Abstract: An error detector is configured to identify transmission errors and maintain a transmit error counter (TEC) value and corresponding network identifier for each of a plurality of electronic control units (ECUs) connected to a network bus. The error detector is configured to adjust the TEC values for the ECUs based on error frames and inform an intrusion detection system when an ECU changes error state. In this manner, the error detector is configured to help identify and attribute attacks by an impersonating node when a message is received containing the network identifier of a legitimate ECU that is in a Bus Off state.

Abstract: Systems and methods that may be implemented to use encryption to isolate SMI functions, libraries and data from each other, such as during operation of systems management mode (SMM). Isolation of SMI function, library and data (and limitation of SMI function/library privileges) may be achieved in SMI at runtime by decrypting only that code and data needed for performing the required action/s in response to a SMI received from a calling process by a host processor (e.g., CPU).

Abstract: A method, system and a platform for protecting against excessive utilization of at least one cloud service for operation of a cloud-hosted application. The method comprising receiving, at a defense platform deployed out-of-path of traffic between a plurality of end user devices and the cloud-hosted application, telemetries from a plurality of sources, wherein each source is configured to collect telemetries related to at least one of the at least one cloud service; detecting, based on the collected telemetries and a learned normal utilization behavior for the cloud-hosted application, excessive utilization of at least one of the at least one cloud service by the cloud-hosted application; and causing mitigation, at the defense platform, of the excessive utilization of each cloud service upon detection of the excessive utilization of the at least one cloud service by the cloud-hosted application.

Abstract: The present invention is for more optimally performing recording and reproduction of stereoscopic video. In the present invention, parallax information is utilized to store, in a recording medium, stereoscopic video including left-eye images and right-eye images. Particularly, for video content that contains stereoscopic images, information is obtained regarding the amount of variation in parallactic angle having a given or larger value, a variation time that the variation in parallactic angle takes, and the number of times that the variation in parallactic angle occurs. An evaluation value is calculated that corresponds to the degree of eye fatigue on the basis of the amount of variation, the variation time, and the number of times of the variation. According to the present invention, the video content is encoded in such a manner that the evaluation value is within a given range, and then recorded in the recording medium.

Abstract: A system and method for encrypting and publishing data using blockchain technology is provided. An exemplary method includes receiving, by one or more nodes of a distributed network that maintains a blockchain, a message requesting publication of private information within the blockchain subsequent to a specified time interval. Moreover, the method includes recording a sequence of transactions in the blockchain based on the time interval, wherein each transaction in the sequence of transactions includes a payload calculated using a first homomorphic operation; and extracting the private information from a final payload of a final transaction in the sequence of transactions from the blockchain.

Abstract: One embodiment of the present disclosure provides a method of generating an encrypted multimedia bitstream, the method comprising: obtaining processed multimedia data; selecting an object to be encrypted from among the processed multimedia data; encrypting the selected object to be encrypted; converting the processed multimedia data into encrypted multimedia data, based on a result of the encrypting; and generating encrypted multimedia bitstream by encoding the encrypted multimedia data.

Abstract: Control systems and methods to secure maintenance access to aircraft control system. The aircraft control system includes a control node operably coupled to an engine health monitoring node that includes a maintenance port. The aircraft control system also includes an enclosure preventing physical access to the maintenance port. The enclosure includes a key lock that, when activated, allows for physical access to the maintenance port. The engine health monitoring node can determine whether to allow a maintenance port data transfer access request to transfer data across the maintenance port based on the validity of received credentials, such as a password. The engine health monitoring node can also determine whether to allow or disallow encrypted or unencrypted data transfers based on whether a keep alive message is periodically received. The engine health monitoring node can also store data related to the maintenance port data transfer access request to memory.

Abstract: A system for performing a remote pre-authentication of a user-device for accessing network services of one or more wi-fi network services of one or more wi-fi network providers. A data capturing module captures wi-fi registration data and user registration data. A receiving module receives a trip code relating to a user's travel bookings. An identifying module identifies geographical locations corresponding to the set of travel bookings associated with the user. An auto-populating module auto-populates a set of wi-fi login forms corresponding to the geographical locations. A gathering module gathers real-time location data of the user. An over-riding module over-rides the wi-fi registration process when the user comes within the range of the wi-fi service provider.

Abstract: Systems, methods, and computer-readable storage media for improved data comparison, particularly when scanning large amounts of data for particular conditions or configurations. With respect to cyber-security, this improvement takes the form of receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, based on the commonalities, a hierarchy for scanning of the cyber threats; and scanning for the cyber threats according to the hierarchy.

Abstract: A method and system for protecting cloud-hosted applications against application-layer slow distributed denial-of-service (DDoS) attacks. The comprising collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing a set of rate-based and rate-invariant features based on the collected telemetries; evaluating each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and causing execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.

