Abstract: The present technology relates to a signal processing device, and a signal processing method for enabling reduction of a processing load while ensuring safety. The signal processing device includes a control unit that acquires designation information indicating a designated portion to be encrypted in output data and an encryption processing unit that encrypts the designated portion indicated by the designation information in the output data using a key. Furthermore, the designated portion indicated by the designation information is changed with time. The present technology can be applied to an in-vehicle camera.

Abstract: A system (100) for providing a user device (102) access to a resource or data is disclosed. The system (100) comprises: the user device (102) comprising: a light detector (104) configured to detect light (130) emitted by a light source (122), which light (130) comprises an embedded code comprising a light source identifier of the light source (122), a communication unit (108) configured to communicate with a network device (112), a processor (106) configured to retrieve the light source identifier from the light (130), and to communicate the light source identifier to the network device (112).

Abstract: Disclosed embodiments relate to systems and methods for securely and seamlessly provisioning credentials for use by personal computing devices. Techniques include obtaining a session identifier; making available an encoded representation to a personal computing device, the encoded representation encoding the session identifier; wherein the personal computing device is configured to: decode the encoded representation, access an identity credential stored on the personal computing device, encrypt the identity credential using a first cryptographic key, and send, to a mediator resource, the session identifier and the encrypted identity credential; receiving, from the mediator resource, the session identifier and the encrypted identity credential; and storing the encrypted identity credential.

Abstract: The present technology relates to a signal processing device, and a signal processing method for enabling reduction of a processing load while ensuring safety. The signal processing device includes a control unit that acquires designation information indicating a designated portion to be encrypted in output data and an encryption processing unit that encrypts the designated portion indicated by the designation information in the output data using a key. Furthermore, the designated portion indicated by the designation information is changed with time. The present technology can be applied to an in-vehicle camera.

Abstract: According to one embodiment, a system establishes a secure connection between a host system and a data processing (DP) accelerator over a bus, the secure connection including one or more data channels. The system transmits a first instruction from the host system to the DP accelerator over a command channel, the first instruction requesting the DP accelerator to perform a data preparation operation. The system receives a first request to read a first data from a first memory location of the host system from the DP accelerator over one data channel. In response to the request, the system transmits the first data to the DP accelerator over the data channel, where the first data is utilized for a computation or a configuration operation. The system transmits a second instruction from the host system to the DP accelerator over the command channel to perform the computation or the configuration operation.

Abstract: Apparatuses, systems, and methods for generating and utilizing improved initialization vectors (IVs) when performing encryption and authentication in wireless communications. In some scenarios, a wireless communication device may generate one or more pseudorandom multi-bit values, e.g., using a respective plurality of key derivation functions (KDFs). A first portion of each value may be used as a respective key for encryption or authentication of traffic on the user plane or the control plane. A second portion of each value may be used as a nonce value in a respective IV for use with a respective key for encryption or authentication of traffic on the user plane or the control plane. In some scenarios, the nonce values may instead be generated as part of an additional pseudorandom value (e.g., by executing an additional KDF), from which all of the IVs may be drawn.

Abstract: A computing device includes a system that authenticates a user of the computing device. A first sensor obtains a first representation of a physical characteristic of the user that is compared to a registered representation of the physical characteristic of the user. A first level of access to the computing device is enabled based on the first representation of the physical characteristic matching the second representation of the physical characteristic. A second sensor obtains a first representation of a liveness characteristic of the user that indicates that the user is alive. The first representation of the liveness characteristic is compared to a registered representation of the liveness characteristic of the user. A second level of access to the computing device is enabled based on the first representation of the liveness characteristic of the user matching the second representation of the liveness characteristic of the user.

Abstract: Systems and methods are disclosed herein that relate to secure monitoring or interception of traffic in a wireless communications system. In some embodiments, a method of operation of a network node comprises receiving a list of one or more obfuscated target identifiers from a monitoring node, where each obfuscated target identifier is a user identifier of a target user that is encrypted using a first encryption key that is unknown to the network node. The method further comprises receiving an encrypted packet from another network node and determining whether an encrypted user identifier of the encrypted packet matches one of the obfuscated target identifiers. The method further comprises, if the encrypted user identifier matches one of the obfuscated target identifiers, further encrypting the encrypted packet using a second encryption key negotiated between the network node and the monitoring node and transmitting the further encrypted packet to the monitoring node.

Abstract: An apparatus comprises at least one processing device comprising a processor coupled to a memory. The processing device is configured to identify artifacts in a plurality of messages of an account of a user, and to replace the identified artifacts in the messages with respective modified artifacts while also maintaining in access-controlled storage at least information related to the identified artifacts. The processing device receives from a requestor a request for a given one of the identified artifacts that has been replaced with a corresponding modified artifact, determines a profile of the requestor based at least in part on the request, makes a security determination based at least in part on the determined profile, and takes at least one automated action based at least in part on the security determination.

Abstract: A secure mechanism for adding network devices uses an unsecure guest network and a secure network both coupled to a secure hub. When an unknown device is introduced, it is initially connected to the guest network and can only communicate with the hub and with a wide area network (WAN). The unknown device is prohibited from communicating with the secure network and any device connected to the secure network. The unknown device provides credentials to the hub, which are verified with a secure database, such as a blockchain ledger, that provides manufacturer device information and certification. Upon authentication, the hub permits the identified device to connect to the secure network. The hub may also configure the now identified device for security and operational parameters. The hub may also retrieve network traffic pattern information from the secure database and use such information to monitor normal expected activity from the identified device.

