Abstract: A random number sequence generation apparatus includes: a semiconductor laser device repeatedly generating a pulsed laser beam having a disordered phase; an interferometer including a first transmission line and a second transmission line, a first port connected to an input terminal side and to which the pulsed laser beam is input, a second port connected to an output terminal side and outputs the pulsed laser beam, and a third port connected to the input terminal side; a Faraday mirror connected to the second port and reflecting the pulsed laser beam; a photodiode connected to the third port and outputs an electrical signal in accordance with interference light of the pulsed laser beam that is reflected by the Faraday mirror and passes through one of the transmission lines; and an AD converter configured to generate a random number sequence on the basis of the electrical signal and a threshold.

Abstract: A system for and a method of regulating the data interconnections between applications running on an infrastructure are provided. The system/method records access permission data into metadata embedded in the source code of each such application that regulates the data that can be received or transmitted by that application. In addition to regulating the receipt or transmission of data, the metadata can serve to provide instruction to firewalls and other regulating systems in order to configure those systems to allow the applications to receive and transmit data for which permissions have been recorded.

Abstract: An intelligent transportation system, ITS, station (600) comprising: a host processor (640); and a memory (664) operably coupled to the host processor (640). The host processor (640) is configured to: perform precomputation of certificate data associated with an identity to be verified on a per identity basis; store precomputation data for a plurality of verified identities in the memory (664); and extract stored precomputation data from memory (664) and use the stored precomputation data to perform accelerated verification of subordinate certificates.

Abstract: A method includes obtaining assembly code of a first software module, the assembly code comprising one or more assembly functions each comprising at least one basic block. The method also includes computing fingerprints of the basic blocks of the first software module by application of a fuzzy hash function, generating a representation of the first software module as a set of assembly functions each represented as a sequence of fingerprints of its associated basic blocks, and determining a similarity score between the first software module and at least a second software module classified as a given software module type. The similarity score is based on distances between the fingerprints of the basic blocks of the assembly functions of the first software module and corresponding fingerprints of the second software module. The method further includes determining a measure of code sharing between the first and second software modules based on the similarity score.

Abstract: A given node associated with a plurality of nodes registers a decentralized identity for the given node on a decentralized identity blockchain. The registered decentralized identity is controlled by the given node and defined by an identity record stored on the decentralized identity blockchain. The registered decentralized identity for the given node is used to access one or more resources of a given decentralized application.

Abstract: A data encryption system receives data to be encrypted prior to being transmitted to a storage unit. The received data is analyzed to determine a secure storage approach based on a risk level associated with the received data. In response to the risk level satisfying a threshold risk level the data encryption system uses a convergent encryption technique to encrypt the received data, but in response to the risk level failing to satisfy the threshold risk level, the data encryption system encrypts the received data using a key based on a random number. The encrypted data is transmitted to a storage unit.

Abstract: The provision of additional network resources (e.g., in the form of a dedicated super slice), can be requested on demand a per needed basis when higher capacity or performance is requested to facilitate the delivery of a service, when the delivery of the service cannot be met by a network slice associated with the service. A request for using a super slice can be sent to a management gateway device (mGW). The mGW can send the request for authorization to access the additional resources to a management device that manages the additional resources. Authorization can be granted for the additional resources to be used to facilitate or enable tasks that allow for continued delivery of that service.

Abstract: A control device in a vehicle: determines whether the control device is detached from the vehicle; communicates with other control devices mounted in the vehicle; stores an encryption key; performs a calculation process necessary for communication; and prohibits execution of the calculation process using the encryption key when determining that the control device is detached from the vehicle.

Abstract: A method includes sensing through time-of-flight measurements a distance of an object from an electronic device, sensing motion of the electronic device, sensing acoustic signals received by the electronic device, and detecting the presence of a human proximate the electronic device based on the sensed distance, motion and acoustic signals. Access to the electronic device is controlled based on whether a human is detected as being present.

Abstract: An application service request is parsed to identify an application service request parameter of the application service request. The application service request parameter is altered. The application service request is reconstructed to include the altered application service request parameter. The behavior of the application is analyzed while executing the reconstructed application service request to detect a security vulnerability. The detection of the security vulnerability is verified to eliminate false positives.

Abstract: A mobile number of a mobile device can be employed as an authorization factor when the mobile device is connected to a WLAN. When a user attempts to interact with a restricted access server via the mobile device, verification functions loaded on the mobile device determine whether the mobile device is connected to a WLAN. If so, the verification functions cause the mobile device to open a port on the cellular network interface of the mobile device and transmit data packets to a mobile device identification server via a cellular network. The mobile device identification server can then determine the mobile number of the mobile device based on the cellular network IP address of the mobile device, and transmit the mobile number to the restricted access server as an authentication factor.

