Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: A cloud-based communication framework. A first secure channel may be established for communication between an IT device and a cloud-computing platform. A request for a device user interface may then be received over the first secure channel. The request may be initiated by a user device via the cloud-computing platform. The device user interface may be retrieved and forwarded over a second secure channel to the cloud-computing platform for communication to the user device.

Abstract: A variety of techniques for concealing the content of a communication between a client device, such as a cell phone or laptop, and a network or cloud of media nodes are disclosed. Among the techniques are routing data packets in the communication to different gateway nodes in the cloud, sending the packets over different physical media, such as an Ethernet cable or WiFi channel, and disguising the packets by giving them different source addressees. Also disclosed are a technique for muting certain participants in a conference call and a highly secure method of storing data files.

Abstract: Setting or verification of a monitoring rule in response to a monitoring target environment is supported. An information processing system includes a situation information receiving unit that receives an input of situation information indicating a situation in a monitoring target environment. The information processing system further includes a normal situation storage unit. The normal situation storage unit stores environment information indicating the monitoring target environment in association with a set of situation information indicating a situation that is not abnormal in the monitoring target environment. The information processing system further includes a retrieval unit. The retrieval unit refers to the normal situation storage unit upon receiving the input of the situation information indicating the information in the monitoring target environment.

Abstract: A trust management system is provided for a network communication ecosystem having a plurality of participating entities. The trust management system includes a trust specification engine configured to define and manage trust relationships between a first entity and a second entity of the plurality of participating entities, a trust analysis engine configured to process the results of a trust query from the first entity to the second entity, a trust evaluation engine configured to evaluate the trust relationships managed by the trust specification engine, and a trust monitor configured to (i) monitor one or more trust triggers occurring relevant to at least one of the first and second entities, and (2) update a trust relationship between the first and second entities based on one or more monitored trust triggers.

Abstract: A method including receiving, by a first server from a second server, an encrypted authentication packet to enable the first server and the second server to conduct an authentication process, the encrypted authentication packet including a crypted code field indicating a type associated with the encrypted authentication packet and a crypted payload including one or more encrypted fields; and transmitting, by the first server to the second server, a response based at least in part on determining the type associated with the encrypted authentication packet and on decrypting the one or more encrypted fields. Various other aspects are contemplated.

Abstract: A user's emotion can be determined based on pupil dilation response to a challenge prompt. In response to an authentication request, a registered challenge prompt and an expected pupil dilation response can be retrieved. The challenge prompt can include one or more images or a video designed to cause a pupil dilation response in a user. The challenge prompt is displayed to the user and the user's pupil dilation response is captured. At least one user action of the user is monitored and an emotion is determined based on the at least one user action. The emotion is associated with the pupil dilation response.

Abstract: Techniques and structures to provide dynamic deployment of access controls in an on-demand environment. A host electronic device may comprise one or more processors coupled with the at least one physical memory device, the one or more processors configurable to receive, via a user interface, request to access one or more resources managed by the electronic device in the multi-user, on demand computing environment, the request comprising one or more request elements, determine whether a virtual access rule logic comprises one or more virtual access check rules which are anchored to the one or more request elements, and in response to a determination that the virtual access rule logic comprises one or more virtual access check rules which are anchored to the one or more request elements, apply the one or more virtual access check rules to the request. Additional subject matter may be described and claimed.

Abstract: Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content.

Abstract: A computer-implemented method is provided for statistical modeling of entities of a particular type. The method can include obtaining entity data including a plurality of entity data sets, each entity data set associated with a respective entity and including values for one or more static parameters indicative of a type of the entity. Each entity data set can include (i) values for input parameter(s) indicative of a security profile of the entity and (ii) a value of a security class parameter indicative of a security class of the entity based on the values of the input parameters. The method can include training a statistical classifier to infer a value of the security class parameter indicative of the security class of a particular entity of the particular type based on values of one or more of the input parameters indicative of a security profile of the particular entity.

Abstract: Disclosed are systems and methods for mapping a virtual shopper to a physical shopper. The systems and methods may include receiving, at a backend system, unidentified customer data including information about an unidentified customer. Customer identity data including identifying information about the customer may be received from the customer. An authentication token may be generated that links the unidentified customer data to the customer identity data.

Abstract: A mobile device may retrieve, from a multimedia computer, a network address at which a condition is defined. The condition may relate to authorizing access to restricted content associated with the multimedia computer. The mobile device may also retrieve details of the condition that is defined at the network address. The mobile device may prompt a user of the mobile device for permission to provide, to an authorization server, authorization information that relates to the condition. The mobile device may transmit, to the authorization server, the authorization information and a user profile identifier of the user. Based on a confirmation of the validity of the authorization information, the mobile device may receive an authorization code from the authorization server. Based on the receiving of the authorization code, the mobile device may provide a graphical user interface that provides access to the restricted content associated with the multimedia computer.

Abstract: A system includes a campaign management service to detect a campaign initiation request indicating a number of computerized devices to be updated for a campaign and store data corresponding to the computerized devices to be updated. The campaign management service can generate a bloom filter data structure comprising hash values based on the data for each of the computerized devices to be updated and transmit the bloom filter data structure to a network edge. The system can include the network edge that can use the bloom filter data structure from the campaign management service to determine whether a computerized device is to obtain a device update from the campaign management service. The network edge can retrieve the device update and modify the computerized device by transmitting the device update to the computerized device, which then installs it.

Abstract: Techniques for rapid video on demand (VOD) media content breach response are described. In some embodiments, during content preparation, a server generates an encrypted media content item by generating a first encrypted portion using a first key derived from a first seed that is of a first type and generating a second encrypted portion using a second key derived from a second seed that is of a second type. In some embodiments, the server classifies the first portion in a first category (e.g., a prioritized category) and the second portion in a second category (e.g., a non-prioritized category). During a breach response, the server repairs the encrypted media content item by re-encrypting portions in the first category, e.g., re-encrypting the first encrypted portion using a replacement key derived from a replacement seed that is of the first type, and updating encryption metadata.

Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.

Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.

Abstract: A system and method are provided for the secure sharing of information across and open network and for performing management of keys used for encrypting and decrypting data.

Abstract: A method including determining, by a first user device, encrypted content by encrypting content based on a first private key; encrypting, by the first user device, the first private key based on utilizing a second public key associated with a second user device; transmitting, by the first user device to a storage device, the encrypted content and the encrypted first private key for storage in association with a first account; receiving, by the second user device from storage device, the encrypted content and the encrypted first private key when the first user device is unable to access the encrypted content; decrypting, by the second user device, the encrypted first private key and the encrypted content based on a second private key; and transmitting, by the second user device to the first user device, the content to restore access to the content by the first user device is disclosed.

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract: Provided are a system and a method for controlling transaction data access. A system for controlling transaction data access comprising: a transaction management module configured to determine a plurality of security levels for transaction data; a data encryption module configured to perform multiple level encrypting the transaction data according to the plurality of security levels; and a data storage module configured to store the encrypted data as a block, and provide the block to a peer-to-peer (P2P) network.