Abstract: An electronic processor of a wireless fob is configured to establish a first communication link between the wireless fob and an external device, and receive, over the first communication link, first identification information and credential information of a power tool device from the external device. The electronic processor is further configured to receive, via the wireless transceiver, an identification signal including second identification information from the power tool device. The electronic processor is further configured to identify the power tool device by determining that the first identification information matches with the second identification information. The electronic processor is further configured to transmit the credential information to the power tool device to establish a second communication link between the wireless fob and the power tool device and transmit, over the second communication link, a command to the power tool device to control an operation of the power tool device.

Abstract: This application discloses a password verification method and a password setting method. The password verification method includes: in response to a detected operation of requesting for password verification, collecting at least one first image by using a camera of a mobile terminal; obtaining matching information when a result of matching between the at least one first image collected by the mobile terminal and at least one first preset image satisfies a first preset matching condition, where the matching information includes at least one of the following: location information of the mobile terminal, motion information of the mobile terminal, at least one second image collected by the camera of the mobile terminal, and network connection information of the mobile terminal; and performing matching between the obtained matching information and a second preset matching condition, where the password verification succeeds when the matching is successful.

Abstract: An apparatus and method for providing cyber security defense in digital environments are provided. The apparatus includes a processor and a memory communicatively coupled to the at least a processor. The memory contains instructions configuring the at least a processor to receive a cyber profile associated with a digital environment. The processor is also configured to receive a risk profile associated with the cyber profile and analyze the cyber profile and risk profile. In addition, the processor is configured to generate a user interface data structure configured to display the determined risk score. A graphical user interface (GUI) is communicatively connected to the processor and the GUI is configured to receive the user interface data structure for the cyber-attack defense assessment and display the cyber-attack defense assessment.

Abstract: A method for protection of data transfers for internet of things (IoT) devices using a blockchain includes: receiving, by a node in a blockchain network, a data message from an IoT device formatted according to an IoT messaging protocol and including a device identifier associated with the IoT device and encrypted data; generating a new block including one or more data values including the received data message; transmitting the generated new block to one or more additional nodes in the blockchain network; receiving a data request from an external device including an external identifier associated with the external device; verifying permission of the external device to access the encrypted data based on the external identifier and device identifier; and transmitting the encrypted data to the external device.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining user code; obtaining an indication of at least one vulnerability, the vulnerability associated with one or more sets comprising at least a first instruction type and a second instruction type; scanning the code using dependency analysis, to obtain for one set: one or more first instructions of the first instruction type, one or more second instructions of the second instruction type, and further instructions associated with entities relevant to the first instruction and the second instruction; eliminating instructions other than the first instruction, the second instruction and one of the further instructions, thereby obtaining a collection of instructions that behaves differently from the user code; and providing the collection of instructions for vulnerability detection.

Abstract: A method for detecting a security vulnerability in code may include obtaining (i) a permitted information flow graph for a permitted query and (ii) a target information flow graph for a target query in the code, determining, by traversing the permitted information flow graph, a permitted information flow including permitted disclosed columns, permitted accessed columns, and a permitted predicate, determining, by traversing the target information flow graph, a target information flow including target disclosed columns, target accessed columns, and a target predicate, comparing the permitted information flow and the target information flow to obtain a comparison result, and determining, based on the comparison result, that the target query includes the security vulnerability.

Abstract: A data processing method based on secure multi-party computation, an electronic device and a storage medium are disclosed. The data processing method requires firstly obtaining original confidential data and shared key information from a data holding terminal; performing a first encrypting process to the original confidential data based on the shared key information to generate original encrypted data; and then sending the original encrypted data to a node server. Further, the node server obtains a plurality of pieces of the original encrypted data, and performs a service parsing process to generate encrypted result data, and sends the encrypted result data to a data reconstruction terminal. Furthermore, the data reconstruction terminal obtains the encrypted result data and the shared key information, and performs a reconstructing process to the encrypted result data according to the encrypted result data and the shared key information to obtain service result data.

Abstract: A request to activate a service may be received from a user device and a determination may be made as to whether the request is authorized or fraudulent. In particular, a geographical location of the user device may be determined. Whether to activate the service may be determined based on the geographical location of the user device.

Abstract: Some implementations of the disclosure are directed to preventing unauthorized transmissions of an outdoor IP Radio by an unauthorized user tapping the connection between an indoor unit and the outdoor IP Radio. In one implementation, a method comprises: initializing, over an interfacility link (IFL) connecting an indoor unit of a satellite terminal and an outdoor Internet Protocol (IP) Radio of the satellite terminal, a communication link between the indoor unit and the outdoor IP Radio; authenticating, using the indoor unit and the outdoor IP Radio, the communication link between the indoor unit and the outdoor IP radio; and after authenticating the communication link, providing satellite network service to the indoor unit via the outdoor IP Radio.

Abstract: Low power devices are able to utilize encryption in communication. Low power devices typically cannot send/receive large amounts of data since sending/receiving more data uses more power. Implementing a key exchange with a small encrypted payload enables secure communication between the devices. A one-way data stream is implemented. The one-way data stream is able to be encrypted. The dynamic key exchange is able to be used for a moving target.