Abstract: Systems and methods of biometrically authenticating a user of a device. A biometric sample of a user can be analyzed to generate a user-specific biometric signature that is substantially unique to the specific user. To authenticate a user, a biometric sample can be obtained and analyzed to determine if the biometric signature is present in the sample. If so, the user can be biometrically authenticated to use the device. The device can provide a network with an indication of the authentication of the user to authenticate the device to the network. In response to the authentication, the network can provide the device access to the network, its resources, or portion(s) thereof.

Abstract: The disclosed computer-implemented method for computing a risk score for stored information may include (1) extracting factor-specific information from metadata describing characteristics of files stored on multiple storage devices, (2) assigning at least one respective factor score to at least one respective factor based at least in part on the factor-specific information, and (3) calculating the risk score from the at least one factor score. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An industrial automation device with a token to be used as authentication information in information exchange between a first cloud service and the industrial automation device, a mobile device is connected to the industrial automation device and to a cloud service that is the first cloud service or a second cloud service. After authenticating the user of the mobile device to the cloud service, a token is generated by the cloud service to the first cloud service, and forwarded via the mobile device to the industrial automation device. If the cloud service that generated the token is the second cloud service, the token is forwarded via the mobile device, after the mobile has been authenticated in the first cloud service, the first cloud service. Thereafter the industrial automation device and the first cloud service may communicate directly with each other using the token for authentication.

Abstract: This application describes various embodiments to manage multiple security certificates in a wireless device, including switching between different security certificates to support different functions, including supporting connectivity for multiple industry sectors that use different certificate authorities, and/or supporting different operational modes that require different security certificates for performing administrative functions. The wireless device includes a smart secure platform (SSP) or an embedded Universal Integrated Circuit Card (eUICC) that stores multiple security certificates to use for different industry sectors and/or for different operational modes.

Abstract: The present invention relates to a communication system is provided, wherein the communication system comprising: a first communication unit, comprising a first communication processor for providing communication via a first channel, at least one second communication unit separate to the first communication unit, comprising a second communication processor for providing communication via a second channel, a coupling unit for coupling the first communication unit with the at least one second communication unit, wherein the first communication unit further comprises: a communication control unit coupled to the second communication unit via the coupling unit, wherein the communication control unit is configured to enable the mutual utilization of electronic resources between the first and second communication unit, and an encryption unit for providing encrypted communication via as well the first communication channel and the second communication channel.

Abstract: Certain aspects and features provide an automated process for a server switching from a self-signed digital certificate to a digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines if it is using a self-signed digital certificate. If so, the server automatically creates and sends a certificate signing request, receives a CA-signed digital certificate, and replaces the self-signed digital certificate in its key store with the CA-signed digital certificate. The server then includes the new, CA-signed digital certificate in the server hello message sent back to the client to establish the encrypted communication session.

Abstract: Certain aspects and features provide an automated process for a server switching from existing digital certificate that is expired or about to expire to a new digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines whether it is using a renewable digital certificate. If so, the server automatically creates and sends a certificate signing request; receives a new, CA-signed digital certificate; and replaces the existing digital certificate in its key store with the new digital certificate. The server then includes the new digital certificate in the server hello message sent back to the client to establish the encrypted communication session.

Abstract: A method, including, associating a wireless tracker with an asset, tracking a location of the asset via the wireless tracker, determining a recipient mobile device authorized to accept receipt of the asset, determining a recipient mobile device holder is authorized to accept receipt of the asset, determining if the location of the asset is within a defined delivery location, determining if the authorized recipient mobile device is within the defined delivery location, sending a passcode to the authorized recipient mobile device if the authorized recipient mobile device location and the location of the asset are within the defined delivery location, receiving an authenticated passcode from the authorized recipient mobile device within the defined delivery location and notifying a delivery agent that delivery of the asset is approved.

Abstract: Techniques described herein improve database security by reducing network attack surface area in conjunction with deep input validation. In an embodiment, a database session receives one or more network packets sent via a network, the database session including a database session state that specifies one or more database privileges. The database session reads said one or more network packets into one or more request-packet-buffers, wherein said one or more request-packet-buffers include an RPC op code for a database operation. Based on the one or more database privileges associated with the user associated with the database session, the database session determines whether the RPC op code may be executed. In response to determining that the RPC op code may be executed by said database session, the RPC op code is executed. In response to determining that the op code may not be executed by said database session, the execution of the RPC op code is prevented.

Abstract: The present invention relates to a method for authorization management in a community (106) of connected objects (103, 104, 105), a master object being determined in said community, the method comprising: receipt, by the master object (102), of a request (110, 123, 130) to carry out an action concerning: the community (106) of connected objects (103, 104, 105) or an internal object of the community (106), the internal object being distinct from the master object (102); receipt (119, 124, 137) of a list of attributes (101), by an authentication server (107) that is distinct from the master object (102); after the list of attributes is verified by the authentication server (107) and a capability of the requesting object (101) is determined based on said list of attributes, receipt (201, 211, 221) by the master object (102) of an authentication token comprising said capability; transfer (202, 212, 222) of said authentication token to said requesting object (101).