Abstract: To keep safety of a network and to facilitate connection to the network. An information processing apparatus comprises a communication unit and a control unit. The communication unit is directed for receiving a connection authentication request from a new device other than a plurality of devices configuring a network in which the plurality of devices make wireless communication on a one-to-one basis to be mutually connected. Further, the control unit is directed for transferring the connection authentication request to the plurality of devices in a case of receiving the connection authentication request, and for performing control to permit the new device to connect to the network on the basis of the responses to the connection authentication request from the plurality of devices.

Abstract: According to an embodiment, an information processing device includes a prior verifying unit, and an execution control unit. The prior verifying unit is configured to verify integrity of software registered in a whitelist at a timing which does not depend on an execution start of software and generate an execution permission list in which software which is successfully verified is registered as execution-permitted software. The execution control unit is configured to permit execution of the software if the software is registered in the execution permission list as the execution-permitted software when the execution start of the software is detected.

Abstract: Exemplary security applications and systems are described herein. Such embodiments may be configured to provide backup functionality and ransomware protection for cloud storage systems. The described embodiments may monitor cloud storage systems to detect and classify various events. And the embodiments may perform any number of actions based on classified events, such as transmitting notifications to users, preventing a user or application from accessing the cloud storage system, and/or restoring infected files.

Abstract: To perform an update process on software reliably without shutting down an edge server in an IoT system, the software update control device 60 is provided with: a first execution control unit 61 which creates, in a second information processing system 80, an operating environment including updated software; a verification unit 62 which verifies operation performed in the operating environment including the updated software; a transfer control unit 63 which transfers an operating environment including the original version of the updated software from a first information processing system 70 to the second information processing system 80; a second execution control unit 64 which causes the second information processing system 80 to execute the updated software; and a switching unit 65 which switches the information to be processed by the second information processing system 80 from information obtained by executing the original software to information obtained by executing the updated software.

Abstract: Methods of operating a network node in a wireless local area network, a mobile terminal and a server, respectively, are disclosed. Corresponding computer programs, as well as a network node, a mobile terminal and a server are also disclosed. The network node establishes connection with the mobile terminal; and sends at least one network name to the mobile terminal, wherein the at least one network names correspond to possible public land mobile networks, PLMNs, based on the determined AAA information. The mobile terminal can thus display the network name.

Abstract: Methods, systems, and computer program products for providing transaction verification through enhanced authentication are provided. A method performed by a computer system may include receiving an application programming interface (API) request from a client, detecting a change associated with the API request as compared to a prior use of the API by the client, generating an encrypted challenge to authenticate the API request based on detecting the change, and issuing the encrypted challenge to the client to authenticate the API request.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to receive from a first device a digital key, receive from a second device an encrypted data item, decrypt the encrypted data item using the digital key to obtain a decrypted data item, and verify the decrypted data item matches a reference data item, and responsive to the decrypted data item matching the reference data item, grant access to at least one of the first device and the second device.

Abstract: A password and/or email address management platform configured to regenerate a previously generated password for a given web domain or digital system without permanently storing the previously generated password. The platform can operate without maintaining a permanent store or list of other user-related information, e.g. a list of web domains or systems for which passwords have been generated. In an embodiment, the platform performs the steps of concatenating a plurality of password input data elements into a requested phantom password input data string, applying a hashing algorithm to the requested phantom password input data string to generate a phantom password hash, applying a hash-to-string function to convert the phantom password hash to a phantom password, and purging the password generation system of the phantom password after it is notified to a user.

Abstract: A one-time-password authentication method, comprising the following steps: a client establishes NFC with an NFC dynamic token, obtains a token serial number of the NFC dynamic token and a one-time-password from the NFC dynamic token; the client encrypts the one-time-password by using the token serial number and a second random number stored by the client, to obtain a third ciphertext, and sends the third ciphertext, the second random number, and the token serial number to a token server; the client receives an authentication success message or an authentication failure message returned from an application server. By means of the present invention, the one-time-password generated by the NFC dynamic token is obtained by using an NFC channel, and the one-time-password is sent to the token server for authentication. Therefore, errors and leakage caused by a user by manually inputting the one-time-password is avoided, and the security of the dynamic token is improved.

