Abstract: A method of establishing secure groups of trusted contacts with access rights in a secure communication system. The method includes establishing secure groups of trusted contacts in the secure communication system; storing information corresponding to the trusted contacts of a secure group as a secure group in a database; and determining access rights of the secure group and storing the access rights in the database with the stored information corresponding to the secure group.

Abstract: A multi-die chip assembly is described, the multi-die chip assembly including at least one detection apparatus which detects manipulations of the multi-die chip assembly, the detection apparatus including a distributed circuit including a circuit whose elements are distributed among those dies which include the elements of a local reference circuit, the distributed circuit including a free running clock, at least one local reference circuit disposed in at least one die of the multi-die chip assembly, each of the local reference circuits including a free running clock, and at least one non-volatile memory, in which is stored during manufacture of the multi-die chip assembly, an allowed range of a result of a function having at least two arguments for each reference circuit a value of the frequency of the local reference circuit as manufactured, and a value of the frequency of the distributed circuit as manufactured, at least one element of the plurality of memories being disposed in each die including the elem

Abstract: A method of authorization in a cryptographic system that provides separate authorization for a plurality of different input message groups using a single cryptographic key, including: receiving, by the cryptographic system, a first input message from a first input message group; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first input message group, wherein the keyed cryptographic operation does not produce a correct output when the cryptographic system is not authorized for the first input message group, and wherein each of the plurality of input message groups has an associated set of input messages wherein the sets of input messages do not overlap.

Abstract: Methods, systems, and apparatus for communicatively pairing and securing an electronic device to a vehicle based electronic system. The pairing can enable the electronic device to seamlessly communicate with the electronic device and can provide infotainment to users of the vehicle.

Abstract: A service-based networking capability is presented. The service-based networking capability replaces traditional networking connections between endpoints with service connections between endpoints. The service-based networking capability supports establishment and use of a service connection between endpoints, where the service connection between endpoints may be provided below the application layer and above the transport layer. The establishment and use of a service connection between endpoints may be provided using a connected services stack, which may include a connected services layer that is configured to operate below the application layer and above the transport layer.

Abstract: A method for implemented encryption in a memory card, and a decryption method and device, and the method includes: receiving an input encryption key; requesting a subscriber identity card for authenticating the encryption key; after the authentication is successful, using the encryption key to encrypt plaintext data selected in the memory card the to generate encrypted data; generating encryption status information, wherein the encryption status information describes non-confidential information of the encrypted data. By using the encryption key in the subscriber identity card to encrypt data in the memory card, a user can freely select the data to be encrypted in the memory card, thereby enhancing data security in the memory card, facilitating the user operation, and enhancing the user experience.

Abstract: An apparatus comprising a memory, a processor coupled to the memory and configured to obtain a protection description for media content comprising a plurality of content items, wherein the protection description comprises data signaling at least two protection mechanisms for at least two content items in a media content, wherein each of the at least two content items is protected by one or more of the at least two protection mechanisms, and wherein the protection mechanisms for the at least two content items are different, determine the protection mechanisms for the at least two content items from the data, and process the at least two content items according to their associated protection mechanisms.

Abstract: A method of patching a cryptographic implementation without changing a key in a cryptographic system, including: sending a message from a first message set to the cryptographic implementation, wherein the first message uses a first portion of the cryptographic implementation; deciding to patch the cryptographic implementation; sending a second message from a second message set to the cryptographic implementation after deciding to patch the cryptographic implementation, wherein the second message use a second portion of the cryptographic implementation that is not used for any messages in the first message set.

Abstract: A computer-implemented method for validating digital signatures may include (1) receiving, through a camera of smart glasses, an image of an object, (2) decrypting, using a processor of the smart glasses, a digital signature on the object to obtain a decrypted digital signature, (3) attempting, using the processor of the smart glasses, to validate the object by comparing content of the object with the decrypted digital signature, and (4) outputting a result of the attempt to validate the object from an output component of the smart glasses. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An interactive streaming media and application service provider system can securely stream high resolution, multiple formats of video and data. Different data sets can be included in a single stream. A rights management system controls matrix manipulation and other aspects of user control of the data, including one or more of rendering in various different 2D, 3D, or other media formats, reconstruction and modeling, zooming, frame grab, print frame, parental controls, picture in picture, preventing unauthorized copying, adapting to different data transmission formats, adapting to different resolutions and screen sizes, and actively control functionality contained in embedded data, encryption/decryption. Control can be exerted by an external entity through a user-side virtual machine. Control codes can optionally be embedded in the media, embedded in the user's device, and/or sent separately to the device.

