Abstract: A system may be configured to identify VPN traffic. Some embodiments may: obtain a plurality of default port numbers and/or protocol types; obtain information continually updated to indicate at least one of a predetermined host or DNS; and detect VPN traffic based on a used port number and/or used protocol type, the VPN traffic being generated based on user-interaction at a client device. The detection may be performed by comparing the port number or protocol type against the obtained port numbers or protocol types, the VPN traffic being detected from among a larger set of network traffic. Some embodiments may further: determine that the detected port number or protocol type indicates a higher level of security; filter the larger set of traffic by identifying the detected VPN traffic routed to the predetermined host or DNS; and block or otherwise disrupt the VPN traffic.

Abstract: A system includes a plurality of electronic control units (ECUs) and a shared high security module (sHSM) separate from and connected to the plurality of ECUs over one or more private networks. At least one of the ECUs, over at least one of the plurality of private networks, authenticates a session with the sHSM and requests servicing during the authenticated session. The servicing includes encryption, decryption, or authentication, of a message designated to be handled by the at least one ECU and included in the request for servicing. The sHSM receives the message, performs the requested servicing of the message using capabilities onboard the sHSM, and publishes a serviced version of the message to a designated controller area network bus.

Abstract: Setting or verification of a monitoring rule in response to a monitoring target environment is supported. An information processing system includes a situation information receiving unit that receives an input of situation information indicating a situation in a monitoring target environment. The information processing system further includes a normal situation storage unit. The normal situation storage unit stores environment information indicating the monitoring target environment in association with a set of situation information indicating a situation that is not abnormal in the monitoring target environment. The information processing system further includes a retrieval unit. The retrieval unit refers to the normal situation storage unit upon receiving the input of the situation information indicating the information in the monitoring target environment.

Abstract: An electronic device is provided that has an input device including an input sensor configured to detect synaptic signals from a user. An electronic device sensor is also provided that detects environmental signals or user signals. The electronic device also includes a memory to store executable instructions, and one or more processors. When implementing the executable instructions, the one or more processors determine an environmental characteristic based on the environmental signals or a user characteristic based on the user signals, and determine when to grant access to the electronic device based on the synaptic signals based on the environmental characteristic or the user characteristic.

Abstract: A server including a processor and a non-transitory computer readable medium is provided. The medium includes computer-executable instructions cause the processor to perform operations including obtaining a filter data structure comprising a plurality of hash values, each hash value corresponding to a computer device of a plurality of computer devices in an update campaign, determining that a requesting computerized device is in the update campaign, in response to determining, sending a request to confirm that the computerized device is a member of the campaign, in response to confirming that the computerized device is a member of the campaign, providing the device update to the computerized device, and in response to determining that the computerized device does not belong to the campaign, providing an indication that there is no device update for the computerized device.

Abstract: A system and method for protecting Sensitive Personal Information (SPI) from Multi-Party Access (MPA), including receiving a request for access to a data record, the request comprising an encrypted device identifier identifying the client device, encrypting the data record using a random symmetric key to generate an encrypted data record, encrypting the data record using a second symmetric key to generate a second encrypted data record, the second symmetric key being different from the random symmetric key, encrypting the random symmetric key to generate an encrypted symmetric key by using a public key associated with the client device or a key encryption key associated with the one or more processors, and transmitting a message comprising the encrypted symmetric key and the encrypted device identifier. The message causing the client device to access the data record using a database, the encrypted device identifier, and the encrypted symmetric key.

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

Abstract: Disclosed is a method and a device for processing a file. According to an embodiment, the method comprises selecting a portion of the file to be encrypted; encrypting the selected portion of the file as encrypted data; and amending the file by replacing the selected portion with predefined data and appending the encrypted data at an end of the file.

Abstract: Disclosed embodiments relate to systems and methods for securely and privately auditing web sessions. Techniques include receiving encrypted browser session data; storing the encrypted browser session data at a server; receiving an audit request associated with the stored encrypted browser session data; retrieving the stored encrypted browser session data based on the audit request; and transmitting the encrypted browser session data to an auditor endpoint device to enable access to the browser session data by the auditor endpoint device.

Abstract: Various systems, methods and devices are presented for performing media encryption. A media stream comprising audio packets and video packets can be received. A chunk of the media stream can be sorted to create a first group of a plurality of audio packets with an I-frame header and a second group of a plurality of P-frames and an I-frame payload. The first group can be encrypted while the second group is not encrypted. A fully-protected output media stream that includes the encrypted first group and the second group can then be streamed to a remote device via a network for output.

Abstract: Digital certificates are generated for devices by a Certificate Authority (CA), which communicates with devices via another entity—registration authority (RA)—so that the CA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by CA to encrypt the certificate to hide it from the RA. Both keys are derived by CA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the CA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Abstract: A method of encrypting data, in particular encrypting data in dependence on a user verification confidence level. An encryption algorithm is provided, data is input into the encryption algorithm, along with a public key and an access structure comprising the user verification confidence level. The encryption algorithm is run to output a cypher text of encrypted data, whereby the access structure is embedded into the cypher text such that only an entity satisfying the access structure can decrypt the cypher text.

