Abstract: A method of communication between two communicating entities, a first communicating entity generating a data message including useful data and an authentication header, the method including: generating a message identifier from a given parameter and a date and inserting the identifier into an authentication header; inserting a plurality of authentication data including at least one user identifier and one equipment identifier into the authentication header; determining and inserting a security profile into the authentication header defining the conditions: of encryption of the useful data of at least the transmission of the message by the first communicating entity; of generation of a data signature of the message and of the format of the generated signature, and inserting the useful data into the message to be transmitted.

Abstract: Certain embodiments described herein are generally directed to systems and methods for preventing access to files on a virtual machine. One example method involves receiving network information associated with a network connection opened at the virtual machine and determining a process that opened the network connection. The method further involves receiving information indicative of a file access event attempted at the virtual machine and determining the process that opened the network connection initiated the file access event. The method further involves transmitting information indicative of the file access event and the network connection to a security virtual machine and receiving an enforcement decision for the file access event from the security virtual machine based on the information indicative of the file access event and the network connection. The method further involves applying the enforcement decision to either allow or prevent the file access event by the process.

Abstract: Data verification in federate learning is faster and simpler. As artificial intelligence grows in usage, data verification is needed to prove custody and/or control. Electronic data representing an original version of training data may be hashed to generate one or more digital signatures. The digital signatures may then be incorporated into one or more blockchains for historical documentation. Any auditor may then quickly verify and/or reproduce the training data using the digital signatures. For example, a current version of the training data may be hashed and compared to the digital signatures generated from the current version of the training data. If the digital signatures match, then the training data has not changed since its creation. However, if the digital signatures do not match, then the training data has changed since its creation. The auditor may thus flag the training data for additional investigation and scrutiny.

Abstract: An example operation may include one or more of connecting, by a committer node, to a main blockchain comprised of a plurality of initiator nodes, receiving, by the committer node, a transaction from an initiator node of the plurality of the initiator nodes and placing blocks of the transaction on the main blockchain, executing, by the committer node, a request from the initiator node of the plurality of the initiator nodes to branch off a sub-blockchain from the main blockchain, processing, by the committer node, the transaction in the sub-blockchain, detecting, by the committer node, a completion or an ending of the transaction in the sub-blockchain, in response to the detection of the completion of the transaction, committing the transaction to the main blockchain, in response to the detection of the ending of the transaction, terminating the transaction in the sub-blockchain, and discarding, by the committer node, the sub-blockchain.

Abstract: A multi-device digital rights management server is provided. The server may include, but is not limited to, a processor communicatively coupled to a communications system and a memory, the processor configured to receive, from the communications system, a request to transfer digital content from a first user device to a second user device, update, upon receipt of the request, digital rights management data stored in the memory to enable both the first user device and the second user device to consume the digital content, receive, from the communications system, notice that one of the first user device and the second user device is consuming the digital content, update, upon receipt of the notice, the digital rights management data to disable the other of the first user device and the second user device from consuming the digital content.

Abstract: A security code input may be obfuscated from a thermal imaging device by randomly heating a random set of inputs of an input device. The security code is inputted on an input device, which communicates with a security system to grant or deny access to a user based on an entry of the security code. The input device includes a plurality of hearing elements. The input device may receive an input from the user. A random set of heating elements including one or more heating elements, are generated from the plurality of heating elements. A temperature is determined for the one or more heating elements of the random set of heating elements. The temperature is then applied to the one or more heating elements of the random set of heating elements of the input device.

Abstract: Techniques described herein relate to analyzing executions of content resources within networks of execution client devices, and selecting sets of interactive content resources for execution on particular execution devices based on such analyses. Content resource execution data may be received from various execution client devices on which content resources have been executed and provided to end users. Such data may be analyzed to determine correlations between a first content executor and additional content executors based on the their respective content resource execution data, and the content resource execution data of correlated content executors may be aggregated and analyzed to select particular interactive content resources for the first content executor. Such selections may be provided to first content executor during a content execution session following an authenticated login by the first content executor.

Abstract: The disclosure provides a method and an apparatus for acquiring an electronic file. The method for acquiring an electronic file comprises: sending a first request message for acquiring an electronic file to a platform server, wherein the first request message carries a first identifier of an information providing server providing the electronic file; receiving first prompt information returned from the platform server according to the first request message; determining first verification information for identity authentication according to the first prompt information, and sending the first verification information to the platform server; and receiving the electronic file forwarded by the platform server, wherein the electronic file is from the information providing server, and private information in the electronic file is encrypted through a first encryption key of the information providing server.

Abstract: A non-volatile memory is organized in pages and has a word writing granularity of one or more bytes and a block erasing granularity of one or more pages. Logical addresses are scrambling into physical addresses used to perform operations in the non-volatile memory. The scrambling includes scrambling logical data addresses based on a page structure of the non-volatile memory and scrambling logical code addresses based on a word structure of the non-volatile memory.