Abstract: A method for software code analysis includes receiving source code of an application program, which includes one or more calls from respective entry points in the source code to a library program. The source code is automatically analyzed in order to generate a first data flow graph (DFG), representing a flow of data to be engendered upon running the application program. One or more vulnerabilities are identified in the library program. The library program is automatically analyzed to generate a second DFG linking at least one of the entry points in the source code to at least one of the vulnerabilities. The first DFG is combined with the second DFG in order to track the flow of data from the application program to the at least one of the vulnerabilities and to report at least one of the vulnerabilities as being exploitable.

Abstract: Techniques to transmit encoded data along a transmission medium and decode the transmitted data along the transmission medium are provided. Some techniques include logic to encode data transmitted along a transmission medium, such as a fiberoptic line or cable, where the encoding is pursuant to a conversion between a first and second colorspace. The logic may further be configured to decode the data once it is received at a node along the fiberoptic line, where the colorspace conversion provides the basis, key, or cipher for preforming the decoding operation. The logic may be further configured to alter the encryption and decryption basis, key, or cypher by altering the colorspace scheme defining the encoding (and by extension the decoding) during transmission, including a transmission that takes place after a previous transmission governed by the previously defined (and subsequently altered) colorspace conversion scheme. Other embodiments are described and claimed.

Abstract: A user consent service that collects information on the type of data users have consented to sharing with different service providers (location information, account status, etc.), so that mobile network operators determine whether to approve or deny user information requests. The service receives information from service providers (e.g., websites, cloud services, mobile applications, and other network-accessible resources) which indicates that users have consented to the sharing of certain types of user data with those service providers. In response, the user consent service maintains records cataloging the consent received for the users, including what type of data that the users have consented to sharing with the different service providers (i.e., what pieces of data may or may not be shared with the different server providers). The service generates consent data for mobile network operators, from the records, so the mobile network operators can evaluate requests for user data.

Abstract: The various implementations described herein include methods and devices for creating and using trust binaries. In one aspect, a computer-readable storage medium includes a trust database storing a plurality of trust binaries, each trust binary corresponding to a respective executable program. Each trust binary of the plurality of trust binaries includes: a trust binary name generated by applying a hash function to a respective header of the respective executable program; and a function digest for each executable function identified in the executable program. The function digest is generated based on a respective starting address and one or more respective static parts of the respective executable function. The plurality of trust binaries are indexed in the trust database using their respective trust binary names.

Abstract: Systems and methods generate a first security node hash identifier by performing a first hash operation, such as a one-way hash, on a first data resource identifier associated with a first data resource, such as a data set, produced by a data resource platform. The systems and methods generate a dependent second security node hash identifier by performing a second hash operation on a second data resource identifier associated with a dependent second data resource produced by the data resource platform and on the first security node hash identifier, receive an access request for access to the dependent second data resource; and in response to the access request, grant permission to access the dependent second data resource to a user associated with the access request based on the dependent second security node hash identifier.

Abstract: Techniques for finding and associating personal identifying information with an individual. In one embodiment, a method includes searching a database of personal identifying information held by an organization for instances of a particular item of personal identifying information of a data subject. The database may link personal identifying information to locations at which that personal identifying information is held by the organization. After a storage location with a found instance of the particular item of personal identifying information of the data subject is determined, additional personal identifying information of potential relevance to the data subject may be found at the storage location and used for further searching of the database for more personal identifying information of potential relevance to the data subject at other locations. Personal identifying information may be associated with the data subject and included in a data subject profile.

Abstract: The present disclosure is directed to systems and methods for vulnerability analysis using continuous application attestation, a method including receiving a load map associated with an application, the load map indicating loaded modules of the application; determining whether at least one notification is received indicating at least one update to the loaded modules of the application, wherein, if the at least one notification is received, the load map is updated based on the indicated at least one update, and wherein, if the at least one notification is not received, the load map is retained in an existing state; periodically retrieving call traces associated with the application, the call traces indicating executed modules of the application; and generating a continuous application attestation comprising at least a combination of the updated load map or the retained load map, and the retrieved call traces associated with the application at a given time.

Abstract: Data protection techniques for data structures in an information processing system are provided. For example, a method comprises the following steps. A request is received to create a data structure with a given data structure name and one or more given parameter names. A pair of data structures is generated in response to the request. Each of the pair of data structures is assigned a different randomly-generated data structure name derived from the given data structure name in the request, and the one or more given parameter names are assigned different one or more randomly-generated parameter names in each of the pair of data structures.

Abstract: A method and apparatus for analyzing side-channel security vulnerabilities in a digital device. A first time sequence of measurements of side-channel related phenomena of the digital device, such as power draw or electromagnetic emissions is obtained. A second time sequence of debug outputs of the digital device, such as program counter contents or other device processor or register states, is obtained. The first time sequence and the second time sequence are obtained based on a common time reference, and thus correlated in time. A controller can provide a common timing signal to measurement equipment obtaining the first time sequence and to a debug tool obtaining the second time sequence, and the common time reference can be correspond to the common timing signal.

Abstract: Embodiments provide a system and method for modeling a shared resource in a multi-layer reasoning graph based on configuration security. During operation, the system can obtain a multi-layer graph for a system with a plurality of components that can include a set of subgroups of components. The system can generate, based on the multi-layer graph, an abstract component to represent a shared resource model for a respective subgroup of components. The shared resource model can be associated with a set of resource constraints. The system can generate a set of values for resource configuration parameters that satisfy the resource constraints. The system can map the shared resource model to a respective component and can then determine, based on the mapping and the set of values for the resource configuration parameters, a set of values for the component configuration parameters thereby facilitating optimization of a security objective function.