Abstract: A certificate credential and an associated signature is received. The certificate credential and the associated signature are authenticated at an operating system level. Whether the certificate credential has expired is validated at an application level via an external certificate authority. Access to encrypted data is allowed based at least in part on the authentication and the validation of the certificate credential.

Abstract: Embodiments of systems and methods for platform framework security state management are described. In some embodiments, an Information Handling System (IHS) collects context information that describes logical and physical environments in which the IHS is operating. This context information is used to determine a security state for the IHS. A launch of a resource of the IHS is detected. In response, updated context information is collected that further describes the logical and physical environments. Based on the security state, the launched resource and the updated context information, an updated security state of the IHS is determined. Based on the updated security state, changes are determined to security policies that are used to operate hardware devices of the IHS. Platform framework participants are identified that are registered users of the security polices affected by the updated security state, and these participants are notified of the security policy changes.

Abstract: A system includes a server interface and a management server. The management server includes instructions for execution by a processor. The instructions, when loaded and executed by the processor, cause the processor to access a server through the remote interface and, through the interface, monitor current usage by an electronic device communicatively coupled to the server. The instructions further cause the processor to determine a security status of the electronic device based upon the current usage, and to take a corrective action based upon the security status.

Abstract: A cybersecurity engine can guide a forensic investigation of a security incident by estimating the utility of investigating events associated with the security incident, selecting a subset of such events based on the estimated utilities, and presenting data associated with the selected events to the investigator. A method for guiding a response to a security incident may include estimating, for each of a plurality of security events associated with the security incident, a utility of investigating the security event. The method may further include selecting a subset of the security events based, at least in part, on the estimated utilities of investigating the security events. The method may further include guiding the response to the security incident by presenting, to a user, data corresponding to the selected security events.

Abstract: In one example an apparatus comprises a computer readable memory, a signing facility comprising a plurality of hardware security modules, and a state synchronization manager comprising processing circuitry to select, from the plurality of hardware security modules, a set of hardware security modules to be assigned to a digital signature process, the set of hardware security modules comprising at least a first hardware security module and a second hardware module, and assign a set of unique state synchronization counter sequences to the respective set of hardware security modules, the set of state synchronization counter sequences comprising at least a first state synchronization counter sequence and a second state synchronization counter sequence. Other examples may be described.

Abstract: A proxy revocation service provides a reliable service for performing revocation checks. The proxy revocation service queries public certificate authorities for the revocation status of a set of digital certificates and maintains a database of the revocation statuses. The proxy revocation service provides a singular endpoint that is Application Protocol Interface (API) accessible to web clients. Web clients communicate with the proxy revocation service through use of API message to perform revocation checks, rather than communicating with the public certificate authorities using an online certificate status protocol (OCSP). Use of the proxy revocation service provides both a reliable service for performing revocation checks as well as shifts the complexity away from the web clients.

Abstract: A system for secure booting of an information handling system stores a Root of Trust private key in a hardware security module (HSM). A HSM-Integrated certificate creation utility receives inputs such as bin files for each firmware volume associated with a boot sequence. The HSM-Integrated certificate creation utility loads the correct extensions for the firmware volume, generates a certificate signing request (CSR) and generates a certificate based on the CSR. The certificates can be provided to a boot sequence for processing in a trusted firmware implementation without a certificate creation utility consuming the Hardware Root of Trust private key as a file that could be compromised.

Abstract: An apparatus includes an interface for an electronic device and a baseboard management controller (BMC). The BMC includes circuitry configured to, through the interface, monitor current usage by the electronic device, determine a security status of the electronic device based upon the current usage, and take a corrective action based upon the security status.

Abstract: Remote control to facilitate the management, configuration, or maintenance of information technology infrastructure is provided. The system activates a real-time communication session and a code for the real-time communication session. The system generates a link with an indication of the code for the real-time communication session. The system transmits the link to a mobile telecommunications device that launches a web browser to request content. The system receives the request for content, and obtains access to data from a sensor of the mobile telecommunications device. The system identifies the real-time communication session corresponding to the code. The system establishes, via a web socket over a network protocol, the real-time communication session with a data feed from the sensor. The system provides, based on at least a portion of the data feed, a command to control the mobile telecommunications device.

Abstract: Embodiments of the present disclosure relate to electronic lockout of a client device, specifically to managing electronic lockout of a client device associated with a claim process via a device protection program management system and third-party provider. In this regard, embodiments herein may process various data associated with determining whether to authorize a claim under a device protection program, and cause initiation of and/or termination of an electronic lockout of a client device depending on received data and/or lack of received data. In this regard, example embodiments include receiving a device claim request indication associated with a client device, where the client device is associated with a functionality lockout state; initiating a claim associated with the client device; causing initiation of an electronic lockout of the client device; processing the claim to determine whether to authorize the claim; and causing updating of the electronic lockout based on the determination.

