Abstract: A network may authenticate a user equipment (UE) to access an edge data network. The network generates a first credential based on a second credential, the second credential generated for a procedure between the UE and a cellular network corresponding to the network component, receives an identifier associated with the first credential from a further network component in response to the UE transmitting an application registration request to a server associated with an edge data network and retrieves the first credential based on the identifier. The network also receives a multi-access edge computing (MEC) authorization parameter, verifies the MEC authorization parameter and transmits an authentication verification response to a second network component.

Abstract: According to an aspect of the present disclosure, a method performed by a verification platform for authorising a user incapable of providing digital consent comprises: receiving sensitive user information and a unique supervisor identifier; encrypting the sensitive user information using an encryption scheme with an associated encryption key to generate encrypted user information; sending an authorisation request message to a supervisor device associated with the unique supervisor identifier, wherein the authorisation request message comprises the encryption key and a request for authorisation in response; discarding the sensitive user information and the encryption key, such that the verification platform cannot access the sensitive user information; and, if the verification platform receives an authorisation response message from the supervisor device comprising a received encryption key, decrypting the encrypted user information using the received encryption key, such that the verification platform can su

Abstract: According to one embodiment, a key management device includes a storage and a server. The storage includes a first nonvolatile memory, and a first controller configured to encrypt, using a first media encryption key, data from a host, and store the encrypted data in the first nonvolatile memory. The server includes a second nonvolatile memory storing a first key, and a second controller configured to transmit the first key from the second nonvolatile memory to the storage without passing through the host. The first controller is configured to generate the first media encryption key using the first key.

Abstract: A digital letter of approval (DLOA) is used by a subscription manager (SM) server to determine whether a device is compliant with requirements for an application to be provisioned. If the device is compliant, the application is provisioned to the device or to an embedded universal integrated circuit card (eUICC) included in the device. To increase the security of the device DLOA, the device DLOA is linked to the eUICC, in some embodiments. The linkage may be based on one or more platform label fields in the device DLOA. A database is consulted, in some embodiments, to confirm a relationship between the device and the eUICC identified in the device DLOA. In some embodiments, the eUICC signs the device DLOA and the device DLOA with eUICC signature is sent to the SM server. In some embodiments, the device provides a device signature on the DLOA independent of the eUICC.

Abstract: Systems and methods are described for selectively providing data to service providers. Wireless signal characteristics may be transmitted over a wireless network by network equipment in a household, and a map of the household may be generated based on the determined wireless signal characteristics. An API request may be received from a service provider, and an authorization level of the service provider may be determined. Based on the authorization level of the service provider, at least one portion of the map and at least one of the wireless signal characteristics to transmit to the service provider may be identified, and the identified at least one portion of the map and at least one of the wireless signal characteristics may be transmitted to the service provider via the API.

Abstract: Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.

Abstract: The present invention provides an RF communication device equipping with a biometric sensor and preventing physical antenna hacking, the RF communication device comprising: a power supply unit; an RF communication unit including a processor connected to the power supply unit, a biometric sensor connected to the processor, a memory connected to the processor and storing biometric information, an RF driving switch connected to the processor, an RF communication module connected to the RF driving switch, and a first RF antenna; and a physical hacking determination unit connected to the RF driving switch to periodically exchange data for verification, wherein the physical hacking determination unit deletes the biometric information and/or a unique ID when communication of the verification data is disconnected or an abnormal signal is received.

Abstract: A method, apparatus and computer program product for scheduling placement of containers in association with a set of hosts. The technique utilizes metrics that characterize container-specific risks. A first metric is a host interface risk for a container that quantifies how similar or dissimilar the container is relative to other containers running on a host. Preferably, host interface risk is derived with respect to a system call interface comprising a set of system calls, and the metric is based at least in part on a measure of dissimilarity among system calls. A second metric is a data sensitivity score that quantifies a degree to which sensitive data accesses are associated to the container. Based at least in part on the host interface risk scores and the data sensitivity scores, one or more containers are automatically scheduled for placement on the set of hosts to minimize security risk for the set of hosts.

Abstract: By way of example, there is disclosed a method of a device communicating messages in a vehicle, such as an autonomous vehicle (AV), including: participating in mutual authentication with a key server located on the vehicle; receiving from the key server a cryptographic key; using the cryptographic key for symmetric cryptography, comprising signing messages sent to or verifying messages received from another device of the vehicle; and clearing the cryptographic key at reboot.

