Abstract: A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal.

Abstract: A cyber security assessment platform is provided. The platform can assess the security posture of a network by deploying one or more scenarios to be executed on one or more assets on the network and analyzing the outcomes of the scenarios. A scenario can be configured to validate a device or network status, and/or mimic an unauthorized cyber-attack. Each scenario can include one or more phases defining an execution path. Related method, apparatus, systems, techniques and articles are also described.

Abstract: Systems and methods are described for providing decentralized access to a user account. The method may include generating, by an electronic device, a public key and a private key for the user account, generating, by the electronic device, a first inner account block of a blockchain for the user account. The first inner account block may include an identifier for the user account, the public key for the user account associated with the electronic device, encrypted data for the user account, and a signature over contents of the first inner account block using the private key for the user account on the electronic device. The method may further include generating a second inner account block of the blockchain, providing, using the identifier associated with the user account, the blockchain to a plurality of other devices, and controlling access to the user account based on portions of the blockchain.

Abstract: Various methods, apparatuses/systems, and media for implementing an SSH connector are disclosed. A processor deploys a first API to get an active directory groups with a first user list data from a repository. The processor deploys a second API that calls an active directory to get a second user list data that lists users who are in given active directory groups that are authenticated and authorized. The processor also compares the first user list data to the second user list data; deploys a third API that returns active directory groups with users who are listed in the first user list data in the repository but not in the second user list data in the active directory groups; and deploys a fourth API that calls the repository to remove the users from groups in the repository who are not in the second user list data in the active directory groups.

Abstract: Systems and methods for preventing vulnerable software assets from being deployed by modifying the underlying source code in such a way that a build of the software asset will fail. In one aspect of the present disclosure, a system for securing software artifacts in a repository comprises a repository interface communicably coupleable to a software repository to retrieve an original artifact usable for building a software asset, and to replace the original artifact in the software repository with a modified artifact. A security scanner is configured to initiate a security scan of the original artifact and produce an output indicating the presence of a security vulnerability in the original artifact. An encoder is configured to reversibly modify the original artifact to produce the modified artifact, the modified artifact unusable for building the software asset.

Abstract: The disclosed technology teaches confirming proper deployment of sensors, with an authorization server (AS) issuing to a first client a Macaroon access token (MAT), optionally with caveats, including a root signature, and providing the MAT to a client. The client modifies the MAT to produce multiple instances by appending caveats that add a deployment location to each of the instances, and applies a message authentication code (MAC) chaining algorithm to generate updated signatures to include in the instances of a MAT with caveats (MATwC). The first client forwards the multiple instances of the MATwC to respective sensor instances, and a second client receives, from the sensor instances, sensed data and location indicative data, accompanied by respective MATwC instances. The second client verifies that the location indicative data is consistent with the deployment location caveat in the respective MATwC and utilizes instances of the sensed data that are verified as consistent.

Abstract: A system and method of securing a computing device with a remote computer security service includes: identifying a computing device that is subscribed to a remote computer security service, wherein the computing device comprises an anti-authentication application instance provided by the remote computer security service based on the subscription; identifying an occurrence of an anti-authentication action involving the computing device based on anti-authentication policy set to a subscriber anti-authentication account with the remote computer security service for the computing device; responsively to the anti-authentication action, automatically performing by the remote security service or the anti-authentication application instance one or more anti-authentication protective services by protectively altering the computing device based on the anti-authentication policy, wherein the computing device is altered to a protected state from a normal state based on the performance of the one or more anti-authenticati

Abstract: Secure communication between users and resources of an electrical infrastructure and associated systems and methods. A representative secure distributed energy resource (DER) communication system provides for the creation of trust rules that govern the permitted communications between users and resources of an electrical infrastructure system, and the enforcement of the trust rules.

Abstract: In one embodiment, a method comprises: receiving, by a parent network device providing at least a portion of a directed acyclic graph (DAG) according to a prescribed routing protocol in a low power and lossy network, a destination advertisement object (DAO) message, the DAO message specifying a target Internet Protocol (IP) address claimed by an advertising network device in the DAG and the DAO message further specifying a secure token associated with the target IP address; and selectively issuing a cryptographic challenge to the DAO message to validate whether the advertising network device generated the secure token.

Abstract: A computing device includes an array of addressable elements. Each addressable element is a hardware element that generates a substantially consistent response when interrogated. The device includes a processor coupled to the array of addressable elements and configured to communicate using a communication network. The processor receives a public key, and processes the public key to produce at least a set of addresses. Each address in the set of addresses identifies one or more hardware elements in the array of addressable elements. The processor generates a set of responses by interrogating the one or more hardware elements in the array of addressable elements identified by the set of addresses according to a set of reading instructions, appends the responses in the set of responses to generate a private key, receives an encrypted message and decrypts the encrypted message using the private key to generate an unencrypted message.

