Abstract: A voice signal in a headphone is detected. The voice signal includes a person speaking an audible command. Based on detecting the voice signal a first biometric signature of a user is retrieved. The first biometric signature is compared to one or more biometric features of the person. Based on comparing the first biometric signature to the one or more biometric features an authentication of the user is determined. An authentication action is performed based on the detected voice signal. The authentication action is performed in response to verifying the authentication.

Abstract: Methods and systems for protecting membership privacy in multi-identification secure computation and communication are provided. The method includes providing a dataset having a first set of membership identifications and a second set of membership identifications, determining a number N based on a data privacy configuration, generating and shuffling a first padding dataset, and up-sampling the first set of membership identifications with a first N elements of the shuffled first padding dataset. The method also includes inserting a first N random membership-identification elements to the second set of membership identifications, generating and shuffling a second padding dataset, up-sampling the inserted second set of membership identifications with a first N elements of the shuffled second padding dataset. The method further includes performing an intersection operation based on the up-sampled dataset and a received dataset.

Abstract: Examples of the present disclosure describe systems and methods for exploit detection via induced exceptions. One embodiment of a method can include generating an inspection point, the inspection point causing an exception when a set of software instructions encounters the inspection point during an execution of the set of software instructions by a processor, registering an exception handler to handle the exception associated with by the inspection point; receiving, in response to the set of software instructions encountering the inspection point, an indication of an exception, accessing a context record associated with the execution of the set of software instructions, evaluating the context record to determine if an exploit is present using the first reputation information, and based on a determination that an exploit is present, performing a corrective action for the exploit.

Abstract: Existing approaches to security within network, for instance oneM2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

Abstract: A computer-implemented method is disclosed. The method includes: authenticating a user for login to a service for a first authenticated user session; in response to authenticating the user, generating a first data string associated with a first validity period; sending, to a client device associated with the user, the first data string; receiving, from the client device, a data access request to access a first data set at a remote data source, the data access request including the first data string; determining that the first authenticated user session has been terminated at a time of receiving the data access request; validating the first data string based on checking the first validity period; and in response to determining that the first authenticated user session has been terminated and that the first data string is valid, transmitting, to the client device, a data access response including at least a subset of the first data set.

Abstract: A vehicle information remote retrieval method includes an emergency personnel or first responder vehicle (FRV) establishing a vehicle connection between an infotainment system of a vehicle and the FRV. The FRV sends a vehicle information request to the infotainment system of the vehicle, via the vehicle connection, seeking release of vehicle information. The FRV obtains authentication of the vehicle information received in response to the vehicle information request. The FRV determines occupant status based on the vehicle information. The FRV communicates the passenger status to a first responder.

Abstract: A method for identifying an active administration function (ADMF) in a lawful interception deployment that utilizes an ADMF set comprising a plurality of ADMFs can be implemented by a network element. The method can include exchanging lawful interception signaling with a first ADMF when the first ADMF is the active ADMF. The method can also include receiving an auditing request message from one of the plurality of ADMFs in the ADMF set and sending a ping request message to each ADMF in the ADMF set. The method can also include receiving a ping response message from a second ADMF among the plurality of ADMFs in the ADMF set and identifying the second ADMF as the active ADMF in response to receiving the ping response message. The method can also include exchanging second lawful interception signaling with the second ADMF when the second ADMF is the active ADMF.

Abstract: A revocable lightweight group authentication method and system for an edge controller is described here. When the edge controller needs to be registered, an edge server generates a private key of the edge controller and sends the private key to the edge controller, and meanwhile adds the edge controller to a group list of the edge server; the edge server updates a certificate of the edge controller, adds the certificate to a certificate list of the edge server and sends the certificate to the edge controller so that the edge controller updates the private key according to the updated certificate; and then the edge controller generates a signature according to the updated private key, and sends the signature to the edge server so that the edge server authenticates the edge controller after determining that the signature meets preset requirements.

Abstract: The present invention relates to a handwritten signature authentication apparatus and method. More particularly, the present invention relates to an apparatus and a method of blinding a handwritten signature for authentication in which when a user writes a handwritten signature, a handwritten signature image displayed on a display device is blinded from a third party nearby.

