Abstract: A biometric authentication system is disclosed that provides authentication capability using biometric data in connection with a challenge for parties engaging in digital communications such as digital text-oriented, interactive digital communications. End-user systems may be coupled to devices that include biometric data capture devices such as retina scanners, fingerprint recorders, cameras, microphones, ear scanners, DNA profilers, etc., so that biometric data of a communicating party may be captured and used for authentication purposes.

Abstract: A portable electronic device is operable as a portable certification authority. The portable electronic device stores a pair of keys of a public key infrastructure, issued by a parent certification authority and generates a certificate dependent upon the pair of keys. The private key and corresponding public key certificate are transmitted to a network device of a second agency to allow the device to be authenticated by any node of the network of the first agency that posses anchor information of the parent certification authority. This enables the device of the second agency to be authenticated by a network node of the first agency.

Abstract: The technology disclosed is a method of testing handling of secure communication sessions of clients with servers by device or system under test (DUT). The method includes (i) establishing a secure communication session between the client and the server while the client and the server transitions past a standards-required verification step or validation step without performing the required verification or validation, (ii) establishing a secure communication session between the client and the server while the client and the server reuse standards-required security mechanisms without generating or obtaining new standards-required security mechanisms, or (iii) establishing a secure communication session between the client and the server while the client and the server generate and transmit content contrary to an established standard-based procedure that poses certain requirements of the content.

Abstract: The disclosed computer-implemented method for managing devices may include (i) intercepting outbound network traffic that is directed to an original target network destination, and (ii) redirecting the outbound network traffic to a virtual computing node within a publicly available on-demand cloud computing platform for the virtual computing node to apply a management policy to the outbound network traffic prior to the outbound network traffic arriving at the original target network destination, where a management service directs the performance of both configuring the computing device to redirect the outbound network traffic to the virtual computing node within the publicly available on-demand cloud computing platform and configuring the virtual computing node within the publicly available on-demand cloud computing platform to apply the management policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention provides a security authentication method, a configuration method, and a related device. A first terminal receives a public key for signature of a configuration device sent by the configuration device. The first terminal receives second signature information and second type information. The first terminal determines, according to at least the second type information and the second signature information, that the first terminal is to generate key information. In this way, the first terminal establishes a security connection between the first terminal and the second terminal. This effectively prevents a terminal from tampering with its role, and therefore effectively prevents a terminal from establishing a connection to an attacker terminal with a changed role, thereby further preventing the attacker terminal from obtaining information of the terminal, to effectively ensure security of the terminal.

Abstract: There is provided mechanisms for handling registration of data packet traffic for a wireless device in a communications network. A method is performed by a core network node. The method comprises registering an amount of data packet traffic in the communications network for the wireless device, wherein each data packet comprises an address of the wireless device, wherein the address is mapped to an identity of the wireless device, wherein the address comprises a first part defining an identity of a local network gateway of the wireless device and a second part defining the identity of the wireless device, and wherein selection of the second part is independent from the first part and the identity of the local network gateway. The method comprises mapping the amount of data packet traffic to the identity of the wireless device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for parallel-processing blockchain transactions are provided. One of the methods includes: obtaining a plurality of candidate transactions for adding to a blockchain; grouping the candidate transactions into one or more transaction groups; creating one or more copies of at least a portion of a data structure of a latest block of the blockchain; associating the one or more transaction groups respectively with the one or more copies of the data structure; executing the candidate transactions in each of the transaction groups and updating the associated copies of the data structure; and merging the updated copies of the data structure to obtain at least a portion of a new data structure of a new block to add to the blockchain.

Abstract: In a computer-implemented method for integrating a file system of a virtual machine into a native file explorer of a client system, a virtualization infrastructure that manages at least one virtual machine is accessed. The virtual machine is discovered. The file system of virtual machine is accessed. The file system of virtual machines is integrated with the native file explorer of the client system.

Abstract: Systems and methods for associated with an attestation service for enforcing payload security policies in a data center are provided. An example method includes sending artifacts, including at least one artifact purportedly associated with a root of trust system corresponding to a device, to an attestation service, wherein the at least one artifact comprises at least one policy attribute related to payload security in the data center. The method further includes the attestation service determining whether the at least one policy attribute is acceptable.

Abstract: Disclosed herein are techniques for protecting web applications from untrusted endpoints using remote browser isolation. In an example scenario, a browser isolation system receives a request from a client browser executing on a client device to connect with a remote application accessible via a private network. A surrogate browser is provided to facilitate communications between the client browser and the remote application. A security policy is enforced against the communications.