Abstract: An efficient and secure process by which users may enter sensitive information into an electronic information system. When information is required from a user, the electronic information system may be configured to generate a unique access link (uniform resource locator, or URL) for that user. The link may be sent to the user via electronic communication, such as a text message or email. When the user follows the link with a web browser, the system prompts the user to enter an additional piece of personal information that is not known to the general public. Once identity is verified, the user may be required to electronically sign agreements. The user is then prompted to enter the required information. This may allow a user to deposit sensitive information into the system without requiring the user to provide full login credentials.

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage signals associated with the transmission at a point on the in-vehicle network bus. A distribution can be generated from densities of the voltage signals. ECUs can be identified and/or fingerprinted based on the distributions.

Abstract: The present disclosure provides systems and methods for timed unlocking and locking of hardware intellectual properties obfuscation. One such method includes determining whether received key inputs match a functional key sequence of an integrated circuit or a test key sequence of the integrated circuit; permanently enabling operation of the integrated circuit responsive to the received key inputs being determined to be a functional key sequence for permanently enabling operation of the integrated circuit; temporarily enabling operation of the integrated circuit responsive to the received key inputs being determined to be the test key sequence for temporarily enabling operation of the integrated circuit to perform testing of the functionality and disable thereafter; and locking sequential logic and combinational logic of the integrated circuit if the received key inputs are determined to not be either the functional key sequence or the test key sequence. Other systems and methods are also provided.

Abstract: An apparatus and method for performing authenticated communications that includes receiving, by a gateway device, a password associated with an application. The gateway device is in communication with a plurality of access control devices associated with the application. Access to each device in a cluster formed by the gateway device and the plurality of access control devices requires a user authentication associated with the password. The gateway device generates a plurality of different matching pairs of salt values and hash values and deletes the password. In addition, the gateway device transmits different sets of mismatched pairs of the salt values and the hash values to at least two devices of the cluster for storage. The user authentication is based on a salt value and a hash value from the plurality of different matching pairs of salt values and hash values stored at two different devices of the cluster.

Abstract: Account permissions and data accessibility can be modified based on level of confidence for a login attempt to the account. User activity observations corresponding to one or more login attempts to access a user account can be stored. A confidence score associated with a successful login attempt of the user account can be determined. The confidence score is based on the user activity observations. A level of access to an application with functions and data for the user account can be determined. The level of access is based on the confidence score. The level of access is associated with the functions and the data that are executable and accessible subsequent to the successful login attempt.

Abstract: The disclosure relates to an authentication approach to grant access to a secure service on an electronic device. The authentication approach includes receiving, via an electronic device, a request to access the secure service. The authentication approach includes determining whether the electronic device is positioned at a location that corresponds to a virtual authentication lock. The authentication approach includes displaying, in response to determining the device is positioned at the location that corresponds to the virtual authentication lock, the virtual authentication lock on a display of the electronic device. The authentication approach includes receiving one or more interactions with the virtual authentication lock.

Abstract: An information processing device not connected to a communication line includes a processor configured to generate information on each specific processing repeatedly executed, the information being to be managed by a management device, and refer to management information indicating information already managed by the management device, and output information which is among the generated information and not yet managed by the management device.

Abstract: Uplink high efficiency location of a user equipment (UE) includes initiating periodic or triggered location in the UE by a location server (LS) in a wireless network. The UE enters an idle state and monitors for triggering events. After detecting an event, the UE transmits an uplink positioning signal (UPS) to a base station, where the UPS encodes UPS data comprising a UE ID, an ID for the LS, an authentication code (AC) and location measurements. UPS transmission occurs in an uplink positioning occasion shared with other UEs. The location measurements may be ciphered but other UPS data is unciphered. The base station obtains additional location measurements and transfers the UPS data and the location measurements to the LS. The LS authenticates the UE ID using the AC, determines the UE location using the location measurements and transfers the location to an external client.

Abstract: To realize more secured Authentication while convenience is secured. There is provided a communication device including a control unit configured to control a process relating to transmission or reception of a first authentication signal and a second authentication signal used for a first authentication process that is authentication between the communication device and another communication device, in which the control unit further controls a second authentication process that is authentication different from the first authentication process and starts a process relating to transmission or reception of signals used for a second authentication process that is authentication different from the first authentication process before transmission or reception of the first authentication signal.

Abstract: In a display system according to the present disclosure, a server device includes an authentication processor that authenticates a user for use of a file, based on authentication information of the user input at a user terminal and an access information generator that generates first access information for accessing the file if the user is authenticated by the authentication processor for use of the file, and a display device includes a file acquirer that acquires the file from the server device, based on the first access information generated by the access information generator, and a display processor that displays the file acquired by the file acquirer, on the display.