Abstract: The present invention provides a method for packet processing according to a access control list table, comprising: receiving a packet, wherein the packet includes a packet information and match items for matching; providing an access control list (ACL) codeword table; providing a mask table, wherein the ACL codeword table corresponds to the mask table; obtaining a hash key by performing a multiplexing logic operation, wherein the hash key is made by combining a multiplex result of the packet information and the mask table; obtaining a hash value by performing a hash function based on the hash key, wherein the hash value is composed of X+Y, wherein X is a signature table (hash table) index and Y is a key digest; performing a hash table indexing, based on the signature table index, wherein the signature table index is the index to an address of signature table; performing a fast pattern match, wherein the signature table contains signature fields, and if any second signature field in the signature table is mat

Abstract: A subscription system and method of facilitating permission-based access to a subset of vehicle sensor data in a vehicle electronic control unit (ECU) to augment an information application. The system includes a vehicle subscription server. The method includes generating, by the vehicle subscription server, a sensor key and a subscription key, installing in a memory of the vehicle ECU the vehicle sensor key. In response to a request for a subscription by a mobile device, transmitting by the vehicle subscription server the subscription key. The vehicle ECU uses the subscription key to authenticate the mobile device as having a current subscription, and augments the information application with the subset of vehicle sensor data accessed based on the sensor subscription key.

Abstract: A method, performed by an image processing device, of encrypting image data includes: selecting an encryption target unit from among a plurality units constituting an image; generating a table including identification information about the encryption target unit; generating a first encryption unit including data obtained by encrypting the encryption target unit; generating a second encryption unit including data obtained by encrypting the table; and generating a bitstream including the first encryption unit, the second encryption unit, and units other than the encryption target unit among the plurality of units constituting the image.

Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for deep learning based API traffic analysis and network security. The invention provides an automated approach to threat and/or attack detection by machine learning based accumulation and/or interpretation of various API/application traffic patterns, identifying and mapping characteristics of normal traffic for each API, and thereafter identifying any deviations from the normal traffic parameter baselines, which deviations may be classified as anomalies or attacks.

Abstract: Systems and methods for privacy breach notification and protection enabled by the Internet of Things (IoT) are provided. Some embodiments establish a passive early warning privacy-breach detection from laser beam scan capability on a mobile device and IoT device when a particular owned object (or set of owned objects) has been laser scanned. Sensor information (e.g., laser beam sensing transparent adhesive tape, automotive cameras and proximity sensors) can be used to create notifications that allow a user to take action or to have peace of mind relating to particular activities such as to avoid fees and fines, to recover lost objects, to confirm known events, and to trigger activity.

Abstract: A method includes building a firmware image to execute on a bootloader of a system on chip (SoC), the firmware image including first encryption public and private keys, and digitally signing the firmware image with a second encryption private key. The signed firmware image is encrypted with a symmetric encryption key, which in turn is encrypted with a second encryption public key. The encrypted signed firmware image and the encrypted symmetric encryption key are sent to the SoC to cause the SoC to (1) decrypt the encrypted symmetric encryption key to produce the symmetric encryption key using a third encryption private key from a first asymmetric key pair, (2) decrypt the encrypted signed firmware image to produce the signed firmware image using the symmetric encryption key, and (3) verify a digital signature of the signed firmware image using a third encryption public key from a second asymmetric key pair.

Abstract: A system with methods to enhance key strength for a quantum shared key which is derived by a conventional quantum key distribution protocol and the system provides a single optical communication channel with security protection mechanism for key distribution without relying on an authenticated public classical channel. The system is implemented with technology in combination of key-strength enhancement, re-encoding operation, density-matrix verification, and grating control for a single optical communication channel where the system can be integrated with a conventional Quantum-Key-Distribution protocol such as BB84 or B92, but excluding GHz-clocked QKD system. Thereby, the system can help a known QKD system to overcome current drawbacks of an apparatus implemented over a conventional QKD protocol so as to derive an enhanced quantum shared key.

Abstract: Apparatus and methods for unlocking a communication terminal. The methods may include: at the communication terminal, receiving from eye wear of a user, a radio frequency (“RF”) signal that includes a public code. The methods may include: at the communication terminal, receiving from eye wear a request for text that is encrypted using the public code. The methods may include: responsive to the request, transmitting to the communication terminal encrypted text based on the public code. The methods may include displaying on the communication terminal the encrypted text. The methods may include detecting at the terminal, without displaying a decryption of the encrypted text, a user gesture based on the encrypted text. The methods may include providing to the user a private code corresponding to the public code. The private code may be configured to reside in machine readable memory on the eye wear.

Abstract: Disclosed is a method of encrypting a data signal for providing to an input of a radio frequency transmitter, such as modulated baseband signals in the physical layer for wireless transmission. The method comprises receiving the data signal comprising one or more first frequency components with a first phase profile in a frequency band of interest; applying a dispersive encrypting signal filter to the data signal to generate an encrypted data signal comprising the one or more frequency components with a second phase profile, wherein the second phase profile is different to the first phase profile. Decryption is achieved by applying a decrypting filter to the encrypted data signal to substantially reverse the effect of the encrypting filter and recover the first phase profile.

