Abstract: A method for performing spacetime-constrained oblivious transfer between various laboratories of a first party A and various laboratories of a second party B. The method includes providing the spacetime-constrained oblivious transfer to satisfy various conditions. The method further includes encoding, by the laboratories of the first party A, various messages in a quantum state selected from various non-orthogonal quantum states. The method further includes transmitting, by the laboratories of the first party A, the quantum state to a first laboratory of the second party B. The method further includes applying, by the first laboratory of the second party B, a quantum measurement on the quantum state to obtain a classical measurement outcome. The method further includes transmitting, by the first laboratory of the second party B, the classical measurement outcome to the laboratories of the second party B.

Abstract: A method and system for detecting intrusion in a distributed field bus of a vehicle network involve using an Intrusion Detection System (IDS) to detect intrusion in the network. In a network with a number of nodes, IDS is configured in each of the number of nodes. The IDS, in a first node configured in a transmission mode, receives at least one message signal. A hash function is performed on at least one message signal for generating a first Honeypot (HPT) signal. Simultaneously, the first node transmits the first HPT signal to the second node. The first node and the second node generates a reference HPT and second HPT respectively using an echo-hash function. The IDS detect intrusion based on a comparison of the reference HPT and the second HPT. The method is independent of network traffic timing and can be performed in real-time.

Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity.

Abstract: A system may include an interface configured to couple to a network, and includes a processor and a memory accessible to the processor. The memory may be configured to store instructions that, when executed, cause the processor to process search results corresponding to multiple data owners to selectively filter personally identifiable information (PII) associated with one or more consumers from the set of search results according to data sharing permissions for each of the data owners to produce filtered results. The instructions may further cause the processor to provide the filtered results to a user device through the network.

Abstract: Disclosed are various embodiments for an authentication service. A unique identifier is associated with a device access token for a client to be authenticated. An authentication identifier is sent to an authenticated client. The client to be authenticated communicates the authentication identifier and unique identifier to the authentication service to complete authentication.

Abstract: A vehicle processing device authenticates that an authorized user has requested an action by the vehicle and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date.

Abstract: Various implementations described herein are directed to a device with a reset tree having leaf buffers that provide sensed output signals based on a reset-synchronizing input signal. The device may have a first sensor that receives the sensed output signals from the leaf buffers of the reset tree and provides an attack detection signal based on sensing a malicious attack. The device may have a second sensor that receives the reset-synchronizing input signal, receives the attack detection signal from the first sensor and provides a reset alarm signal based on duration of a timing glitch associated with comparing a difference between the reset-synchronizing input signal and the attack detection signal.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for automatic account protection. A method includes detecting a trigger indicating one or more of a potential and an actual security breach at one or more websites where a user has an account that is accessible using electronic credentials. A method includes logging into the one or more websites for the user using the electronic credentials. A method includes performing one or more actions at the one or more websites associated with the electronic credentials to protect the user's account.

Abstract: Systems, apparatuses, and methods are described for establishing, or re-establishing, trust for a network device. A user device may send, via a network device, a service request to establish trust for the network device in a network. The service request may comprise, or may allow look up of, identifying information for the network device, such as a network address. Trust of the network device may be established, at least in part, by confirming the network address (or other identifying information) associated with the network device, and/or by confirming certain devices that are in communication with the network device. An authentication token may be sent to the network device for reconnecting to the network.

Abstract: Systems and methods for leveraging smart glasses for identifying anomalies in a document is provided. Methods may include scanning the document and determining a document type based off pre-defined identifiable features extracted from the document. In parallel to determining, methods may include performing a series of actions to identify any anomalies. Methods may include tracking the user's eye movements and based off of the one or more portions of the document upon which the user's eyes are focused, capturing data from one or more portions, identifying a document characteristic and comparing the document characteristic to a predetermined document rule. When the document characteristic complies to the predetermined document rule, methods may include repeating the series of actions and when the document characteristic fails to comply with the predetermined document rule, methods may include displaying an image of the anomaly, on a display of the smart glasses.

