Abstract: Disclosed herein are apparatuses and methods for tracking chain of custody of a security camera using blockchain. An implementation may comprise receiving and granting a request for custody of a security camera by a first operator. The implementation further includes generating a block of a blockchain comprising identifiers of the first operator, security camera, and timestamp. The implementation includes distributing the blockchain to a plurality of nodes in a blockchain network. For each indication received of activity associated with usage and custody of the security camera to be recorded on the blockchain, the implementation includes generating a new block on the blockchain recording the activity. The implementation further includes receiving and verifying an authenticity a video clip from the security camera based on each activity recorded in the blockchain. In response to determining that the video clip is not authentic, the implementation includes generating an alert indicating inauthenticity.

Abstract: In some examples, with respect to asymmetric-man-in-the-middle capture based application sharing protocol traffic recordation, a dynamic-link library that alters application programming interface calls with respect to communication between an application sharing protocol client and an application sharing protocol server may be injected into the application sharing protocol client. Based on the injected dynamic-link library, data from the communication between the application sharing protocol client and the application sharing protocol server may be ascertained. Further, based on the ascertained data, a test script may be generated to test operation of an application associated with the communication between the application sharing protocol client and the application sharing protocol server.

Abstract: A method is disclosed. The method comprises transmitting, by an access device to a communication device, a resource provider certificate and an access device certificate. Then, establishing a secure channel between the access device and the communication device using data from the resource provider certificate and the access device certificate. Then, transmitting to or receiving data from the communication device using the secure channel.

Abstract: Internet of Things (IoT) device application workload capture is disclosed. A target IoT device is selected. A flow associated with the target device is determined and tagged. Packets from the tagged flow are admitted into a ring buffer. An indication is received that an extraction should be performed on a portion of the packets included in the ring buffer.

Abstract: Disclosed is an input/output circuit for a physical unclonable function generator circuit. In one embodiment, a physical unclonable function (PUF) generator includes: a PUF cell array comprising a plurality of bit cells configured in a plurality of columns and at least one row, and at least one input/output (I/O) circuit each coupled to at least two neighboring columns of the PUF cell array, wherein the at least one I/O circuit each comprises a sense amplifier (SA) with no cross-coupled pair of transistors, wherein the SA comprises two cross-coupled inverters with no access transistor and a SA enable transistor, and wherein the at least one I/O circuit each is configured to access and determine logical states of at least two bit cells in the at least two neighboring columns; and based on the determined logical states of the plurality of bit cells, to generate a PUF signature.

Abstract: The subject technology determines a derived encryption key using a cryptographic hash function applied to a hybrid tenant master encryption key and a local random generated identifier. The subject technology encrypts a record value and a key value associated with a transaction using the derived encryption key. The subject technology determines a non-leaf node using a tenant prefix of a tenant. The subject technology inserts the encrypted record value at a leaf node below a non-leaf node of a tree structure associated with the tenant. The subject technology receives a second transaction for performing a read operation on a distributed database. The subject technology retrieves a set of encryption keys based at least in part on an account and the tenant. The subject technology decrypts, using the set of encryption keys, data from the distributed database. The subject technology provides the decrypted data as a result of the second transaction.

Abstract: A method may include transferring data from a host to an encryption offload engine through an interconnect fabric, encrypting the data from the host at the encryption offload engine, and transferring the encrypted data from the encryption offload engine to a storage device through a peer-to-peer connection in the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the encryption offload engine through a peer-to-peer connection in the interconnect fabric, decrypting the encrypted data from the storage device at the encryption offload engine, and transferring the decrypted data to the host through the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the host, and verifying the encryption of the encrypted data at the host.

Abstract: Techniques for authorizing a transaction or interaction of a user that is modified by authentication information for the same user are described herein. In embodiments, an authorization request message for a transaction and a session identifier may be received from a transport computer or a resource provider computer. A portion of pre-analyzed data about the user and the one or more interactions may be obtained, from a database, based on the session identifier. A risk analysis for the transaction using the portion of the pre-analyzed data may be performed to generate a value. The authorization request message may be modified to include the portion of the pre-analyzed data and the value. The modified authorization request message may be transmitted to an authorizing computer.

