Abstract: The present invention relates to a method and a system for inscribing and securely storing cryptographic keys on a physical medium, and to a corresponding physical medium, comprising the following steps: from a first management entity (31), generating (1) a first pair of asymmetric cryptographic keys comprising a first user public key (pub1) and a first user private key (priv1), inscribing (2) the first user private key (priv1) onto a physical medium, and affixing (4) a first tamper-evident concealing element (hol1) to the physical medium in order to conceal the first user private key (priv1) and seal same, said first user private key (priv1) being accessible only by visibly breaking said first tamper-evident concealing element (hol1); from the second management entity (32), generating (6) a second pair of asymmetric cryptographic keys comprising a second user public key (pub2) and a second user private key (priv2), inscribing (7) the second user private key (priv2) onto the physical medium and affixing (9

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: The technology described in this document can be embodied in a computer-implemented method that includes receiving, at one or more servers from a first computing device, (i) first identification information identifying the first computing device or an application executing on the first computing device, and (ii) second identification information identifying a second computing device. The second identification information is obtained by the first computing device by detecting changes to one or more parameters of a magnetic field generated by the second computing device. The method also includes determining, by the server based on the first information, identity information of a user associated with the first computing device, and transmitting, from the one or more servers to the second computing device, the identity information, such that the identity information is usable by the second computing device to verify an access attempt by the user.

Abstract: A wireless communication system enables one-sided authentication of a responder device (120) by an initiator device (110) and mutual authentication of both devices. Embodiments of the initiator may have a message unit (116) and a state machine (117). The initiator starts by acquiring a responder public key via an out-of-band action and sends an authentication request. The responder sends an authentication response comprising responder authentication data based on a responder private key and a mutual progress status indicative of the mutual authentication being in progress for enabling the responder device to acquire an initiator public key via a responder out-of-band action. The initiator state machine is arranged to provide a mutual authenticating state, engaged upon receiving the mutual progress status, for awaiting mutual authentication. Thereby long time-out periods during wireless communication are avoided, while also enabling the initiator to report communication errors to the user within a short time.

Abstract: In one embodiment, a device in a network tracks traffic features indicated by header information of packets of an encrypted traffic flow over time. The encrypted traffic flow is associated with a particular host in the network. The device detects an operating system start event based on the traffic features and provides data regarding the detected operating system start event as input to a machine learning-based malware detector to determine whether the particular host with which the encrypted traffic flow is associated is infected with malware. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.

Abstract: This disclosure describes a cyber-security protocol for validating messages being exchanged between two devices of an autonomous vehicle. The protocol includes the independent generation of multiple encryption or session keys by both devices. The encryption keys are generated based on a random number provided by each device. In some embodiments, the random numbers can be accompanied by a shared secret key installed on both devices that can help prevent an unauthorized device from creating a shared set of encryption keys with one of the devices. Including a hash generated using one of the encryption keys and a message sequence counter value in each message can help prevent the injection of previously transmitted messages as a means of disturbing operation of the autonomous vehicle.

Abstract: Techniques are provided herein for coordinated data obfuscation. In one example, a first network device in a network obtains, from a controller in or having communication to the network, an obfuscation parameter that is further obtained by one or more second network devices in the network. Personally Identifiable Information (PII) of the first network device has a given logical relationship to PII of the one or more second network devices. Based on the obfuscation parameter, the first network device obfuscates the PII of the first network device to generate obfuscated PII of the first network device. The obfuscated PII of the first network device has the given logical relationship to obfuscated PII of the one or more second network devices. The first network device provides the obfuscated PII of the first network device to a server configured to collect the obfuscated PII of the one or more second network devices.

Abstract: An embodiment of the present invention is directed to a Re-Run Dropped Detection Tool that provides various features and tools to prepare, execute and monitor status of a Re-Run process. An embodiment of the present invention is directed to an automated dispatch/monitoring of alert jobs as well as monitoring of Re-Run as a Service (RRAAS) solution.

Abstract: A server provides activities and/or services to a player through a device. In response to a request from the device, information known to a player is determined and sent to the device via the server. In this fashion, verification can be made that the device is communicating with the server.

Abstract: Examples described herein relate to integrating a blockchain-enabled reader with a blockchain network over machine-to-machine communication protocol. A subscriber node may receive event data published by a publisher node. The event data may be communicated to the publisher node from a blockchain-enabled reader using a machine-to-machine communication protocol. The event data may be attested by the blockchain-enabled reader using a decentralized identity provisioned to the blockchain-enabled reader from the blockchain network. The decentralized identity of the blockchain-enabled reader may be verified. The event data may be submitted by the subscriber node to a distributed ledger upon successful verification of the decentralized identity of the blockchain-enabled reader.

