Abstract: Systems and methods for failure characterization of secure programmable logic devices (PLDs) are disclosed. An example system includes a secure PLD including programmable logic blocks (PLBs) arranged in PLD fabric of the secure PLD, and a configuration engine configured to program the PLD fabric according to a configuration image stored in non-volatile memory (NVM) of the secure PLD and/or coupled through a configuration input/output (I/O) of the secure PLD. The secure PLD is configured to receive a failure characterization (FC) command from the PLD fabric or an external system coupled to the secure PLD through the configuration I/O, and to execute the FC command to, at least in part, erase and/or nullify portions of the NVM. The secure PLD may also be configured to boot a debug configuration for the PLD fabric that identifies and/or characterizes operational failures of the secure PLD.

Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: Systems and methods include obtaining criteria for selecting connectors for private application access in a cloud-based system; responsive to a request to access an application, by a user device, located in any of a public cloud, a private cloud, and an enterprise network, wherein the user device is remote over the Internet, determining a connector coupled to the application based on the criteria; and, responsive to a user of the user device being permitted to access the application, stitching together connections between the cloud-based system, the application, and the user device to provide access to the application.

Abstract: Techniques for process privilege escalation protection in a computing environment are disclosed. For example, the disclosure describes a system/process/computer program product for process privilege escalation protection in a computing environment that includes monitoring a process executed on a computing device, detecting an unauthorized change in a token value associated with the process, and performing an action based on a policy (e.g., a kernel protection security policy/rule(s), which can include a whitelisted set of processes and/or configured actions/responses to perform for other/non-whitelisted processes) in response to an unauthorized change in the token value associated with the process.

Abstract: A secure electric vehicle (EV) charger and system incorporating thereof is provided. One embodiment includes an EV charger. The EV charger includes a processor, a low power short range point-to-point communication system, and a memory containing an authentication software application. The processor is configured by the authentication software application to receive an authentication request from a mobile device via the low power short range point-to-point communication system, send encrypted EV charger access credentials to the mobile device, receive a digital token from the mobile device, verify the digital token, and initiate a charging session based upon a command contained within the digital token. The digital token may be encrypted using a public key and may be self-authenticating without use of an internet connection thus enabling secure charging without the presence of an internet connection.

Abstract: Systems and methods include obtaining for a tenant a definition of a sub-cloud in a cloud-based system, wherein the cloud-based system includes a plurality of data centers geographically distributed, and wherein the sub-cloud includes a subset of the plurality of data centers; receiving a request, in a cloud system from a user device, to access an application for the tenant, wherein the application is constrained to the sub-cloud, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the sub-cloud, the application, and the user device to provide access to the application.

Abstract: This disclosure describes systems and methods for protecting commercial off-the-shelf software program code from piracy. A software program may include an executable file having code and data. A platform may modify the executable file such that the data may be placed at a location in memory that is an arbitrary distance from the code. The platform may modify the executable file to include a separation header. The separation header may indicate that the data can be placed at an arbitrary distance in the memory from the code. The separation header may indicate that the code should be loaded into a hardware enclave and that the data should be loaded outside of the hardware enclave. The platform may encrypt the code and provide it to a computing device. The computing device may load the encrypted code into the hardware enclave but load the data into memory outside the hardware enclave.

Abstract: Various aspects involve determining legitimacy of an email address for risk assessment or other purposes. For instance, a risk assessment computing system receives a risk assessment query that identifies an email address. The risk assessment computing system determines a set of features for the email address. For each feature, the risk assessment computing system calculates an illegitimacy score by calculating a deviation of the feature from an expected safe value for the feature that is determined from historical email addresses. The risk assessment computing system aggregates the illegitimacy scores of the plurality of features into an aggregated illegitimacy score and further transmits a legitimacy risk value to a remote computing system. The legitimacy risk value indicates the aggregated illegitimacy score and can be used in controlling access of a computing device associated with the email address to one or more interactive computing environments.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. In an exemplary embodiment, a session authentication system encodes and decodes a set of quantum bits using different quantum bases in order to generate a random number used to generate a session key or a random seed (e.g., a set of bits that is randomized due to quantum effects such as the principle of quantum uncertainty) for pseudorandom number generation used to establish a secure session. An example system includes decoding circuitry configured to receive, over a quantum line, a set of qbits generated based on a first set of quantum bases not received by the decoding circuitry, and decode, based on a second set of quantum bases, the set of qbits to generate a decoded set of bits; and session authentication circuitry configured to generate a session key based on the decoded set of bits.

