Abstract: Methods, systems and computer program products for preventing unauthorized use of protected equipment in violation of export regulations are provided. Aspects include periodically obtaining a location of the protected equipment and storing the location in a location log in a non-volatile memory. Upon receiving a request to operate the protected equipment, aspects also include obtaining the location log from the non-volatile memory and parsing data from the location log to determine whether the protected equipment entered a restricted geographic area. Based on a determination that the protected equipment did not enter a restricted geographic area, aspects include granting the request to operate the protected equipment.

Abstract: A method according to one embodiment includes reading a unique credential identifier of a passive credential device, transmitting the unique credential identifier to a credential management system over a secure wireless connection, receiving credential device data from the credential management system over the secure wireless connection, and transmitting the received credential device data to the passive credential device.

Abstract: The present disclosure provides a computer-implemented method, computer system and computer program product for user authentication. According to the method, identity information can be received from a user, and a plurality of questions can be presented to the user, the plurality of questions comprising one or more valid questions generated based on a password related to the identity information and one or more invalid questions. Then, an input can be received from the user, and in response to the input corresponding to the one or more valid questions, the user can be authenticated based on the input.

Abstract: A cybersecurity system and method utilizing SOUND reputation, where a set of reputations are associated with each actor on a network. The actors on a network may be users, hosts, applications, and the like. The associated reputations are aggregated and updated as new information about an actor's activity is reported according to a defined and modifiable protocol, or policy. The actor's activity may be reported by one or more threat sensors. The effect of a particular misbehavior can be tuned to match the needs of the specific network. When a bad actor's reputation sinks too low, the system can take whatever action is appropriate: reports can be sent, an operator can be notified, the offender can be cut off from the network, or the like.

Abstract: A method, performed by a user device, for proving retrievability (POR) of information includes: a1) exchanging credentials with a storing device and an auditing device to be used for communication between them; b1) encoding the information to be stored on the storing device; c1) initiating storing the encoded information on the storing device; d1) receiving correctness information, wherein the correctness information is secure and is generated based on the result of verification using unpredictable random information; and e1) validating the correctness information and unpredictable random information for proving retrievability of the stored information.

Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. A redirecting module redirects the self-signed certificate chain to an authentication server. The authentication server is also provided a user name, password and verifying computer address, which is stored in a password database by the authentication server, in association with the self-signed certificate. Subsequent communications intended for the verifying computer with the self-signed certificate are redirected to the authentication server, which looks up the associated user name and password and transmits the associated user name and password to the verifying computer.

Abstract: Secure vehicular services communication is described herein. An example apparatus can include a processor and an external communication component. The external communication component can be coupled to the processor and can be configured to, in response to determining a vehicular entity is within a particular proximity to the external communication component, generate an external private key and an external public key, provide the external public key and data to a vehicular communication component associated with the vehicular entity, receive data from the vehicular communication component in response to providing the external public key and data to the vehicular communication component, decrypt the received data using the external private key, and provide a service to the vehicular entity based on the decrypted received data.

Abstract: Systems and techniques are provided for detecting rogue base stations and preventing malicious actors from intercepting and stealing data traffic from mobile devices through rogue base stations. Upon connecting to a newly detected base station for a cellular network service, a mobile device attempts to validate the cellular base station with a validation server before any data is transmitted over the new connection. If the mobile device does not receive a confirmation of validity from the validation server, the mobile device would identify the cellular base station as a rogue base station, disconnect from the rogue base station, and search for a valid base station for connection to the cellular network.

Abstract: This specification describes techniques for performing cross-blockchain interactions. One example method includes generating, by a blockchain node in a first blockchain, a subscription request to a cross-chain interaction end between the first blockchain and a second blockchain. The blockchain node can then obtain a message from the second blockchain based on the subscription request, and subsequently perform an operation related to the obtained message. In some instances, the message obtained by the blockchain node is a message that is published in the second blockchain and satisfies subscription conditions of the blockchain node.

Abstract: The present application generally relates to systems, devices, and methods to conduct the secure exchange of encrypted data using a three-element-core mechanism consisting of the key masters, the registries and the cloud lockboxes with application programming interfaces providing interaction with a wide variety of user-facing software applications. Together the mechanism provides full lifecycle encryption enabling cross-platform sharing of encrypted data within and between organizations, individuals, applications and devices. Further the mechanism generates chains of encrypted blocks to provide a distributed indelible ledger and support external validation. Triangulation among users, applications and the mechanism deliver both enterprise and business ecosystem cyber security features. Crowdsourcing of anomaly detection extends to users and to subjects of the data. Robust identity masking offers the benefits of anonymization while retaining accountability and enabling two-way communications.

Abstract: This specification describes techniques for performing cross-blockchain interactions. One example method includes generating, by a blockchain node in a first blockchain, a subscription request to a cross-chain interaction end between the first blockchain and a second blockchain. The blockchain node can then obtain a message from the second blockchain based on the subscription request, and subsequently perform an operation related to the obtained message. In some instances, the message obtained by the blockchain node is a message that is published in the second blockchain and satisfies subscription conditions of the blockchain node.

