Abstract: A system increases security for personal devices. An authenticating authority receives an authentication request from a personal device. The authenticating authority obtains a current location of the personal device from a location server, where the location server transmits the current location to the authenticating authority. The location server receives location information associated with the personal device, where the location information is transmitted to the location server by a location updating daemon running on the personal device. The authenticating authority compares the current location received from the location server to a zone associated with the personal device to determine processing of the authentication request. The zone is retained by the authenticating authority.

Abstract: It is provided a method performed in a gateway and comprises the steps of: receiving a first client request from the client device, the first client request comprising a first fully qualified domain name, FQDN; transmitting a gateway request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; generating a second FQDN, based on the first FQDN and an identifier of the client device; generating a client specific shared key based on the second FQDN and a shared key; generating a redirect message comprising the second FQDN, an authentication request, a context identifier and the client specific shared key; transmitting the redirect message to the client device; receiving a second client request from the client device; and generating an authentication response in case the second client request fails to comprise an authentication response.

Abstract: Example implementations relate to attestation. For example, in an implementation, a target device attestation request is transmitted to a target device, where the target device attestation request includes an identity-based encryption (IBE) ciphertext and a retrieval index. The ciphertext is a nonce encrypted using a trusted platform module (TPM) public key together with an IBE public key. The TPM public key is retrieved from a TPM of the target device, and the IBE public key is an expected value presumed to be stored at the TPM.

Abstract: Embodiments of an authentication system and a method for authentication using ciphers are described. In the system and method, cryptographic calculations of an encryption algorithm are executed at a base station, in a determined secure environment, to produce a pre-calculated cipher for a subsequent authentication process. The pre-calculated cipher is then used to transmit an authentication request message from the base station and validation of an authentication response message for the subsequent authentication.

Abstract: A security code input may be obfuscated from a thermal imaging device by randomly heating a random set of inputs of an input device. The security code is inputted on an input device, which communicates with a security system to grant or deny access to a user based on an entry of the security code. The input device includes a plurality of hearing elements. The input device may receive an input from the user. A random set of heating elements including one or more heating elements, are generated from the plurality of heating elements. A temperature is determined for the one or more heating elements of the random set of heating elements. The temperature is then applied to the one or more heating elements of the random set of heating elements of the input device.

Abstract: Techniques described herein relate to analyzing executions of content resources within networks of execution client devices, and selecting sets of interactive content resources for execution on particular execution devices based on such analyses. Content resource execution data may be received from various execution client devices on which content resources have been executed and provided to end users. Such data may be analyzed to determine correlations between a first content executor and additional content executors based on the their respective content resource execution data, and the content resource execution data of correlated content executors may be aggregated and analyzed to select particular interactive content resources for the first content executor. Such selections may be provided to first content executor during a content execution session following an authenticated login by the first content executor.

Abstract: Communication bus enable devices to communicate and exchange information and control signals. There is a growing concern over the security of such types of buses. Since any device can transmit any message, and device on the bus which can be compromised poses a threat for the bus. Described is a system to authenticate the source of messages from various devices on a communication bus.

Abstract: Communication bus enables devices to communicate and exchange information and control signals. There is a growing concern over the security of such types of buses. Since any device can transmit any message, and device on the bus which can be compromised poses a threat for the bus. Described is a system to authenticate the source of messages from various devices on a communication bus.

Abstract: Systems and methods for device-agnostic, multi-factor network authentication are disclosed. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others.

Abstract: A controller and an accessory controllable by the controller can communicate using secure read and write procedures. The procedures can include encrypting identifiers of accessory characteristics targeted by a read or write operation as well as any data being read or written. The procedures can also include the accessory returning a cryptographically signed response verifying receipt and execution of the read or write instruction. In some instances, a write procedure can be implemented as a timed write in which a first instruction containing the write data is sent separately from a second instruction to execute the write operation; the accessory can disregard the write data if the second instruction is not received within a timeout period after receiving the first instruction.

Abstract: A license managing method including an execution device that executes software and a software storage device coupled to the execution device further includes a license storage device that stores license information indicating the number of licenses for permitting a license of the software, and the license managing method includes the step of license-managing of controlling storage of the software to be downloaded into the software storage device or execution of the software by the execution device based on the license information stored in the license storage device when the software whose license permission is required is downloaded.