Abstract: A security agent implemented on a monitored computing device is described herein. The security agent has access to parametric behavioral pattern definitions that, in combination with canonical patterns of behavior, configure the security agent to match observed behavior with known computing behavior that is benign or malignant. This arrangement of the definitions and the pattern of behavior allow the security agent's behavior to be updated by a remote security service without updating a configuration of the security agent. The remote security service can create, modify, and disseminate these definitions and patterns of behavior, giving the security agent real-time ability to respond to new behaviors exhibited by the monitored computing device.

Abstract: Methods and systems for determining whether a software application that is executable by an electronic device is compliant under the Health Insurance Portability and Accountability Act (HIPAA) are provided. A software application is accessed over a network. A programmed computer processor is used to determine whether said software application, upon execution, is at or above an (i) access control threshold, (ii) audit control threshold, (iii) data integrity threshold, (iv) authentication threshold, and (v) transmission security threshold, which thresholds are minimum thresholds for HIPAA compliance. Additionally, a determination that said software application is HIPAA compliant is made if said software application, upon execution, is at or above (i) said access control threshold, (ii) audit control threshold, (iii) data integrity threshold, (iv) authentication threshold, and (v) transmission security threshold. Further, a determination as to whether said software application is HIPAA compliant is output.

Abstract: A vehicle communication device including a processor, wherein the processor: receives first data, and second data that is different from the first data; generates third data based on the received first data and an encryption key; compares the second data and the third data, and authenticates the first data in a case in which the second data and the third data match; and as a result of comparisons that are carried out a plurality of times on receivings that are within a predetermined amount of time after start-up of a vehicle, determines that a case in which the second data and the third data do not match every time is a device abnormal state, and, as a result of the comparisons of the plurality of times, determines that a case that includes matching is a device operating state.

Abstract: The presence of a wireless device and/or accessory that cannot maintain an independent network connection can be detected by network connected wireless devices and the location of the detected device and/or accessory can be reported to a device location service. As the wireless devices and/or accessories do not have independent network connections, periodic maintenance is performed on those devices by nearby owner devices to which the wireless devices and/or accessories are paired or associated. Described herein are systems, methods, and associated devices to maintain a locatable wireless device by a set of multiple owner devices for that wireless device.

Abstract: In embodiments of systems and methods for managing an unmanned aerial vehicle (UAV) identity, a processor of a network computing device may generate an anonymity token that is associated with a digital certificate of a UAV, provide the anonymity token to the UAV for use in operations, receive a request to authenticate the UAV, wherein the request includes the anonymity token, determine whether the anonymity token included in the request is associated with the digital certificate, and send an indication that the UAV is authenticated responsive to the request in response to determining that the anonymity token included in the request is associated with the digital certificate.

Abstract: A vehicle-mounted key-generation method is for a vehicle including electronic control units (ECUs) that communicate with each other via a vehicle-mounted network. At least one ECU includes a key generation module and a key transmission module, and each of the other ECUs includes a key receiving module and a key invoking module. The method includes receiving, through at least one ECU, a secure access request sent from an authorized user through a secure access device, and, after confirming to accept the secure access request from the secure access device, waiting for the secure access device to send a key generation request. The method further includes, after receiving the key generation request, generating a key through the key generation module, using the key transmission module to send the key to other ECUs via the vehicle-mounted network, and receiving the key through the key receiving module in other ECUs.

Abstract: The present disclosure discloses methods and systems for transferring rights, to release a secure print job from one user to another user. The rights to release the secure print job can be transferred based on a request from a primary user i.e., the user who submits the secure print job or based on a request from a secondary user i.e., the user who wants to release the secure print job on behalf of the primary user. Based on the request from any user, a multi-function device transfers rights to release the secure print job from the primary user to the secondary user. Here, transferring rights includes changing ownership of the secure print job from the primary user to the secondary user. Upon successful changing the ownership, the secondary user releases the secure print job originally submitted by the primary user.

Abstract: An example operation includes one or more of generating a key based on an action performed utilizing a component of the transport and a time associated with the action.

Abstract: A non-transitory computer-readable recording medium stores a generation program for causing a computer to execute a process including: dividing a target content into a plurality of blocks so that head information of the target content is distributed to the blocks different from each other, according to a predetermined rule; generating a hash value corresponding to each of the plurality of divided blocks; generating an aggregation hash value by aggregating the generated hash values; and outputting the generated aggregation hash value.

Abstract: Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system. The systems and methods further include, responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.

Abstract: Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.