Abstract: Disclosed are various embodiments for replicating authentication data between computing devices. A computing device detects a change to a user account made by a first client device associated with the user account. The computing device then determines that a second client device associated with the user account comprises locally stored authentication data that fails to reflect the change. The computing device then sends an update to the second client device.

Abstract: Embodiments of the present invention provide a system for automated malfeasance detection. Dedicated communication channels are established between a computing device system of a first entity and a computing device system of a service provider, where the service provider manages, operates, or is otherwise associated with certain web pages. The presence of a malfeasance within one of these web pages of the service provider is detected, and a malfeasance report is generated in response to detecting the malfeasance. This malfeasance report includes an automatic malfeasance remediation action that, when transmitted to the computing device system of the service provider, causes the computing device system of the service provider to automatically execute one or more actions that are responsive to the malfeasance.

Abstract: The invention relates to an automation device (41, 81), a system and a method for updating a digital device certificate (55, 86, 96) of an automation device (41, 81) of an automation system, wherein the automation device (41, 81) is authenticated to an authentication partner by means of at least one device certificate (55, 86, 96). The device certificate (55, 86, 96) is connected to device-specific configuration data of the automation device (41, 81). Following a modification of the configuration of the automation device (41, 81), according to the invention an updated device certificate (55, 86, 96) having device-specific configuration data according to the modified configuration of the automation device (41, 81) is determined by the automation device (41, 81) and subsequently used for authentication.

Abstract: Provided is an apparatus for generating digital values to provide a random digital value. The apparatus may generate the digital value based on a semiconductor process variation. The apparatus may include a generating unit to generate a plurality of digital values, based on the semiconductor process variation, and a processing unit to process the digital values and to provide a first digital value. The generating unit may include a plurality of physically unclonable functions (PUFs). A parameter may be differently applied to the PUFs, and the PUFs may generate the digital values.

Abstract: Simplified and/or user friendly interfaces can be employed to facilitate administration of a routing platform that couples devices of a local area network (LAN) to an external communication network (e.g., the Internet). In one aspect, the routing platform comprises a firewall that can be employed to perform access control and/or an Internet of Things (IoT) hub that can be employed to control operations of IoT devices of the LAN, for example, based on domain information, user-defined tags and peer-defined criteria to make correlations that are leveraged to implement access control policies. A search and command interface is employable to issue textual (e.g., natural language) commands to configure access control policies, tags for devices and/or websites, and/or search for data.

Abstract: A data communication system exchanges user data between a first System-On-Chip (SOC) and a second SOC. The SOCs hash and transfer their read-only hardware-trust keys and receive hardware-trust digital certificates. The SOCs exchange and validate the hardware-trust digital certificates. The first SOC encrypts user data and transfers the encrypted user data responsive to the hardware-trust validations. The second SOC receives the encrypted user data, decrypts the encrypted user data, and processes the decrypted user data responsive to the hardware-trust validations. In some examples, the second SOC encrypts and transfers other user data responsive to the hardware-trust validations, and the first SOC receives, decrypts, and processes the other user data responsive to the hardware-trust validations. The first and/or the second SOC could be wireless communication devices.

Abstract: A vulnerability detection device includes a vulnerability portion extracting unit that extracts a first program code corresponding to an uncorrected vulnerability portion of software, a normalization processing unit that normalizes a parameter varying depending on compilation environment, among parameters included in the extracted first program code and in a second program code of software as a target to be tested for the vulnerability portion, a similarity calculating unit that calculates a similarity of an arbitrary portion of the second program code after normalization as a comparison target to the first program code, and a determining unit that refers to vulnerability related information for a portion of the second program code in which the calculated first similarity exceeds a predetermined threshold, and that determines whether the portion of the second program code is an unknown vulnerability portion.

Abstract: The present invention relates to an improved method of providing identification of a user or authentication of a user's identity. More particularly, the present invention relates to an improved method of providing identification of a user or authentication of a user's identity using conditional behavioural biometrics. The present invention seeks to provide an enhanced method of authenticating and/or identifying a user identity using conditional behavioural biometrics.

Abstract: Disclosed are a smart watch comprising a fingerprint sensor for user authentication, and a method for controlling the same. The present invention provides a smart watch and a method for controlling the same, the smart watch comprising: a case; a display unit which is positioned on the case and is configured to display the current time and a variety of information; a bezel which is provided on the case and is configured to surround the display unit; a fingerprint sensor which is provided on the bezel and is configured to simultaneously recognize a plurality of fingerprints which are different from each other; and a control device which is configured to control the operation on the basis of the fingerprints recognized by the fingerprint sensor.

Abstract: Customized data management may include an example method which provides identifying data being accessed by at least one user device, retrieving a user profile associated with the user device, identifying access rights associated with the user profile, modifying the data by obscuring at least a portion of the data based on the access rights of the user profile.