Abstract: The disclosed computer-implemented method for preventing sensitive information exposure based on a surrounding audience may include (1) detecting, from one or more communication devices, surrounding audience data associated with an audience presentation on a presentation device, the audience presentation including sensitive information and non-sensitive information, (2) determining an audience profile based on the surrounding audience data, the audience profile identifying one or more unintended audience members in the surrounding audience, (3) assigning an information exposure policy to the audience presentation based on the audience profile, and (4) performing a security action to enforce the information exposure policy on the presentation device such that the sensitive information is prevented from being exposed to the surrounding audience during the audience presentation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The purpose of the present invention is to provide a portable terminal and an application software start-up system whereby the application software that is started up is limited depending on the state of a user, thereby providing an improved ease of use. For this purpose, an application software start-up method for an information processing device comprises: performing identity authentication based on static biological information; determining the state of the user by comparing dynamic biological information acquired from the body of the user with previously measured dynamic biological information; and limiting the application software that is started up in accordance with the determined state of the user and on the basis of a permission level that is set in advance for each application software item.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for controlling restrictions on digital asset. One of the methods includes: detecting a triggering event for derestricting a quantity of a digital asset associated with a tangible asset, wherein the tangible asset corresponds to a blockchain contract deployed on a blockchain; generating a blockchain transaction for transferring the quantity of the digital asset from a restricted blockchain account associated with the blockchain to an unrestricted blockchain account associated with the blockchain, wherein the blockchain transaction invokes the blockchain contract corresponding to the tangible asset; and sending the blockchain transaction to a blockchain node for adding to the blockchain.

Abstract: Systems and methods according to one or more embodiments are provided for an aircraft flight crew secure communication path to multiple aircraft data domains. In one example, a system includes one or more data interface devices configured to communicate data. A power module is configured to provide power to the one or more data interface devices, and a switch coupled between the power module and each of the one or more data interface devices is configured to selectively provide power from the power module to at least one of the one or more data interface devices. A data transceiver is configured to couple to an external communication device, and a controller coupled between the one or more data interface devices and the data transceiver is configured to provide a data communication path between the selectively powered data interface device and the data transceiver for the external communication device.

Abstract: Techniques for providing secured, automatic log-in and authentication of a user to a website via a browser executing at the user's personal electronic device (PED) include generating a token based on an identifier of the PED and a user identifier, and storing the token at the user's PED for use in validating and authenticating the user and device credentials against those stored at back-end system and/or in another memory location at the device. Based on the persisted token (and optionally on a user preference), the user may be automatically logged in as the user navigates across restricted and unrestricted portions of the website, and/or to other websites (e.g., without the user's knowledge). At least these features enable automatic log-in and authentication to be performed on an as-needed basis, and/or on a per-device basis, thereby providing significantly more secure access as compared to known techniques.

Abstract: Systems and/or methods provide a user of a first computing device with the ability to authenticate themselves on a remotely provided process or service using a second computing device on which the user is already authenticated. For example, the techniques of this disclosure provide a user with the ability to securely log into a remotely provided service or application (such as e-mail, cloud computing service, etc.) on a first computing device (e.g., a desktop computer, laptop, tablet, etc.) using a second computing device (e.g., mobile phone) on which the user is already logged into the service or application, without requiring manual entry of authentication information on the first computing device.

Abstract: A security controller (SC) restoration method is provided. The method includes: designating, by a master node, a node to which a backup SC belongs, where the master node includes an original DM or a backup DM; sending, by the master node to a first node, a message indicating the backup SC, where the message indicating the backup SC includes an identifier of the node to which the backup SC belongs; in a case in which a node to which an original SC belongs is disconnected, sending, by the master node to the first node, a message for enabling an SC function, for performing authentication, according to the message for enabling an SC function.

Abstract: A vehicle communication system includes an onboard apparatus, a mobile device, and a key issuing apparatus provided outside the vehicle for issuing a key for cryptographic communication between the mobile device and the onboard apparatus. The mobile device and the onboard apparatus store the key, and perform the cryptographic communication using the key. The key issuing apparatus issues, to the onboard apparatus, the key and validity information indicating validity of the key. The onboard apparatus includes a determination section determining whether a validity ends, and an update request section transmitting a key update request to request the issuance of a new key. When the key update request has been received, the key issuing apparatus issues a new key to the mobile device, and issues a new key and validity information on the new key to the onboard apparatus.

Abstract: The present invention provides a TrustZone-based security isolation system for shared library, the system at least comprising: a sandbox creator, a library controller, and an interceptor, the sandbox creator, in a normal world, dynamically creating a sandbox isolated from a Rich OS, the interceptor, intercepting corresponding system-calling information and/or Android framework APIs by means of inter-process stack inspection, the library controller, performing analysis based on the intercepted system-calling information and/or Android framework APIs, redirecting a library function to the sandbox, and switching calling states of the library function in the sandbox as well as setting up a library authority. The present invention has good versatility, low cost and high security. It realizes isolation of the library without increasing the trusted bases in the Secure World of the TrustZone, effectively reducing the risk of being attacked.