Abstract: An onboard communication network of a vehicle is monitored to detect a plurality of available messages that include respective cipher-based message authentication codes (CMAC) and that were identified as eligible messages based on having an information entropy greater than a specified threshold. A first message is selected from the plurality of available messages. The CMAC of the selected message is input into a random number generator that outputs a random number seeded by the CMAC of the selected message. Then the random number is provided.

Abstract: An information processing apparatus is provided. The apparatus performs operations comprising performing facial authentication of a second user in a state in which a first user is logged in, performing authentication of a user using a second scheme that is different from facial authentication if the facial authentication is successful, and switching a logged-in user from the first user to the second user if the authentication using the second scheme is successful and the authenticated user is the second user.

Abstract: A system and method are disclosed for secure multi-party computations. The system performs operations including establishing an API for coordinating joint operations between a first access point and a second access point related to performing a secure prediction task in which the first access point and the second access point will perform private computation of first data and second data without the parties having access to each other's data. The operations include storing a list of assets representing metadata about the first data and the second data, receiving a selection of the second data for use with the first data, managing an authentication and authorization of communications between the first access point and the second access point and performing the secure prediction task using the second data operating on the first data.

Abstract: Embodiments of the present invention provide a system for facilitating a secure way to allow primary users and secondary users to perform interactions. In particular, the system may be configured to receive an interaction request from a primary user, where the interaction request comprises location of an automated machine, initiate and lock a session between the automated machine and the entity application located on the user device of the primary user, identify a trigger and display a code on the automated machine, wherein the code is scannable by the user device of the primary user or a user device of an authorized secondary user, receive a scanned code from the user device of the primary user or the user device of the authorized secondary user, determine a match between the scanned code and the code displayed on the automated machine, and complete the interaction.

Abstract: Disclosed herein are a method for establishing a remote work environment for ensuring the security of a user terminal for remote work and an apparatus using the method. The method, performed by the apparatus, includes acquiring media image creation information from a user; creating a certificate for VPN access based on the media image creation information and creating a media image using the media image creation information and the certificate for VPN access; and providing the media image to the user such that the user is able to create a medium for remote work. The user terminal for remote work is booted through the medium for remote work, thereby configuring a runtime environment for remote work in which security is ensured.

Abstract: Using physiological cues to measure data sensitivity and implement security on a user device. The method may include obtaining data associated with a first physiological state of a user engaged in a first activity on a user device, obtaining data associated with a second physiological state of the user engaged in a second activity on the user device, where the second activity is determined to be more sensitive to the user than the first activity, and where the second physiological state indicates the user's emotional response to the second activity, and implementing a security action on the user device based on the second physiological state of the user engaged in the second activity.

Abstract: A wireless local area network (WLAN) access method includes sending, by a terminal, a request for querying an available wireless access point to a server. The method further includes sending, by the server according to the query request, obtained information about the available wireless access point. The method further includes receiving, by the terminal, wireless access point information returned by the server, and determining a specific wireless access point from the received wireless access point information. The method further includes sending, by the terminal, an authentication information request of the specific wireless access point to the server. The method further includes when receiving the request, sending, by the server, authentication information corresponding to the specific wireless access point to the terminal, where the authentication information is used to connect the terminal to the specific wireless access point.

Abstract: Presented herein are techniques to provide for the ability to utilize 3GPP-generated Session Keys that can be generated via a primary authentication or a secondary authentication process for a user equipment (UE) via a private wireless wide area (WWA) access network in which the keys can be leveraged to facilitate connection of the UE to a wireless local area (WLA) access network. In one example, a method may include obtaining a request to authenticate a UE for connection to a WWA access network; determining that the UE is capable of a Fast Transition (FT) capability; authenticating the UE for connection to the WWA access in which, based on the FT capability, the authenticating includes generating a root security key for the UE; and upon determining that the UE is attempting to access the WLA access network, providing the root security key for the UE to the WLA access network.

Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

Abstract: A system according to this invention is directed to a virtual network system that prevents unauthorized registration, alteration, or occurrence of erroneous registration even if an operator is to create a network system including a virtual network function produced by a third party.

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information.