Abstract: A process for granting or denying a user access to a system using biometrics is disclosed. The process includes receiving a unique identifier for the system, receiving a unique identifier associated with the user, and verifying that the user is authorized to access the system. A passcode is transmitted to the device in the possession of the user, and a speech sample of the user speaking the passcode is returned. One or more attributes of the speech sample is compared with one or more attributes that are expected to be in a speech sample. Access is granted or denied based upon a correlation between the file's actual attributes and the predicted attributes.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: An authentication device is provided with: a plurality of attribute-dependent score calculation units each calculating an attribute-dependent score dependent on a prescribed attribute for input data; an attribute-independent score calculation unit for calculating an attribute-independent score independent of the attribute for the input data; an attribute estimation unit for performing attribute estimation for the input data; and a score integration unit for determining a score weight of each of a plurality of attribute-dependent scores and of the attribute-independent score using the result of the attribute estimation and calculating an output score using the attribute-dependent scores, the attribute-independent score, and the determined score weights.

Abstract: Digital certificates are generated for devices by a Certificate Authority (CA), which communicates with devices via another entity—registration authority (RA)—so that the CA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by CA to encrypt the certificate to hide it from the RA. Both keys are derived by CA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the CA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.

Abstract: Provided are an information processing apparatus, an information processing method, and an electronic device capable of appropriately perform update of a license provided by an information processing apparatus and used in an electronic device. The electronic device includes a key generation unit that generates a device unique key that is a key unique to every device, and a license management unit that updates a license in a case where an extension code generated by a predetermined method on the basis of the device unique key, first data different for every installation of the license provided by an information processing apparatus, and second data different depending on the number of times of update of the license coincides with an input extension code.

Abstract: An adaptor includes non-volatile memory that stores a scan engine. A removable storage device is connected to the adaptor, which in turn is connected to a host computer. Files being copied between the removable storage device and the host computer through the adaptor are scanned for malware using the scan engine.

Abstract: An aspect of the present invention is provided with a sensitive data protection code generating unit which generates a sensitive data protection code of a predetermined data length, a symmetric encryption key generating unit which generates a symmetric encryption key by using a key derivation function that takes, as input, the sensitive data protection code, a sensitive data encrypting unit which encrypts sensitive data by using the symmetric encryption key, a sensitive data protection code encrypting unit which encrypts the sensitive data protection code by using a public key provided from an sensitive data access support terminal, and a deleting unit which deletes the symmetric encryption key and the sensitive data after the encryption of the sensitive data, and deletes the sensitive data protection code after the encryption of the sensitive data protection code.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: A fingerprint recognition method includes, when a fingerprint authentication module is in a disabled state, receiving a touch operation used to trigger an application program. If fingerprint authentication is not required for execution of the application program, the fingerprint recognition module is kept in a disabled state, and after the application program has been executed for specific duration, the fingerprint authentication module is enabled again, to perform the fingerprint authentication.

Abstract: On-demand activation of a security policy may be provided. Upon receiving a selection of a link, a profile identified by a security policy associated with the link may be activated and the link may be opened according to the security policy. In some embodiments, opening the link according to the security policy may comprise redirecting the opening of the link from a first application to a second application.

Abstract: Provided is an authentication device capable of generating a master key suited to a UE in a 5GS. The authentication device (10) includes a communication unit (11) configured to, in registration processing of user equipment (UE), acquire UE key derivation function (KDF) capabilities indicating a pseudo random function supported by the UE, a selection unit (12) configured to select a pseudo random function used for generation of a master key related to the UE by use of the UE KDF capabilities, and a key generation unit (13) configured to generate a master key related to the UE by use of the selected pseudo random function.