Abstract: A method includes segmenting, by a computing device of a dispersed storage network (DSN), a data object into data segments. The method further includes encrypting, by the computing device, the data segments using encryption keys to produce encrypted data segments. The method further includes dispersed storage error encoding, by the computing device, the encryption keys using a key dispersed storage error encoding function to produce a set of encoded key slices. The method further includes appending, by the computing device, at least a decode threshold number of encoded key slices of the set of encoded key slices to at least some of the encrypted data segments in accordance with an appending approach to produce secure packages. The method further includes dispersed storage error encoding, by the computing device, the secure packages to produce sets of encoded data slices.

Abstract: Behavioral baselines for a computer system may be accurately and efficiently established by (1) monitoring occurrences on the computer system, (2) determining, based on security rules or heuristics, which of the observed occurrences are associated with potential security risks, (3) identifying patterns of activity based on the suspicious occurrences, and (4) prompting a user to indicate whether the observed patterns of suspicious activity are expected or unexpected. Behavior baselines established in this manner can then be used to differentiate between expected and unexpected patterns of activity on the computer system.

Abstract: Communication bus enable devices to communicate and exchange information and control signals. There is a growing concern over the security of such types of buses. Since any device can transmit any message, and device on the bus which can be compromised poses a threat for the bus. Described is a system to authenticate the source of messages from various devices on a communication bus.

Abstract: Communication bus enables devices to communicate and exchange information and control signals. There is a growing concern over the security of such types of buses. Since any device can transmit any message, and device on the bus which can be compromised poses a threat for the bus. Described is a system to authenticate the source of messages from various devices on a communication bus.

Abstract: Systems and methods for device-agnostic, multi-factor network authentication are disclosed. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others.

Abstract: A controller and an accessory controllable by the controller can communicate using secure read and write procedures. The procedures can include encrypting identifiers of accessory characteristics targeted by a read or write operation as well as any data being read or written. The procedures can also include the accessory returning a cryptographically signed response verifying receipt and execution of the read or write instruction. In some instances, a write procedure can be implemented as a timed write in which a first instruction containing the write data is sent separately from a second instruction to execute the write operation; the accessory can disregard the write data if the second instruction is not received within a timeout period after receiving the first instruction.

Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for data transmission in a trusted execution environment (TEE) system. The method is executed by a first thread in multiple threads on a TEE side. The method includes obtaining first data; obtaining a TEE side thread lock; calling a predetermined function by using the first data as an input parameter to switch to a non-TEE side; obtaining a write offset address and a read offset address respectively by reading a first address and a second address; determining whether a quantity of bytes of the first data is less than or equal to a quantity of writable bytes; if so, writing the first data into third addresses starting from the write offset address; updating the write offset address in the first address; returning to the TEE side; and releasing the TEE side thread lock.

Abstract: A user terminal apparatus and a control method thereof are provided. The control method includes: receiving a user control input selecting a user mode; reconstituting a screen based on use authority information of a user mode selected according to the user control input; and displaying the reconstituted screen.

Abstract: A license managing method including an execution device that executes software and a software storage device coupled to the execution device further includes a license storage device that stores license information indicating the number of licenses for permitting a license of the software, and the license managing method includes the step of license-managing of controlling storage of the software to be downloaded into the software storage device or execution of the software by the execution device based on the license information stored in the license storage device when the software whose license permission is required is downloaded.

Abstract: A method to transfer a video stream from a host device comprising a controller configured for bulk transfers to a descrambling device, comprises: forming a chain out transfer comprising a chain out header linked with multiple chain out descriptors, the first chain out descriptor pointing to an out description packet containing at least one producer ID, the second and subsequent chain out descriptor pointing to chunks from the video stream, the last chain out descriptor being configured to generate an interrupt; forming a chain in transfer comprising a chain in header linked with a plurality of chain in descriptors, each chain in descriptor pointing to a descrambled chunk; requesting the controller to process the chain; receiving the description packet by the descrambling device and using key data associated with the chunks to descramble them; receiving by the controller the descrambled chunks and triggering an interrupt on the last chunk.

Abstract: A method for network security joint defense includes: obtaining security log information of security devices, wherein the security log information includes intrusion event information violating an own defense policy of the security device obtained by the security device in a network/system environment; converting log formats of the multiple obtained security log information into a preset log format, wherein the preset log format is a log format that is identifiable by the plurality of the security devices; classifying and summarizing the intrusion event information included in the converted security log information according to preset intrusion event types; obtaining a security device identification corresponding to each of preset intrusion event types; and pushing the intrusion event information corresponding to each preset intrusion event type to the security device corresponding to the security device identification, so that the security device adjusts the own defense policy thereof according to the pushed