Abstract: Provided is a key management method to secure security in an onboard network system having multiple electronic control units storing a shared key. In the key management method of the onboard network system including multiple electronic units (ECUs) that perform communication by frames via a bus, a master ECU stores a shared key to be mutually shared with one or more ECUs. Each of the ECUs acquire a session key by communication with the master ECU based on the stored shared key, and after this acquisition, executes encryption processing regarding a frame transmitted or received via the bus, using this session key. In a case where a vehicle in which the onboard network system is installed is in a particular state, the master ECU executes inspection of a security state of the shared key stored by the ECU or the like.

Abstract: Disclosed herein is a method for use in detection of abnormal behavior of a group of a plurality of entities of a computer system. The method is arranged to be performed by a processing system and includes: creating a model of normal behavior of the group of entities; and determining, in accordance with the model of normal behavior of the group of entities, a parameter indicative of abnormal behavior of the group of entities. Also disclosed is an equivalent computer readable medium and anomalous behavior detection system.

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

Abstract: In one embodiment, an apparatus includes a processor to receive a primary video, select first sections of the primary video in which to include units of data for use in watermarking, select second sections of the primary video, each second section including a first data item without which at least one video unit of the primary video cannot be rendered or rendered correctly, replace each first section with at least two watermark variants, replace each second section with at least two watermark variant decoys, wherein the apparatus is operative to operate in an environment including an end-user device operative to select one of the watermark variants for each first section and one of the watermark variant decoys for each second section for rendering as part of an interleaved video stream including the primary video in order to embed units of data of an identification in the interleaved video stream.

Abstract: According to one embodiment, a memory device includes: a nonvolatile semiconductor memory; and a controller which controls the semiconductor memory. The controller includes: a first memory which stores a first key; a second memory which stores a second key; a first generator which generates a third key based on a random number; a second generator which generates a fourth key based on the first key and the third key; and an encryptor which encrypts the second key with the third key. The third key and the encrypted second key are stored in a host device enabled to access the memory device.

Abstract: The present disclosure relates to a method, apparatus and system for authenticating access of a first device with a first user account to a second device with a device identification bound with a second user account. The method includes acquiring, by the first device, the device identification of the second device to by accessed. Subsequently, the method includes sending the device identification and the first user account to a third-party device. The third-party device receives the device identification and the first user account, sends an authentication request to a login terminal for the second user account when the first user account is different from the second account, receives a permission access response for an access authorization front the login terminal, and sends an access password associated to the first device. Then, the method includes receiving the access password, and accessing the second device using the access password.

Abstract: A data transmission method and a terminal include multiple operating systems, and each operating system corresponds to a transmission module. The terminal determines a target transmission mode for data of the terminal when a data transmission command for transmitting the data of the terminal to a target terminal is received, and the target transmission mode includes a normal transmission mode and a secure transmission mode. The terminal switches to a designated operating system of the multiple operating systems when the target transmission mode is the secure transmission mode, establishes a connection with the target terminal via the designated operating system, determines whether the target terminal supports secure transmission, and transmits the data to the target terminal via the secure transmission mode when the determination result is that the target terminal supports the secure transmission.

Abstract: A system and method for homomorphic encryption in a healthcare network environment is provided and includes receiving digital data over the healthcare network at a data custodian server in a plurality of formats from various data sources, encrypting the data according to a homomorphic encryption scheme, receiving a query at the data custodian server from a data consumer device concerning a portion of the encrypted data, initiating a secure homomorphic work session between the data custodian server and the data consumer device, generating a homomorphic work space associated with the homomorphic work session, compiling, by the data custodian server, a results set satisfying the query, loading the results set into the homomorphic work space, and building an application programming interface (API) compatible with the results set, the API facilitating encrypted analysis on the results set in the homomorphic work space.

Abstract: An apparatus and method for storing security information are provided. The apparatus is generally an electronic device that includes a memory configured to include a secured region to store security information and a processor configured to electrically connect with the memory. The processor is further configured to execute an application program configured to store the security information in a first secured region, to receive a request to store the security information from the application program, and to store the security information in a second secured region different from the first secured region in response to the request.

