Abstract: A method for providing a data record of a vehicle to a third party includes: receiving a cryptographic key pair including a public, cryptographic key and a private, cryptographic key; receiving the data record of the vehicle; encrypting the received data record by the public, cryptographic key; transmitting the encrypted data record to a data memory for storing the encrypted data record; generating a cryptographic hash value for the encrypted data record; transmitting the hash value of the encrypted data record to a blockchain database for storing the hash value of the encrypted data record; receiving a request message from a third party for retrieving the data record; generating a first request message to the data memory and a second request message to the blockchain database on the basis of the received request message; transmitting the first request message to the data memory and the second request message to the blockchain database; receiving the encrypted data record from the data memory in response to t

Abstract: A system has an evaluation server that includes at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the server, a plurality of clients connected to the server and configured to run at least one of the cybersecurity awareness evaluations for play by users on user devices, the users performing actions in the evaluation including offensive actions and defensive actions, and an evaluation dashboard including an interface configured to display scoring results of the cybersecurity awareness evaluations as determined by the server, the scoring results including a plurality of offensive component scores for at least one of the users, a plurality of defensive component scores for at least one of the users, at least one composite offensive score for at least one of the users and at least one composite defensive score for at least one of the users, the composite offensive score being determined based on a plurality of the component offensive scores and the composit

Abstract: A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a service using the derived access token to execute the job.

Abstract: In an example of this disclosure, a method may include receiving, by a database server, a data write request. The data write request may include authentication information corresponding to a first call session and first additional information. The method may include generating, by the database server, a first unique identifier based on the first additional information. The authentication information may correspond to the first unique identifier. The method may include storing the first unique identifier and the authentication information in a data structure in a memory of the database server.

Abstract: A method of data transmission is described. Data content is acquired by processing circuitry of a first terminal. Fingerprint identity information corresponding to the data content is acquired by the processing circuitry of the first terminal. A fingerprint-based transfer request that includes the data content and the fingerprint identity information is sent to a server. In an embodiment, the fingerprint-based transfer request enables the server to establish an association relationship between the data content and the fingerprint identity information, to acquire, in response to receiving a fingerprint-based downloading request from a second terminal, target data content matching the fingerprint-based downloading request according to the association relationship, and to send the target data content to the second terminal.

Abstract: A device may determine, based on one or more first objects of a first version of a firewall filter, a set of first firewall rules and may determine, based on one or more second objects of a second version of the firewall filter, a set of second firewall rules. The device may determine, based on the set of first firewall rules and the set of second firewall rules, modification information related to the firewall filter, wherein the modification information indicates at least one difference between the set of first firewall rules and the set of second firewall rules. The device may identify, based on the modification information, at least one object, of the one or more first objects or the one or more second objects, is a modification or has been added or deleted and may send the at least one object to an additional device.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for using secure enclaves for decryption in unsecured locations. Example methods may include receiving, by a webserver, an encrypted session key from a device, where the encrypted session key is encrypted using a public key associated with the webserver, sending the encrypted session key to a key server for decryption, where the key server is configured to decrypt the encrypted session key in a secure enclave, determining, by the key server, a decrypted session key using a private key, where private key data for a number of private keys is stored at the secure enclave, receiving a decrypted session key from the key server, where the decrypted session key is the encrypted session key in decrypted form, and establishing a secure session with the device using the decrypted session key.

Abstract: A registration apparatus generates a data random number tuple R that is a tuple of random numbers whose quantity is the same as a level quantity L of a hierarchy that a user attribute forms, and that is also a tuple of uniformly random numbers. Also, the registration apparatus accepts a plaintext M and attribute information B.

Abstract: A method for configuring a field device for use in custody transfer and such a field device, wherein the field device has a computing unit and a storage, wherein parameters and/or functions are stored in the storage, and wherein the parameters and/or functions are at least partially configurable. A more flexible configuration of the field device used for custody transfer is achieved by at least two blocking groups being provided, wherein each blocking group comprises at least one parameter and/or at least one function of the field device, at least one blocking group is chosen and evaluated by the computing unit, and the computing unit blocking the parameters and/or functions contained in the chosen at least one blocking group against a subsequent change.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for digital transaction signing for multiple client devices using secured encrypted private keys. The system generates, by a device, a private key and public key pair. The key pair is associated with an electronic account. The device also has an associated private key and public key pair. The device generates multiple key shares of the generated private key associated with the electronic account. The device encrypts each of the multiple key shares with the public key of the device thereby creating multiple first or inner layer of encrypted key shares. The device then encrypts each of the multiple first encrypted key shares each with a separate user public key associated with a user thereby creating multiple second or outer layer of encrypted key shares. The double encrypted key shares are then distributed to the respective users having the user public key.