Abstract: Provided is a method for decoupled transmission of data between networks having different security requirements, in which, in a first network having high security requirements, first data from a first application are transmitted in a communication exclusively between components within the first network via multiple communication links, data being captured in the first network by at least one monitoring device per communication link in a decoupled manner and being transmitted to a second network having lower security requirements. Also, a corresponding arrangement is also provided.

Abstract: An assembly checks at least one firewall device and a method protects at least one data receiver. In the method, permissible and non-permissible data traffic is differentiated in data traffic in the direction of the data receiver using specific rules. Non-permissible data traffic is blocked, and permissible data traffic is allowed through. In order to check the function of the firewall device, the data traffic which has been allowed through is interrupted if the data traffic which has been allowed through has non-permissible data traffic.

Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication by an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering Information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).

Abstract: The invention relates to a method of securing an integrated circuit during its fabrication on a wafer, said method including the following steps: delimitation of said wafer of the integrated circuit (1) into a first zone called a standard zone (5a) and a second zone called a security zone (5b), and creation of a random connection tracks network (7b) in said security zone (5b) configured to interconnect a set of conducting nodes (9b) thus forming a physical unclonable function modelled by random electrical continuity that can be queried through said set of conducting nodes using a challenge-response authentication protocol.

Abstract: Systems, computer-readable media, and methods for improving data privacy/anonymity and data value, wherein data related to a data subject can be used and stored, while minimizing re-identification risk by unauthorized parties and enabling data related to the data subject to be disclosed to an authorized party by granting access only to the data relevant to that authorized party's purpose, time period, place and/or other criterion via the obfuscation of specific data values. The techniques described herein maintain this level of privacy/anonymity, while still empowering Data Subjects, e.g., consumers or customers of such authorized parties, e.g., business entities, by enabling them to request or specify their desired level of engagement with such business entities. Data Subjects may then receive privacy-respectful, trusted communication, e.g.

Abstract: Communicating a message via a leakage-deterring encryption scheme. A sender computer stores a public key pko of a recipient key-pair (pko, sko) of a message recipient, a commitment c, bound to the public key pko, to a secret s of the message recipient, and a public key pkt of a decryptor key-pair (pkt, skt). A receiver computer stores a secret key sko of the recipient key-pair (pko, sko), the commitment c and an opening o to the commitment. A decryptor computer stores a secret key skt of the decryptor key-pair (pkt, skt). The sender computer is adapted to encrypt a message m for the message recipient by generating ciphertexts. The sender computer sends the ciphertexts to the receiver computer. The receiver computer is adapted to send a ciphertext to the decryptor computer and provide a proof. The decryptor computer is adapted to verify the proof.

Abstract: A method for re-keying an encrypted data file, the data file being stored chunkwise on a storage entity (SE), data file chunks being encrypted with a global secret, and the method being performed in a memory available to a computing device, includes partially updating a global secret for encryption data for a data chunk to be re-keyed such that an output of a non-interactive oblivious key exchange is used to identify the private key of the data chunk to be re-keyed with a new private key; and reencrypting the data chunk to be re-keyed with the updated global secret.

Abstract: An optical electromagnetic radiation (EM) emitter and receiver are located upon a printed circuit board (PCB) layer and are connected to an optical security pathway. A predetermined reference flux is determined, the reference flux being the expected EM transmitted by the optical security pathway and received by the receiver. When the PCB is subject to an unauthorized access thereof (e.g., drilled, sawed, cut, etc.), the optical EM transferred by optical security pathway is altered. An optical monitoring device that monitors the flux of the optical EM received by the receiver detects a change in flux, in relation to the reference flux, and passes a tamper signal to one or more computer system devices to respond to the unauthorized access. For example, one or more cryptographic adapter card or computer system functions or secured crypto components may be disabled.

Abstract: An Internet of Things (IoT) blockchain interface system facilitates receiving and deploying events from an IoT gateway to a blockchain using the event stack. The system also provides an interface between events that may affect objects on the blockchain from IoT sensors. The system also serves to authenticate IoT events such as sensor data.

Abstract: The present invention relates to a method, system and related devices for providing with a unique identification at excitation or reading of said unique identification.

Abstract: Examples associated with contextual device unlocking are described. One example storing sets of contextual state information associated with unlock events associated with a device. A first contextual state of the device is detected. The first contextual state of the device is compared to sets of contextual state information. The device is unlocked based on the comparison of the first contextual state of device to the sets of contextual state information when the device is in a secure location with a nearby authorized user.