Abstract: Methods, systems, and devices to enable a device with chain of trust are described. A controller may authenticate a root of trust entity as part of a boot-up procedure of a system that includes the root of trust entity. The root of trust entity may receive, as part of the boot-up procedure, a first portion of code associated with a first entity of the system. The controller may generate a first measurement result of the first portion of code and may identify, by the root of trust entity, a second measurement result associated with the first portion of code. The controller may determine, by the root of trust entity, whether the first measurement result matches the second measurement result as part of authenticating the first portion of code and may transmit, by the root of trust entity, an indication of whether the first and second measurement results match.

Abstract: In some examples, a secure compliance protocol may include a virtual computing instance (VCI) deployed on a hypervisor and may be provisioned with hardware computing resources. In some examples the VCI may also include a cryptoprocessor to provide cryptoprocessing to securely communicate with a plurality of nodes, and a plurality of agents to generate a plurality of compliance proofs; the VCI may communicate with a server corresponding to a node of the plurality of nodes; and receive a time stamp corresponding to at least one compliance proof based on a metric of a connected device.

Abstract: A set of measurable encrypted feature vectors can be derived from any biometric data and/or physical or logical user behavioral data, and then using an associated deep neural network (“DNN”) on the output (i.e., biometric feature vector and/or behavioral feature vectors, etc.) an authentication system can determine matches or execute searches on encrypted data. Behavioral or biometric encrypted feature vectors can be stored and/or used in conjunction with respective classifications, or in subsequent comparisons without fear of compromising the original data. In various embodiments, the original behavioral and/or biometric data is discarded responsive to generating the encrypted vectors. In other embodiment, helper networks can be used to filter identification inputs to improve the accuracy of the models that use encrypted inputs for classification.

Abstract: An Omni-channel security manager is provided. The Omni-channel security manager is configured to: receive selections for domain/channel specific security applications and deploy security agents to end-point devices. The security agents interact with the Omni-channel security manager to install, initiate, manage, and monitor the domain/channel specific security applications on the end-point devices.

Abstract: An information handling system may include a processor, a basic input/output system (BIOS) communicatively coupled to the processor, and a security agent comprising a program of instructions embodied in non-transitory computer-readable media and configured to, when read and executed by the processor: retrieve a BIOS policy, retrieve BIOS configuration information, based on the BIOS policy and the BIOS configuration information, determine a deviation of one or more BIOS attributes of the BIOS configuration information, and perform remediation of the one or more BIOS attributes based on the deviation.

Abstract: An example of a first computing device may include firmware, a controller, and a processor. The processor may be to generate a trust state message, to be sent to the controller, indicating the firmware of the first computing device is operating a trusted environment and utilize the firmware to validate an update within the trusted environment. The controller may be to assert, responsive to receiving the trust state message, a trust state signal to a second computing device indicating the firmware of the first computing device is operating the trusted environment The assertion of the trust state signal may be to enable the second computing device to install the validated update.

Abstract: A sensor network for use in an aircraft, including a plurality of wireless nodes. A first wireless node of the plurality of wireless nodes is arranged to communicate with at least one other wireless node of the plurality of wireless nodes. The communication is via a secure communications channel and is on the basis of a control message received at the first wireless node. The at least one other wireless node is arranged to perform an operation on the basis of the control message.

Abstract: An interface device may provide a first wireless network and a second wireless network in a user's premise. The interface device may encourage some user devices to connect to the second wireless network without controlling the user devices. For example, the interface device may receive a request from a device to access its first wireless network. The interface device may then determine whether the device is a premise device by, for example, searching a database of device registration information. The interface device may determine that the device is a premise device and deny the request to access the first wireless network. The device may then be available to access the second wireless network.

Abstract: proviced is an authentication method based on a GBA, and the method includes: a BSF receives an initialization request message sent by a UE, wherein the initialization request message carries a first identifier of the UE, and the first identifier comprises at least one of the following: a SUCI, an identifier converted from the SUCI, and a TMPI associated with the subscriber identity; the BSF acquires an AV of the UE according to the first ID; the BSF completes GBA authentication with the UE according to the acquired AV. In this way, the privacy of the SUPI is protected for the UE, and the SUCI or the identifier converted from the SUCI is used to perform the bootstrapping process of the GBA, thereby improving the security of the GBA authentication process.

Abstract: The embodiments of the present disclosure provide a private data processing method, a device and a medium, and relate to data security technologies. The method includes: initiating a user request to an intermediate server according to an input of a user to request the intermediate server to perform intermediate business processing according to the user request and to initiate a target business processing request to a business server; obtaining business result data encrypted with an account key of the user and fed back by the business server based on the target business processing request from the intermediate server; and using the account key of the user to decrypt the encrypted business result data.

Abstract: A security server device, method, non-transitory computer readable medium and security system that receives request data for a request from a client to a web server system where the request comprises a session identifier (ID) for a session between an authenticated user and the web server system. A determination is made whether the client is a single-user device based on the request data and multi-domain data. Another determinations is made on whether the client is compromised based on the request data. In response to the determinations that the client is a single-user device and is not compromised an extension of the session between the authenticated user on the client and the web server system is caused.