Abstract: An example operation may include one or more of identifying a current tool configuration used by a tool device to construct semiconductor devices, retrieving a smart contract stored in a blockchain to identify whether an updated tool configuration exists, responsive to identifying the updated tool configuration, transmitting an update that includes the updated tool configuration to the tool device, and responsive to receiving the updated tool configuration at the tool device, initiating construction of the semiconductor devices.

Abstract: A method, computer program product and computer system are provided. A processor retrieves a target file for inspection of malware. A processor converts the target file to a time domain format. A processor determines one or more time-frequency domain features of the converted target file. A processor generates a malicious classification for the target file based on the one or more time-frequency domain features of the converted target file and one or more classification models.

Abstract: Disclosed systems and methods initiate an instance of an isolated application on a node computing device. The systems determine that the isolated application requests exclusive access to a block storage resource, create a control group associated with the block storage resource to provide access to members of the control group and set an access rate limit to zero for non-members of the control group, and assign the isolated application to the control group.

Abstract: A server for providing a token to a mobile terminal includes a network interface and a processing unit coupled to the network interface. The processing unit is configured to receive from the mobile terminal a request asking for the token, to obtain subscriber identification information of the mobile terminal, to obtain a token which includes a user profile associated with the subscriber identification information and to which an electronic signature is added, and to transmit the token to the mobile terminal.

Abstract: Embodiments described include systems and methods of an encrypted cache. An embedded browser of a client application executing on a client device may provide access to a network application accessed via the client application. The embedded browser may detect an event at the client device that causes the network application to send or request application data. The embedded browser may access a copy of the application data from encrypted cache of the embedded browser. The encrypted cache may be maintained for the user and store application data for network application(s) accessed by the user. The embedded browser may use the cached application data for establishing or updating a user interface of the network application for display at the client device.

Abstract: A method for fingerprint unlocking is provided. Multiple fingerprint images are obtained, by acquiring fingerprints through adjusting adjustment parameters of a fingerprint acquisition chip of a fingerprint recognition module, in response to detecting that the fingerprint recognition module is pressed. A target fingerprint image with the best image quality is determined from the multiple of fingerprint images. A terminal is unlocked when the target fingerprint image matches a preset fingerprint image successfully. A terminal is also provided.

Abstract: Example techniques facilitate for applying a share restriction to a curated playlist within a shared playback queue. In example implementations, a first media playback system may share its playback queue with a second media playback system. The playback queue of the first media playback system may include a curated playlist associated with a share restriction. When sharing its playback queue of the first media playback system, the first media playback system may enforce the share restriction on the curated playlist as queued in a second playback queue of the second media playback system.

Abstract: Disclosed are various approaches for validating public keys pinned to services or servers on private networks. A client device can request a first certificate from a trust service. The client device can then validate that the first certificate from the trust service is signed by a preinstalled certificate stored on the client device. Subsequently, the client device can receive a uniform resource locator identifying a network location of a secure sockets layer (SSL) pinning service, wherein the SSL pinning service is configured to provide a hash value for a first public key issued to a computing device. Finally, the client device can receive a second public key from the trust service, wherein the second public key is configured to encrypt network traffic sent to the SSL pinning service.

Abstract: Apparatuses, methods, systems, and program products are disclosed for detecting man-in-the-middle attacks on a local area network. A method includes checking a first set of network settings information associated with a network router. A method includes requesting a second set of network settings information corresponding to the first set of network settings information. A method includes detecting a man-in-the-middle attacker on the network in response to at least a portion of the second set of network settings information not matching the first set of network settings information. A method includes triggering a countermeasure action related to the man-in-the-middle attacker.

Abstract: A wireless network connection method is provided. The method includes: receiving, from a user terminal, an access request to a wireless access point, the access request including a media access control MAC address of the user terminal; sending, by the wireless access point, a key query request to an authentication server, the key query request including the MAC address; and receiving a key query result corresponding to the MAC address of the user terminal if the wireless access point is a trusted wireless access point. The method further includes obtaining a first authentication key corresponding to the MAC address of the user terminal according to the key query result; and negotiating with the user terminal, according to the first authentication key and a second authentication key, to establish an encrypted wireless network connection. The second authentication key is generated by the user terminal corresponding to the MAC address.