. The present invention may be configured to perform security tests on an application, generate, based on the results of the security tests, security test sequences that include at least one security test that the application failed, perform the security test sequences on the application, and, iteratively and until the application passes each security test sequence in an iteration, generate additional security test sequences. The present invention may be further configured to provide results of the security tests and security test sequences to one or more machine learning models to generate supplementary security test sequences and determine probabilities of the application failing the supplementary security test sequences.

Abstract: Secure communication between users and resources of an electrical infrastructure and associated systems and methods. A representative secure distributed energy resource (DER) communication system provides for the creation of trust rules that govern the permitted communications between users and resources of an electrical infrastructure system, and the enforcement of the trust rules.

Abstract: This disclosure relates to generating telecommunication network measurements. In one aspect, a method includes presenting, by a client device, a digital component that, when interacted with, initiates a call by the client device to a phone number specified by the digital component. A trusted program stores, in a presentation event data structure, a presentation event data element specifying the phone number and resource locator for a reporting system to which reports for the digital component are sent. The trusted program detects a phone call by the client device to a given phone number. The given phone number is compared to one or more presentation event data elements stored in the presentation event data structure. A determination is made that the given phone number matches the phone number specified by the digital component. In response, an event report is transmitted to the reporting system.

Abstract: The present disclosure includes apparatuses, methods, and systems for using a local ledger block chain for secure updates. An embodiment includes a memory, and circuitry configured to receive a global block to be added to a local ledger block chain for validating an update for data stored in the memory, where the global block to be added to the local ledger block chain includes a cryptographic hash of a current local block in the local ledger block chain, a cryptographic hash of the data stored in the memory to be updated, where the current local block in the local ledger block chain has a digital signature associated therewith that indicates the global block is from an authorized entity.

Abstract: Generally described, the presently disclosed technology utilizes durable and non-durable identifiers of a user device to authenticate the user device and cause the user device to be directed to a network intercept portal or captive portal to the user device based on whether additional user input is needed from the user device. A cloud network management server may identify a user device based on a previously stored association between a durable identifier associated with the user device and a non-durable identifier associated with the user device. In response to an indication from the cloud network management server that additional input is needed, a gateway or network management device can indicate to the access point that network access has been granted to the user device, but redirect the user device to network intercept portal or captive portal to obtain the additional user input requested by the cloud network management server.

Abstract: A network interface card, such as a SmartNIC, is used to provide encryption, such as network encryption virtual function (NEVF), for a virtual machine, so that a customer can control network keys in a virtual cloud network. The NEVF includes a memory device (e.g., SRAM) and a crypto processor (e.g., a crypto core). The memory device stores a crypto key. The crypto processor uses the crypto key to encrypt data to and from a virtual machine in the virtual cloud network. A key management system can be used to securely transfer crypto keys to the NEVF. Having one NEVF per virtual machine can enable a customer to manage the crypto key for a virtual cloud network.

Abstract: Techniques for continuous authenticity for captured data are provided. Data in form of analog or digital media including videos, images, and audio recordings, and sensed, detected, measured, observed, or otherwise recorded data may be authenticated with source information upon capture. The chain of custody of the authentication may be preserved throughout processing and distribution of the captured data through a distribution network assuring consumers of the data that data or source information for the data is not altered in any way or, if altered, it is done so for the purpose of preserving the authenticity of the data and reversing the process will render an unaltered version of the original data set. In some examples, the authentication and/or capture of data may be triggered by a predefined event to ensure data associated with the event is captured and preserved with authentication.

Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.

Abstract: Disclosed are various embodiments for extending cloud-based virtual private networks to radio-based networks. In one embodiment, a request from a client device to connect to a radio-based network is received. A virtual private cloud network of a cloud provider network to which the client device is permitted access is determined. The client device is provided with access to the virtual private cloud network through the radio-based network.