Abstract: A method for applying control to a vehicle. The method includes: receiving, by way of a second control unit of a second vehicle to which control is to be applied, a signal encompassing a message encrypted using a valid symmetrical key of a first control unit of a first vehicle; ascertaining, by way of the second control unit, a decryptability of the encrypted message using a valid symmetrical key of the second control unit or a symmetrical reserve key of the second control unit ascertained by way of the second control unit; ecrypting the encrypted message, depending on the ascertained decryptability, by way of the second control unit using the valid symmetrical key of the second control unit or the symmetrical reserve key of the second control unit; and applying control, based on the decrypted message, to the second vehicle to which control is to be applied.

Abstract: Embodiments disclosed herein allow multiple providers to answer for DNS while having DNSSEC enabled for the same zone. To do so, the system shares DNSKEY records between autonomous DNS vendors. Sharing DNSKEY records allows customers to use multiple DNS providers with DNSSEC enabled without sharing private keys amongst providers.

Abstract: A key exchange system in which a shared key is generated for executing encrypted communication between communication apparatuses according to an authenticated key exchange protocol using ID-based encryption, wherein each communication apparatus includes a memory and a processor configured to generate a short-term private key by using a private key of the communication apparatus; generate a short-term public key of the communication apparatus by using the short-term private key; generate private information on the communication apparatus by using the short-term private key, a short-term public key generated by another communication apparatus, and public information generated by the communication apparatus and said another communication apparatus or public information generated by a key delivering center; and generate the shared key for executing encrypted communication with said another communication apparatus by executing a pairing operation using the private key of the communication apparatus and the private

Abstract: A method for authenticating a software based on a blockchain implemented in an electronic device. The method includes obtaining a first identification code and a first hash value of a first software; generating a first authentication code; writing the first identification code, the first hash value, and the first authentication code into a blockchain; obtaining a second identification code of a second software to be identified and calculating a second hash value of the second software; determining whether the second hash value of the second software is the same as the first hash value; if the second hash value is the same as the first hash value, generating a second authentication code; determine whether the second authentication code is the same as the first authentication code; and if so determining that the second software is copyrighted.

Abstract: Provided is an information processing method of one authentication server in a management system including one or more vehicles and one or more authentication servers. The method includes receiving, from one vehicle of the one or more vehicles, first transaction data which includes a first identifier that uniquely identifies each of one or more electronic control units that have been replaced out of a plurality of electronic control units connected to a network in the one vehicle, and indicates that the one or more electronic control units have been replaced among the plurality of electronic control units. The method further includes verifying validity of the first transaction data, and transmitting a duplicate of the first transaction data to one or more of other authentication servers when the validity of the first transaction data is verified in the verifying.

Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

Abstract: A traceability information management server includes: a transaction reception part that receives transaction data from a user client, the transaction data containing information on a completed process in distribution of a product and a concerned party in the completed process; an access right information generation part that generates access right information, the access right information being information on a relation between the completed process, the concerned party in the completed process, and a predetermined access right of the concerned party; an access right determination part that identifies, based on the access right information, information on a process in the distribution to which a sender of the received information provision request from the user client has an access right; and an information transmission part that transmits the identified information on the process to the user client that has sent the information provision request.

Abstract: Embodiments described herein enable a user to bypass the use of one-time keys or account recovery codes by providing techniques for accessory assisted account recovery. In various embodiments, accessory assisted account recovery makes use of an accessory device of a user, where the accessory device can be any device having a secure processor, cryptographic engine, public key accelerator, or is otherwise able to accelerate cryptographic operations or perform cryptographic operations in a secure execution environment. An account recovery key can be split into multiple portions. At least one portion of the recovery key is then encrypted. The accessory device is then configured to be uniquely capable of decrypting the encrypted portion of an account recovery key.

Abstract: A system and method for media content management include determining, via a digital vault, that a first stakeholder is authorized to sell a salable content item by holding rights in the salable content item; determining, via the digital vault, whether consent for a nonfungible token (NFT) transaction of any of the stakeholders other than the first stakeholder is required; and the digital vault preventing the sale of the salable content item until consent for the sale is received from the stakeholders from whom consent is required.

Abstract: A non-transitory computer-readable storage medium storing computer-readable program code executable by a processor to receive a transaction request from a user interface, and receive a user-identifier from the user interface, and the user-identifier associated with a user. The program code may be executable to send a first non-audible sound signal to initiate a multifactor authentication process during a first interval, and send a second non-audible sound signal during a second interval, where the second non-audible sound signal comprises a predetermined frequency pattern, associated with the user. The program code may also be executable to receive a third non-audible sound signal, where the third non-audible sound signal, at least in part, is utilized to determine whether to complete the transaction request or not. The first non-audible sound signal, the second non-audible sound signal, and the third non-audible sound signal may comprise a frequency greater than 15 kHz.

Abstract: A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.