Abstract: Provided are an electronic device and method for detecting a malicious server. The method includes acquiring first feature information of a server Internet protocol (IP) of a malicious website, acquiring second feature information of a server IP of a comparative website, comparing the first feature information with the second feature information, and determining that the malicious website has been changed to the comparative website on the basis of the comparison result.

Abstract: A security gate system includes an admission card and a security gate apparatus. The admission card has condition data that is data for specifying a condition to be satisfied when or before or after encrypted authentication data are transferred from the admission card to the security gate apparatus. When a user attempts to enter a building, authentication data including condition data are generated in the admission card 100 (S802), and encrypted into encrypted authentication data (S803). The encrypted authentication data are transmitted from the admission card to the security gate apparatus (S804, S904), and decrypted to be returned to the authentication data (S905). The security gate apparatus performs authentication determination which is a determination as to whether a condition specified by the condition data included in the authentication data is satisfied (S906), and opens a gate plate when a determination result is positive (S907).

Abstract: A method includes storing a test database of tests and corresponding test rules, storing a user information database, storing a profile database, and storing a threshold database including thresholds corresponding to test scores and similarity scores. The method includes, in response to receiving interaction parameters of an interaction performed by a user, identifying a set of tests based on the interaction parameters. The method includes, for each of the set of tests: calculating a score using user data of the user, corresponding test rules, and the interaction parameters; adjusting the score based on the user's profile; obtaining a threshold corresponding to the identified test; and, in response to the score exceeding the threshold, categorizing the interaction within a first category. The method also includes generating and transmitting an alert in response to the interaction being categorized within the first category.

Abstract: An authentication system for authenticating an identification of a subject is provided. The authentication system includes a photoplethysmogram (PPG) sensor, a storage device, and a processor. The PPG sensor is configured to sense pulses of a blood vessel of the subject to generate a sensed PPG signal of the subject. The storage device stores an authentication model. The processor is configured to load the authentication model from the storage device and input the sensed PPG signal and a reference PPG signal into the authentication model to generate a result value which indicates whether the identification of the subject passes an authentication test.

Abstract: A method and system for performing a secure key relay of an encryption key, Kenc, provided by an initial node, KN0, and used by an encoding unit (ENC) of a first data transceiver for encoding plain data, Pdata, to provide encrypted cipher data, Cdata, transported via a data transport link, DTL, to a decoding unit (DEC) of a second data transceiver which decodes the transported cipher data, Cdata, using the relayed encryption key, Kenc, provided by a terminal node, KNN, as a decoding key to retrieve the plain data, Pdata, wherein the relay of the encryption key, Kenc, from the initial node, KN0, to the terminal node, KNN, is performed by means of intermediate relay nodes, KN1, KN2 . . . KNN?1, and comprises the steps of sharing (S1) QKD-keys, K, between the nodes via secure quantum channels, QCH, of a quantum key distribution network, QKDN; performing (S2) encryption of shared QKD-KEYS, K, at the initial node, KN0, and at each intermediate relay node, KN1, KN2 . . .

Abstract: A digital watermark system that realizes digital watermark for a cryptographic function, including a memory and a processor configured to take as input a security parameter and generate a watermark embedding key for embedding information representative of a watermark in a circuit that realizes the cryptographic function, and a watermark extraction key for extracting information representative of the watermark from a circuit in which a watermark is embedded; take as input a master private key used for the cryptographic function, the watermark embedding key, and information representative of a watermark, and generate a circuit in which the watermark is embedded and that realizes the cryptographic function; and take as input the watermark extraction key and the circuit in which the watermark has been embedded, and extract information representative of a watermark from the circuit.

Abstract: A system, apparatus, and method for policy management is provided. The system, apparatus, and method provide a universal policy management solution to unify multiple bespoke systems to enable management of access and other policies in distributed and/or heterogeneous environments. The system, apparatus, and method uses or may be referred to as Identity Query Language or “IDQL.” Policies and user access are defined centrally, and these policies are distributed out to the various bespoke systems. This distribution is aided by a policy gateway, or orchestrator, which acts as a policy mapper and/or API wrapper which accepts IDQL policy configurations, maps them to an imperative identity system, and carries out the IDQL command in the identity systems' native API calls.

Abstract: A remote attestation method includes a first unit of a composite device obtains first measurement information of a second unit of the composite device. The first unit performs, based on the first measurement information, trustworthiness attestation on the second unit to obtain a first attestation result, and the first unit sends the first attestation result to a remote attestation device. In this way, the first unit in the composite device has a remote attestation function, and may perform trustworthiness attestation on another unit in the composite device to which the first unit belongs.