Abstract: A new approach is proposed to support monitoring Perfect Forward Secrecy (PFS) network traffic by utilizing a hardware security module (HSM) appliance. Here, the HSM appliance is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security hardware with embedded firmware, which can be used for management and sharing of ephemeral keys used in a secured PFS communication session between two parties. Specifically, the HSM allows a server to share one or more of its ephemeral keys and/or parameters used in PFS traffic during the session with a third party under specified access rights and/or authorization, wherein the third party can be but is not limited to a traffic monitoring module. The HSM allows the third party to access the ephemeral keys stored on the HSM under the specified access rights and/or authorization so that the third party may decrypt and run analytics on the PFS traffic captured during the session.

Abstract: This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices.

Abstract: There is provided an information processing apparatus. An acquisition unit acquires feature information of a latest block in a block chain when target data is generated. A registration unit registers proof information indicating that the generated target data is correlated with the feature information acquired by the acquisition unit when the target data is generated to a time proof service.

Abstract: There are provided a message communication device and method. A message communication device according to an exemplary embodiment includes a header modifying unit configured to modify a message header by adding additional information used together with an identity when a public key corresponding to the identity of a recipient is generated to be the message header, and a message transmitting unit configured to transmit a message including data encrypted based on the public key and the modified message header.

Abstract: A security gateway module for an automotive vehicle is couplable in series between an OBD CAN bus and an internal CAN bus of the vehicle over which electronic devices of the vehicle communicate. The security gateway module checks CAN bus messages received on the OBD CAN bus, determines whether they should be passed to the internal CAN bus, passes those that it determines should be passed and does not pass those it determines should not be passed.

Abstract: An approach is provided for providing security mechanism for proximity-based interactions among devices. A first device (e.g., a memory tag) may determine a request for interaction between the first device and a second device (e.g., a mobile phone), wherein at least the first device is associated with at least one first antenna and at least one second antenna. The first device may determine a first signal received by the at least one first antenna and a second signal received by the at least one second antenna. Further, the first device may determine one or more differences in one or more characteristics of the first signal and the second signal. Furthermore, the first device may process or facilitate a processing of the one or more differences to determine whether to allow the interaction.

Abstract: Methods, systems, and computer program products for vehicle wireless internet security are provided. A connection request is received from a mobile device. A data request is transmitted to the mobile device. The data request includes a request for location-based data of the mobile device. A first data is received from the mobile device that corresponds to the data request. A vehicle data is generated that comprises location-based data of the vehicle. A match between the first data and the vehicle data is determined. A match is determined where the location based data of the mobile device is with a pre-determined threshold of the location-based data of the vehicle.

Abstract: Systems and methods are disclosed herein to provide improved online security testing of security devices and networks, including but not limited to networks containing wireless access points. In accordance with one or more embodiments and aspects thereof, a distributed online test system is disclosed that combines an online test manager with one or more remote probes to generate simulated attacks and verify their effectiveness. Such a system may offer improved capabilities such as the ability to conduct attacks over geographically distributed network topologies, the ability to assess the security functions of wireless networks, and simpler and more cost-effective online security testing.

Abstract: Computationally implemented methods and systems are described herein that are designed to, among other things, receiving a level-two encrypted output of a surveillance device; decrypting at least a part of the level-two encrypted output of the surveillance device with a level-two decryption key that is practicably inaccessible by a level-two encryption entity; and transmitting a level-one encrypted output of the surveillance device.

Abstract: A biometric verification device is arranged to compare a reference hash with a verification bit string obtained from a biometric. The biometric verification device includes a candidate bit string generator arranged to generate candidate bit strings from the verification bit string and error probabilities; a hash unit arranged to apply a cryptographic hash function to the generated candidate bit strings to obtain candidate hashes; and a comparison unit arranged to verify if a candidate hash generated by the hash unit matches a reference hash.

Abstract: The current document is directed to an interface and authorization service that allows users of a cloud-director management subsystem of distributed, multi-tenant, virtual data centers to extend the services and functionalities provided by the cloud-director management subsystem. A cloud application programming interface (“API”) entrypoint represents a request/response RESTful interface to services and functionalities provided by the cloud-director management subsystem as well as to service extensions provided by users. The cloud API entrypoint includes a service-extension interface and an authorization-service management interface. The cloud-director management subsystem provides the authorization service to service extensions that allow the service extensions to obtain, from the authorization service, an indication of whether or not a request directed to the service extension through the cloud API entrypoint is authorized.