Abstract: A device may include a processor configured to select a quantum key distribution transmission; identify an optical fiber path via which the quantum key distribution transmission is to be performed; determine one or more values for at least one transmission parameter for the identified optical fiber path; and select a pulse script for the optical fiber path based on the determined one or more values for the at least one transmission parameter. The processor may be further configured to perform the quantum key distribution transmission via the identified optical fiber path using the selected pulse script.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for automated event migration. A method includes aggregating a set of events from one or more servers to a trusted hardware device. Certain different events of a set of events may be associated with different service providers. A method includes identifying, on a trusted hardware device, a repeating event from a set of events. A method includes prompting a user to migrate subsequent instances of a repeating event from one service provider to a different service provider of a plurality of service providers based on a likelihood that the aggregated set of events includes each event for the user of an event type of the aggregated set of events. A method includes migrating subsequent instances of a repeating event, using a user's electronic credentials, from one service provider to a different service provider in response to the user accepting a prompt.

Abstract: Systems, apparatuses, and methods are disclosed for quantum entanglement authentication (QEA). An example method includes transmitting a first number and a first electronic identification of a first set of entangled quantum particles to a first computing device, each entangled quantum particle in the first set of entangled quantum particles is entangled with a respective entangled quantum particle in a second set of entangled quantum particles, receiving from the first computing device, a first session key, the first session key being a function of the first number and a second number provided to the first computing device in response to a first measurement initiation control signal comprising the first electronic identification of a first subset of the first set of entangled quantum particles, and in an instance in which the first session key corresponds to a second session key, authenticating a session between the first computing device.

Abstract: A method of authenticating a network device may include receiving an authentication message from a third party server, the authentication message identifying a network device. The method may also include receiving a zero touch provisioning request comprising a certificate from the network device. The method may additionally include, determining the network device is associated with a third party that manages the third party server based on the certificate. The method may include transmitting a redirect message comprising a root certificate chain indicating that the network device is to send the zero touch provisioning request to the third party server.

Abstract: There is herein provided a method of performing Quantum Key Distribution, the method including transmitting, in a first basis state, a first photon from a quantum transmitter to a quantum receiver; transmitting, in a second basis state, a second photon from the quantum transmitter to the quantum receiver, the second basis state being non-orthogonal to the first basis state and the transmitter and receiver being optically connected by both a first optical channel and a second optical channel, wherein transmitting the first photon from the quantum transmitter to the quantum receiver in the first basis state comprises: transmitting the first photon from the quantum transmitter to the quantum receiver along either the first optical channel or the second optical channel, wherein transmitting the second photon from the quantum transmitter to the quantum receiver in the second basis state comprises: transmitting a first portion of the probability distribution of the second photon from the transmitter to the receiver

Abstract: A computer system is configured to generate alerts related to malicious activity on an audited computing system. The computing system is provided with instructions to receive activity information associated with activity of an entity performed in an audited computing network, access contextual information associated with the entity, determine, based on the contextual information, a set of weights associated with the activity information and combine the weight and the entity activity information to generate a risk score. In response to the risk score satisfying a threshold value, the computer system may generate an alert, and, in response to receiving a user input associated with the alert, update the set of weights. In certain embodiments, the updated weights may be used for determining the risk score of future alerts.

Abstract: The present disclosure relates to two-factor authentication with a Hardware Security Module (HSM). In response to a login attempt, the HSM indicates that two-factor authentication is required. To generate the second authentication factor, a management console is accessed using credentials. The management console generates the second authentication factor and provides the second authentication factor to the client. The client then provides the second authentication factor to the HSM to complete the two-factor authentication operations.

Abstract: A computerized system and method may include, in response to receiving a blockchain via a communications network that includes information associated with an event, parsing, by a blockchain parsing engine being executed by a blockchain node, the information to identify a status state of an item related to the event. The blockchain may be inclusive of the information along with the status state of the item may be stored in a storage unit. An event tracking engine may determine from the parsed information that the status state of the item transitioned from a first state to a second state. Responsive to the event tracking engine determining that a qualifying state is satisfied by the item being in the second state, automatically executing, by the blockchain node, a smart code inclusive of initiating communications between a first party and a second party.

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

Abstract: Mechanisms for detecting fraudulent activity based on hardware events are provided. In accordance with some embodiments of the disclosed subject matter, the method comprises: receiving a request for advertising content to be placed on a website; receiving data describing physical activity at one or more user input hardware devices; receiving data describing interactions with the website; correlating the data describing interactions with the website with the data describing physical activity at one or more user input hardware devices; determining whether at least a portion of the interactions with the website are indicative of fraudulent behavior based on the correlation; and responding to the request for advertising content on the website by inhibiting the advertising content to be transmitted to the website in response to the determination that at least a portion of the interactions with the website indicates fraudulent behavior.