Abstract: An information computer system is provided for securely releasing time-sensitive information to recipients via a blockchain. A submitter submits a document to the system and a blockchain transaction is generated and submitted to the blockchain based on the document (e.g., the document is included as part of the blockchain transaction). An editor may edit the document and an approver may approve the document for release to the recipients. Each modification and/or approval of the document is recorded as a separate transaction on the blockchain where each of the submitter, editor, approver, and recipients interact with the blockchain with corresponding unique digital identifiers—such as private keys.

Abstract: Systems and methods are described for authorizing users and/or devices. An example method may comprise receiving, from a user device, a request to access a function associated with a service account. The request may comprise an identifier of the user device. The example method may comprise determining, based on the identifier, a primary authority holder of the service account. The example method may comprise determining that a first record on a first distributed ledger associated with the primary authority holder indicates that the user device is associated with the primary authority holder. The example method may comprise determining that a second record on a second distributed ledger associated with the user device indicates that the user device is associated with the primary authority holder. The example method may comprise granting, based on the request, the first record, and the second record, the user device access to the function.

Abstract: Systems and methods providing a processing device to receive, by a software build process executing in a trusted execution environment (TEE) of a first computer system, software source code from a second computer system. The processing device generates a software package by compiling the software source code. The processing device also generates a first signature of the software package and sends the first signature to the second computer system. Responsive to receiving, from the second computer system, a second signature comprising the first signature signed by the second computer system, the processing device further deploys the software package on the first computer system.

Abstract: The disclosure relates to augmented reality vehicle identification with visual light communication. For example, a mobile device may be configured for “scanning” an area having multiple parked vehicles within visual range of the mobile device, to identify a target vehicle. The mobile device may include an application for identifying the target vehicle using visual light communication (VLC) equipment and techniques that present an augmented reality outline or other identification of the target vehicle on the smartphone screen once the vehicle is identified by the system. The encrypted communication channels with the vehicle may be established to utilize vehicle headlamps, interior lights, or another light emitting device to establish the VLC between the user's phone and the vehicle VLC system.

Abstract: Systems and methods for protecting block cipher computation operations from external monitoring attacks. An example apparatus for implementing a block cipher may comprise a memory device to store instructions for computing a block cipher; and a processing device coupled to the memory device. The processing device performs a Data Encryption Standard (DES) cryptographic operation with multiple rounds of a Feistel structure, each round including a substitution function and a transformation function that combines an expansion function and a permutation function into a single operation. The transformation function transforms a first input portion of an internal state of the respective round and a second input portion of the internal state into a first output portion and a second output portion of data. The second output portion is equal to the first input portion and the first output portion is dependent on a combined permutation output from the transformation function.

Abstract: A management apparatus, a management method, and a storage medium that can appropriately deny an application intended not to change a software configuration of a device are provided. The management apparatus includes: an acceptance unit that accepts, from an applicant, an application intended not to change a software configuration of a device; and a processing unit that denies the application based on the number of times of applications accepted by the acceptance unit.

Abstract: The disclosure relates to system and method for managing security risk of information technology (IT) systems in an enterprise. The method includes determining valid trustware components that need to be evaluated for security risk of an IT system within the enterprise; correlating information associated with each of the valid trustware components in a set of data repositories; generating a mapping list comprising the valid trustware components, test cases corresponding to each of the valid trustware components, and test environments corresponding to each of the valid trustware components based on the correlation; triggering trustware security units for testing the valid trustware components based on the mapping list; and identifying security issues associated with the valid trustware components based on the testing. The trustware security units are arranged in a sequential manner or a parallel manner to align with execution of the test cases corresponding to each of the valid trustware components.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a processor, which provides runtime enforcement of data flow integrity. The processor accesses the application binary file from the disk to execute an application and translates the application binary into intermediate representation. The processor applies the logic of data flow integrity controls to the intermediate representation. Specifically, the processor identifies the vulnerable code in the intermediate representation. The processor applies data flow integrity controls to the vulnerable code. The processor adds simple instrumentation that only changes the application's behavior when unauthorized data tampering occurs while preserving the application's normal behavior. When certain operations may cause unauthorized data tampering, the processor takes proper measures to stop the operations. The processor translates the intermediate representation back to a machine code and replaces the original binary with the machine code.

Abstract: A method of generating a secret key according to one embodiment includes generating a share of each of a user and a plurality of other users for a secret key of the user, providing the share of each of the plurality of other users to a user terminal of each of the plurality of other users, receiving a share of the user for a secret key of each of the plurality of other users from the user terminal of each of the plurality of other users, and generating a new secret key of the user using the share of the user for the secret key of the user and the shares of the user for the secret key of each of the plurality of other users.

Abstract: Processing network requests includes receiving a request for a target media element available at a requested location. The request can identify a media repository that stores the target media element. A substitute media element that has content approximately equivalent to content of the target media element can be determined. The substitute media element can be stored on a sub-network connected to the network. A selection page having a link to the location of the substitute media element on the sub-network can be generated. A response to the request for the target media element can include the selection page, so as to offer a user a choice of media source.