Abstract: Example implementations relate to code package variants. For example, a system according to the present disclosure, may include a client server, a development environment, a digital signing environment, and a central server. The development environment may generate a plurality of variants of a first portion of a code package. The digital signing environment may create a distinct digital signature for each variant of the plurality of variants of the first portion of the code package with a same second portion of the code package. The central server may transmit to the client server a complete code package comprising a variant of the plurality of variants of the first portion of the code package along with the second portion of the code package and a corresponding digital signature.

Abstract: A computer-implemented method of managing security services for one or more cloud computing platforms is disclosed.

Abstract: Methods, systems and devices for securing a bank account against an unauthorized access from a portable electronic device include or include using an auxiliary security device and a portable electronic device. The portable electronic device is adapted for controlling the bank account via the Internet. The auxiliary security device and the portable electronic device communicate via a Bluetooth protocol. Secure access to the bank account with the portable electronic device is based on a combination of information that is indicative of a key that is stored in the portable electronic device and data that is indicative of the key stored in the auxiliary security device that has been transmitted to the portable electronic device.

Abstract: An authentication process for an endpoint device uses a pair of tokens. Tokens are generated at an authentication server that maintains a data store of token states, where the states are defined to include a “normal” state sequence along which a token is expected to advance. The endpoint device can store a token pair in non-volatile local storage. To authenticate, the endpoint device can provide its stored token pair to the authentication server, which can determine whether authentication succeeds based on the states of the tokens in the token pair. After successful authentication, the authentication server can provide a new token pair to the endpoint device and advance the token states along the normal sequence. When the endpoint device confirms receipt of the new token pair, which replaces the previous token pair, the authentication server can advance the state of the tokens again.

Abstract: A network monitoring “sensor” is built on initial startup by checking the integrity of the bootstrap system and, if it passes, downloading information from which it builds the full system including an encrypted and an unencrypted portion. Later, the sensor sends hashes of files, configurations, and other local information to a data center, which compares the hashes to hashes of known-good versions. If they match, the data center returns information (e.g., a key) that the sensor can use to access the encrypted storage. If they don't, the data center returns information to help remediate the problem, a command to restore some or all of the sensor's programming and data, or a command to wipe the encrypted storage. The encrypted storage stores algorithms and other data for processing information captured from a network, plus the captured/processed data itself.

Abstract: Synchronization techniques for computing systems that interface with external service providers. A method for accessing status and other attributes of an external service provider commences upon identifying an external service such as a firewall appliance or backup repository that provides computing-related functions to computing entities of the computing system. One or more access mechanisms such as an application programming interface is exposed to the external service. The external service is registered with the computing system to use the access mechanism. When the external service detects a change of its state, the external service can communicate that change to the computing system through a “push” operation. The computing system processes the “pushed” data from the external service by verifying the status of the registration and authorization permissions, and then modifies one or more entity attributes of the computing resource entity.

Abstract: A method and system are provided including a data protection module; a display; and a data protection processor in communication with the data protection module and operative to execute processor-executable process steps to cause the system to: present a user interface on a display, the user interface including one or more application packages; receive selection of one of the one or more application packages; present on the display a user-entry field to receive an end-user-role associated with an administrative function, wherein the end-user-role is authorized to access at least one CDS view; receive an input in the user-entry field, wherein the input is one of the end-user-role and a request for assistance; determine whether the selected application package includes at least one core data service (CDS) view; determine whether a data control language (DCL) layer is provided for each included CDS view; and automatically generate the DCL layer for each included CDS view if the DCL layer is not provided for the

Abstract: A computer-implemented method includes: determining assets held by a remitter, the assets to be spent in a remittance transaction between the remitter and one or more payees, in which each asset corresponds to a respective asset identifier, a respective asset amount, and a respective asset commitment value; determining a remitter pseudo public key and a remitter pseudo private key; determining a cover party pseudo public key, in which the cover party pseudo public key is obtained based on asset commitment values of assets held by the cover party; and generating a linkable ring signature for the remittance transaction.

Abstract: A method and an information handling system for security management across a plurality of diverse execution environments. The method includes associating, based on a distributed computing framework, a secure execution environment interface with each diverse execution environment. The method includes receiving a general access policy to access at least one secure memory region associated with a respective one of the diverse execution environments. In response to a request to access a memory region associated with at least one diverse execution environment, the method includes prompting for entry of security credentials. In response to receiving and verifying the security credentials, the method establishes access to the secure memory region of the respective diverse execution environment. The method includes executing a subroutine to modify at least a subset of the secure memory region, and the method includes returning a result to a distributed application via the secure execution environment interface.