Abstract: The present disclosure envisages enforcing micro-segmentation policies on a user computer that intermittently migrates between a secured enterprise network and an unsecured network, for instance, a public network. The present disclosure envisages switching between appropriate micro-segmentation policies, in-line with the change in the current location of the user device, the change triggered by the user device migrating from the enterprise network to an unsecured network or vice-versa.

Abstract: In one embodiment, an IoT server includes: processing circuitry, an I/O module operative to communicate with at least an IoT device and a vendor network server, and an onboarding application and operative to at least: receive an onboarding request from the IoT device via the I/O module, send a confirmation request to the vendor network server via the I/O module, where the confirmation request indicates a request to confirm an identity of the IoT device according to a connection to a network device authenticated by the vendor network server, receive a confirmation response from the vendor network server via the I/O module, where the confirmation response indicates whether the IoT device is connected to the network device, and if the confirmation response is a positive confirmation response that indicates that the IoT device is connected to the network device, onboard the IoT device for participation in an IoT-based system.

Abstract: A design inspector tool generates secure source code related to stencils and design elements of an architecture diagram. The design inspector tool may retrieve source code from a source code repository that includes source code that is relevant to the stencils and design elements implemented by the design inspector tool. When or after a user modifies the source code, the design inspector tool feeds contextual information associated with the stencils and the design elements into a trained machine learning logic. The trained machine learning logic processes the contextual information to retrieve contextually relevant auto complete secure code suggestions from the source code repository. The contextually relevant auto complete source code suggestions may be presented to the user as an option for replacing or augmenting the modified source code.

Abstract: A distributed transaction and data storage platform including a distributed notary ledger or blockchain and one or more individual user micro-identifier chains that together enable the secure effectuation and recordation of one or more transactions, and/or storage of data in an automated, real-time, zero-trust, globally data law and privacy law centric manner while maintaining transaction party confidentiality and preventing chain poisoning.

Abstract: An electronic device according to an embodiment includes a first biometric sensor to detect first biometric information, a second biometric sensor to detect second biometric information, a security module to normalize a first decision score for the first biometric information and a second decision score for the second biometric information, generate a decision function model for combined matching of the normalized first and second decision scores, set a threshold score corresponding to a sensitivity level in the decision function model, and perform user authentication for the first and second biometric information based on the decision function model to which the threshold score is applied, and a controller configured to control an operation of the electronic device based on a result of the user authentication performed by the security module. According to the present invention, the electronic device may perform user authentication by an Internet of Things (IoT).

Abstract: Methods and systems for mapping a sharable resource using a one-time password are disclosed. An identifier included in a set of provided credentials uniquely associates the one-time password with an executable within a computing environment that hosts the sharable resource. When credentials are received in association with a mapping request, it is determined whether a supplied username corresponds to a user authorized to access the sharable resource and whether a representation of a supplied password received in association with the mapping request matches a representation of the one-time password. Validating the mapping request provides access to the sharable resource.

Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.

Abstract: An information management method and system stores signatures (e.g., hashes or cryptographically unique IDs) corresponding to the individual data blocks of files or other data objects. The method and system may compare signatures for a file against a database of signatures for other stored files. If there are a threshold amount of matching signatures, the system can identify a relationship between the files, such as to identify potential security threats in the information management system.

Abstract: A vehicle control system includes a controller that is configured to include a memory, a verification module, and a software control module. The memory includes a software version repository to store a public address and one or more software hashes associated with the public address. The verification module is configured to verify a software upload request that includes a recommended software program to be uploaded. The verification module is configured to determine whether a contingent software hash that is indicative of the recommended software program matches a current software hash. The software control module is configured to acquire the recommended software program in response to the contingent software hash matching the current software hash.

Abstract: A building management system comprising an integrated sensor and control system integrated on a single application specific integrated circuit (ASIC). The ASIC combines sensor inputs necessary to monitor ambient light levels, light color, occupation/motion sensors, security sensors, temperature and humidity, barometric pressure, smoke and toxic substance sensors, and a processor to receive the sensor inputs and deliver control output signals to effect changes and make settings to each of the environmental systems that are monitored. The ASIC also provides communication and control security for the building management system, preventing hostile intrusions into the system. The storage, intelligence and processing all reside within the ASIC.