Abstract: Implementations of the present disclosure are directed to providing remote access to electronic documents stored in a server system using a virtual secure room, and include actions of authenticating a user at least partially based on credentials the user, at least partially in response to authenticating the user, providing a secure connection between a computing device of the user and the server system, transmitting at least one electronic document for display to the user on the computing device, monitoring the user, while the at least one electronic document is displayed to the user on the computing device, and selectively closing the secure connection in response to one or more of at least one activity and at least one state of the user.

Abstract: A key management method serves as an electronic control unit (ECU) in an onboard network system having a plurality of ECUs that perform communication by frames via a network. The method includes storing a shared key, acquiring a session key, and executing encryption processing using the session key. The method further includes executing inspection of a security state of the shared key stored in a case where a vehicle is in at least one of the following particular states: the vehicle is not driving and is an accessory-on state; a fuel cap of the vehicle is open, and the vehicle is not driving and is fueling; the vehicle is parked, which is indicated by the gearshift; the vehicle is in a stopped state before driving, which is indicated by the gearshift; and a charging plug is connected to the vehicle, and the vehicle is electrically charging.

Abstract: Techniques are described for detecting and attributing automatic unauthorized redirects originating from executable code contained within an advertisement hosted within a web page or application displayed on an end user's mobile or desktop computing devices.

Abstract: A method and hack protection system for providing hack protection in an autonomous vehicle is disclosed. The method includes generating, by the hack protection system, random power ON sequence, where the random power ON sequence is in encrypted format and generated during power ON of the autonomous vehicle. The method further includes detecting current flow to sensors in the autonomous vehicle, the sensors are controlled by power switching circuitry and is responsive to power switching control signals generated by a system software module in response to the random power ON sequence, the random power ON sequence being converted from the encrypted format into decrypted format by the system software module. The method includes determining actual power ON sequence of the sensors in response to the current flow. Moreover, the method includes comparing the actual power ON sequence with the random power ON sequence to control power of the autonomous vehicle.

Abstract: A system and method for investigating trust scores. A trust score is calculated based on peer transfers, a graphical user interface displays actuatable elements associated with a first peer transfer from the peer transfers, in response to receiving an indication the first actuatable element has been actuated, recalculating the trust score without the first peer transfer.

Abstract: A method for detecting intrusions uses a searchable enciphering algorithm and includes: generating a trap bypass key for a security device, which is able to determine keywords characteristic of intrusions, generating by the security device a trap for each keyword by using the trap bypass key; providing the traps to an intrusions detection device; intercepting by the detection device character strings sent on the network by a sender and enciphered with a public key of a receiver; applying by the detection device a test procedure on the character strings enciphered using the traps; and detecting an intrusion on the network if there exists according to the test procedure an enciphered character string representative of a cipher of a keyword.

Abstract: The present disclosure relates to a sensor network, machine type communication (MTC), machine-to-machine (M2M) communication, and technology for internet of things (IoT). An apparatus and method are provided for providing and managing security information in a communication system. A method of a first device includes detecting that a second device requests to share security information of the first device; registering information of the second device at a service provider; receiving, from the service provider, authentication information for the second device to share the security information of the first device; and transmitting the authentication information to the second device.

Abstract: Disclosed is a method of facilitating authentication of a user. The method may include performing at least one of generating and receiving, using a processor, a primary cryptographic identifier consisted of a primary public key and a primary private key. Further, the method may include generating, using the processor, a global static user identifier corresponding to the user based on the primary public key. Further, the method may include generating, using the processor, a digital signature corresponding to a service based on a unique identifier associated with the service and the primary cryptographic identifier. Further, the method may include generating, using the processor, a key generation seed based on the digital signature and the global static user identifier. Further, the method may include generating, using the processor, a secondary cryptographic identifier including a secondary public key based on the key generation seed.

Abstract: Various embodiments provide an approach to detect intrusion of connected IoT devices. In operation, features associated with behavioral attributes as well as volumetric attributes of network data patterns of different IoT devices is analyzed by means of statistical analysis to determine deviation from normal operation data traffic patterns to detect anomalous operations and possible intrusions. Data from multiple networks and devices is combined in the cloud to provide for improved base models for statistical analysis.

Abstract: A network node and a method of updating and distributing secret keys in a distributed network is suggested. The network comprises a plurality of nodes connected to a shared medium of the distributed network. Each node of the plurality of nodes is member of at least one group of a plurality of groups. Each group is associated with a secret group key. Each node of the plurality of nodes stores only the one or more secret group keys, of which it is member. A first node of the plurality of nodes generates an authenticated update key request. The authenticated update key request comprises an indication of a membership, of which the first node is member. The first node broadcasts the authenticated update key request on the shared medium of the distributed network. Each remaining nodes of the plurality of nodes receives the authenticated key update.