Abstract: A method of multi-factor authentication includes receiving, by a remote hosting server from a terminal, a request from a user possessing a trusted device to access a remote service. The remote hosting server generates challenge chirp signal information and sends the challenge chirp signal information to the terminal and the device. Measurements are received of a room impulse response taken by each of the terminal and the trusted device using the chirp signal information. It is checked whether a location of the terminal is known based on a measurement of the room impulse response. The measurements of the room impulse response of the terminal and the trusted device are compared. A level of access to the remote service is granted to the user based on whether the location of the terminal is known and whether the trusted device is present at the location of the terminal.

Abstract: A method to transfer a video stream from a host device comprising a controller configured for bulk transfers to a descrambling device, comprises: forming a chain out transfer comprising a chain out header linked with multiple chain out descriptors, the first chain out descriptor pointing to an out description packet containing at least one producer ID, the second and subsequent chain out descriptor pointing to chunks from the video stream, the last chain out descriptor being configured to generate an interrupt; forming a chain in transfer comprising a chain in header linked with a plurality of chain in descriptors, each chain in descriptor pointing to a descrambled chunk; requesting the controller to process the chain; receiving the description packet by the descrambling device and using key data associated with the chunks to descramble them; receiving by the controller the descrambled chunks and triggering an interrupt on the last chunk.

Abstract: The present disclosure describes systems and methods that provide a hybrid framework for augmenting statistical anomaly detection with contextual features, machine learning and human Subject Matter Expert (SME) input to learn significant characteristics of true anomalies for which alerts should be generated. The framework presented herein is domain agnostic and independent of the underlying statistical anomaly detection technique or the machine learning algorithm. The framework described herein is therefore applicable and adaptable to a number of real world service provider systems and applications, such as, for example, detecting network performance degradation in a service provider network or detecting anomalous conditions from data received from a sensor while filtering out false positives.

Abstract: An encoder for providing encrypted data for transmission via a transmission medium includes an encryption unit that is configured to encrypt data received at the encoder block by block and a processing unit. The processing unit is configured to randomly distribute an encrypted data block to a plurality of channels that are allocated to the transmission medium and to provide a sub-block, which includes part of the encrypted data block, to be transmitted via one of the channels, together with a channel identification allocated to the channel and a code value that is based on the encrypted data in the sub-block to be transmitted and the channel identification, for transmission via the allocated channel of the transmission medium.

Abstract: A secret key value that is inaccessible to software is scrambled according to registers consisting of one-time programmable (OTP) bits. A first OTP register is used to change the scrambling of the secret key value whenever a lifecycle event occurs. A second OTP register is used to undo the change in the scrambling of the secret key. A third OTP register is used to affect a permanent change to the scrambling of the secret key. The scrambled values of the secret key (whether changed or unchanged) are used as seeds to produce keys for cryptographic operations by a device.

Abstract: Examples relate to automated multi-credential assessment in a system. One example enables auditing an application by sending a first request for an action to be performed in the application, the first request based on a first privilege level, where the first privilege level corresponds with a first level of access to the application, and sending a second request for the action to be performed in the application, where the second request based on a second privilege level different from the first privilege level. The second privilege level may corresponds with a second level of access to the application different from the first level of access. The first request and second request may be performed, and the results of the performed first request and second request may be combined. The combined results may be made available.

Abstract: In an embodiment, a computer system is configured to improve security of server computers interacting with client computers through an intermediary computer, and comprising: a memory comprising processor logic; one or more processors coupled to the memory, wherein the one or more processors execute the processor logic, which causes the one or more processors to: intercept, from a server computer, one or more original instructions to be sent to a browser being executed on a client computer; inject, into the one or more original instructions, one or more browser detection instructions, which when executed cause one or more operations to be performed by an execution environment on the client computer and send a result that represents an internal state of the execution environment after performing the one or more operations to the intermediary computer; send the one or more original instructions with the one or more browser detection instructions to the browser; receive the result and determine whether the browse

Abstract: A device transmits or receives a packet in a memory network including one or more processors and/or one or more memory devices. The device includes a key storage unit configured to store a one-time password (OTP) key that is shared with a target node, an encryption unit configured to encrypt a transmission packet with the OTP key stored in the key storage unit and to transmit the encrypted transmission packet to the target node, and a decryption unit configured to decrypt a receiving packet from the target node with the OTP key stored in the key storage unit. The device is a processor or a memory device in the memory network.

Abstract: The present invention provides an authentication which is performed by means of simultaneously inputting biometric data such as fingerprint, iris and the like when inputting an authentication number, wherein input area provided to a user varies such that biometric data can be input and recognized accurately and easily. Therefore, the present invention enhances convenience for a user and increases security and reliability of authentication.