Abstract: A system includes programmable systolic cryptographic modules for security processing of packets from a data source. A first programmable input/output interface routes each incoming packet to one of the systolic cryptographic modules for encryption processing. A second programmable input/output interface routes the encrypted packets from the one systolic cryptographic module to a common data storage. In one embodiment, the first programmable input/output interface is coupled to an interchangeable physical interface that receives the incoming packets from the data source. In another embodiment, each cryptographic module includes a programmable systolic packet input engine, a programmable cryptographic engine, and a programmable systolic packet output engine, each configured as a systolic array (e.g., using FPGAs) for data processing.

Abstract: A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.

Abstract: A method, comprising: storing, at a server device, an electronic resource; receiving, at the server device and from a client device associated with a first user, a request on behalf of the first user to access the electronic resource; responsive to receiving the request on behalf of the first user to access the electronic resource, enabling the client device associated with the first user to access the electronic resource; while the client device associated with the first user is accessing the electronic resource, receiving, at the server device and from the client device associated with the first user, a request to validate a representation of a credential purported to represent another user received by the client device; validating the received representation of the credential as representing a second user; and responsive to validating the received representation of the credential, enabling the first user to electronically sign the electronic resource.

Abstract: A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.

Abstract: Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and providing a basic level of service from the logging service by registering a user account for the security appliance with the logging service. A log is transparently created within the logging service by making use of the automatically configured access settings and treating the logging service as a logging device. A request is received by the security appliance from an administrator to access data associated with the log. Responsive thereto and without requiring separate registration of the administrator with the cloud-based logging service, the data is transparently received by the security appliance from the logging service and is presented via a graphical user interface (GUI) of the security appliance.

Abstract: A particular method includes executing a software component on a virtual machine executing at a computing device. The method also includes monitoring kernel level events of an operating system executing on the virtual machine and monitoring application level events of the operating system. The method further includes analyzing effects of executing the software component on the virtual machine based on the kernel level events and the application level events.

Abstract: This disclosure relates to methods and systems for performing software security audit for an executable code, the method comprising: receiving, by a hardware processor, the executable code along with a plurality of life-cycle artifacts associated with the executable code; performing a security assessment on the executable code and the plurality of life-cycle artifacts associated with the executable code to identify one or more potential security issues associated with the executable code; determining a first set of questions based on the identified one or more security issues associated with the executable code; determining a second set of questions based on a requirements specification associated with the executable code; and performing a security audit session with one or more audit participants based on the first set of questions and the second set of questions.

Abstract: A method for improving the security of secret authentication data during authentication transactions is provided that includes converting the secret authentication data of a user into scrambled secret authentication data by associating a different text-string with each item of information included in the secret authentication data. The method also includes capturing the scrambled secret authentication data with a communications device, and conducting an authentication transaction with the captured authentication data.

Abstract: Embodiments relate to wrapping of a common cryptographic architecture (CCA) key token. An aspect includes wrapping, by an exporting computer, the CCA key token using a key wrapping export function, the CCA key token comprising a CCA key data section and an unencrypted control vector. Another aspect includes splitting the control vector into a first control vector portion and a second control vector portion. Another aspect includes encrypting the CCA key data section and the first control vector portion using an key encrypting key (KEK) to generate a wrapped key block. Another aspect includes binding the second control vector portion to the wrapped key block to form an associated data section, wherein the associated data section is not encrypted, and wherein the wrapped key block and the associated data section comprise a wrapped key token.

Abstract: Establishing secure communication between an implantable medical device and an external device includes: accessing, at the implantable medical device, biological data; utilizing the biological data, at the implantable medical device, to generate a public cryptographic key; and utilizing the public cryptographic key, at the implantable medical device, to generate a private cryptographic key.