Abstract: An encrypted link is established with multiple ciphers. During a handshake protocol when establishing a secure session, at least two sets of cipher suites are transmitted to a server by a client. A choice cipher suite for each set of the at least two sets of cipher suites are received by the client from the server. The client selects a first choice cipher suite from among the choice cipher suites received from the server. The client establishes a connection with the server using the first choice cipher suite to encrypt the connection.

Abstract: A system and method for determining malware threats based on behavior of a host/IP address uses netflow data, white lists, black lists and machine learning classification with a model. A white list generation method may be used and a machine learning model validation method.

Abstract: A method and system of authenticating a node in a distributed network is provided. The distributed network comprises a plurality of nodes connected to a shared medium of the distributed network. Each of the plurality of nodes is provisioned with an identity certificate comprising a public key, a private key associated with the public key and an identification sequence. The identification sequence is unique to the system comprising the distributed network. A second node of the plurality of nodes generates a node authenticity related information for authenticating at a first node of the plurality of nodes. The node authenticity related information comprises a signature generated using the private key of the second node from a sequence, which comprises the identification sequence. The second node transmits the node authenticity related information together with the identity certificate provisioned at the second node to the first node.

Abstract: In a fully homomorphic encryption scheme, a method is provided for performing a homomorphic operation on a data set by applying an encrypted operand supplied as a ciphertext. A data set containing ‘i’ library vectors, each with ‘j’ coefficients is subjected to a pivot operation such that each set of common ‘j’ coefficients is stored in respective library ciphertexts. A query ciphertext containing a query vector is then subjected to a homomorphic pivot operation to separate out its ‘j’ coefficients into respective pivoted query ciphertexts. A more efficient homomorphic computation can then be carried out between the ciphertexts of the pivoted forms of the query and library vectors so as to compute an encrypted set of vector differences between the query vector and each of the library vectors.

Abstract: A method implemented on an electronic computing device for facilitating access to user information includes receiving from a user data to be made available for access on the electronic computing device. A time duration for which the data is permitted to be accessed is received from the user. Conditions to be met in order for one of a plurality of entities to access the data are received from the user. A request from an entity is received to access the data. A determination is made as to whether the entity satisfies the conditions. A determination is made as to whether a time at which the request is made is within the time duration. When the entity satisfies the conditions and when the request is made within the time duration, the entity is permitted to access the data.

Abstract: A behavior inference model building apparatus and a behavior inference model building method thereof are provided. The behavior inference model building apparatus converts a plurality of program operation sequences of a plurality of program operation sequence data into a plurality of word vectors through a word embedding model, and inputs the first M word vectors of the word vectors, corresponding to each program operation sequence data, into a generative adversarial network (GAN) model to train and optimize the GAN model. The behavior inference model building apparatus integrates the word embedding model and the generator of the optimized GAN model to build a behavior inference model.

Abstract: In a fully homomorphic encryption scheme, a method is provided for performing a homomorphic operation on a data set by applying an encrypted operand supplied as a ciphertext. A data set containing ‘i’ library vectors, each with ‘j’ coefficients is subjected to a pivot operation such that each set of common ‘j’ coefficients is stored in respective library ciphertexts. A query ciphertext containing a query vector is then subjected to a homomorphic pivot operation to separate out its ‘j’ coefficients into respective pivoted query ciphertexts. A more efficient homomorphic computation can then be carried out between the ciphertexts of the pivoted forms of the query and library vectors so as to compute an encrypted set of vector differences between the query vector and each of the library vectors.

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

Abstract: A computing system includes: a control unit configured to: receive user information through a vault user account; process the user information for storage in an information vault; implement a security protocol for the vault user account including to determine a security breach to the vault user account based on receiving an electronic communication from a user electronic contact address addressed to a breach detection contact address; a storage unit, coupled to the control unit, configured to store the user information.

Abstract: A cloud storage system supporting user agnostic encryption and deduplication of encrypted files is described. Further the cloud storage system enables users to share a file, a group of files, or an entire file system with other users without a user sending each file to the other users. The cloud storage system further allows a client device to minimize the utilization of bandwidth by determining whether the encrypted data to transfer is already present in the cloud storage system. Further the cloud storage system comprises mechanisms for a client device to inform the cloud storage system of which data is likely to be required in the future so that the cloud storage system can make that data available with less latency one the client device requests the data.