Abstract: An electronic control unit is connected to a network in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the network via the second control circuit. The second control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. Upon determining that the frame conforms to the first rule, the second control circuit transmits the frame to the first control circuit. The first control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule. The second rule is different from the first rule.

Abstract: A method for securely executing an item of software. One or more security modules are executed by a computer and a computer executes the item of software. The execution of the item of software includes, at at least one point during execution of the item of software at which a predetermined function is to be performed, attempting to perform the predetermined function. The attempt to perform the predetermined function including sending, to an address system, a request for an address of instructions for carrying out the predetermined function, the request including an identifier of the predetermined function; receiving, from the address system in response to the request, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the one or more security modules; and continuing execution of the item of software at the address received from the address system.

Abstract: Multiple elements are efficiently read from a secured array. A secure text array <a>=(<a[0]>, . . . , <a[n?1]>) where an array a=(a[0], . . . , a[n?1]) having a size of n is secured, secure text <x> of an integer x that is equal to or higher than 0 and less than n, and in integers i0, . . . , im-1 that are equal to or higher than 0 and less than n are input into an input part 11. A secure shift part 12 secure-shifts the secure text array <a> by <x> to obtain a secure text array <a?>=(<a?[0]>, . . . , <a?[n?1]>) where an array a?=(a?[0], . . . , a?[n?1]) obtained by shifting leftward the array a by x is secured. An array generation part 13 generates a secure text array <b>=(<a?[i0]>, . . . , <a?[im-1]>) from the secure text array <a?>.

Abstract: A method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system includes receiving a message comprising a message header and a message payload, and determining that the message is an unlock message configured to access one or more protected functions of the embedded node, at least by analyzing a bit sequence of one or more bits in the message header. The method also includes determining whether a manual control mechanism has been placed in a particular state by a human operator, and, based upon those determinations, either causing or not causing the embedded node to enter an unlocked state in which one or more of the protected functions are accessible.

Abstract: Apparatus and methods of operation of the apparatus that create a virtual machine and enable an Agent within the virtual machine to another Agent via a digital communications network and establish a communication channel for logical communications via the digital communications network. Communications transmitted and received according to the present invention proceed directly from a PeN agent to a second Agent without any storage or recordation of the transaction on an intermediate server. In some embodiments, the digital communications according to the present invention remain essentially imperceptible to network operators.

Abstract: In one embodiment, a discrepancy detection application automatically detects and addresses unauthorized activities associated with one or more authorization keys based on a request log and a provider log. The request log specifies activities that a client initiated, where the activities are associated with the authorization keys. The provider log specifies activities that a cloud provider performed, where the activities are associated with the authorization keys. In operation, the discrepancy detection application determines that one or more unauthorized activities have occurred based on comparing the request log to the provider log. The discrepancy detection application then performs an action that addresses the unauthorized activities.

Abstract: A bare metal resource includes a trusted portion and an untrusted portion. The trusted portion includes trusted hardware, an image repository, and a clearance manager. The clearance manager is executable during bootup of the bare metal resource to perform a clearance process on the untrusted portion, including deleting the BIOS in the untrusted portion and loading a trusted BIOS from the image repository on the untrusted hardware, to place the untrusted portion in a trusted state. The bare metal resource may be provisioned to a tenant of a cloud provider after being placed in the trusted state.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for providing passive continuous session authentication. An example method includes authenticating a session for a user of a client device. The example method further includes capturing a video stream and sensor data over a duration of time. The example method further includes deriving, from the captured video stream, a set of biometric attributes of the user. The example method further includes deriving, from the captured sensor data, a set of behavioral attributes of the user. Subsequently, the example method includes re-authenticating the session based on the derived set of biometric attributes and the derived set of behavioral attributes.

Abstract: A method, device and machine-readable storage device for transferring data between identity modules is disclosed. Data is stored in one of a first removable storage module coupled to a donor communication device and a memory of the donor communication device, or both. A first portion of the data is provided to a server. The server provides the first portion of the data to a second removable storage module coupled to a recipient communication device responsive to a determination that a recipient communication device has a right to the data. Additional embodiments are disclosed.

Abstract: The present disclosure describes system, application, and/or methods for enabling operation of a transducer probe with a medical imaging device. An example method includes the steps of retrieving a user identification code assigned to a user associated with an imaging device, retrieving a transducer identification code of a transducer probe from a memory of the transducer probe responsive to connecting the transducer probe to the imaging device, generating a temporary digital key based on the user identification code and the transducer identification code, retrieving a stored digital key from the memory of the transducer probe, verifying an association of the transducer probe including comparing the stored digital key with the temporary digital key, enabling operation of the transducer probe with the imaging device if the stored digital key matches the temporary digital key.