Abstract: According to certain embodiments, an authentication method of an electronic device, comprises responsive to detecting an external electronic device using a first communication circuit, transmitting first data to the external electronic device using a second communication circuit; determining whether a response to the first data is received; and when the response to the first data is received from the external electronic device, performing communication connection and authentication procedures with the external electronic device.

Abstract: A defense suite for an industrial control system (ICS) network is disclosed. The defense suite is installed and executed on a network server hosting the human-machine interface (HMI) function of the network, thereby gaining communication privileges of the HMI server to query and perform other operations with programmable logic controllers (PLCs) and other assets of the network. The defense suite further comprises a network protection engine (NWPE) that alerts a defense suite user of suspicious activity in the network. Normal behavior of the network is obtained by a learning engine, during a learning period. The learning engine can be reactivated after a configuration change in the network. The data suite also comprises an operating system protection engine (OSPE), for preventing removable devices from accessing the HMI server and a preventing execution of unauthorized executables. The OSPE is also trained for which programs are authorized through its own program discovery module.

Abstract: A communication device stores a first secret key and a first public key, and the on-vehicle authentication device stores a second secret key, a second public key and a signature verification key. The on-vehicle authentication device acquires the first public key, verifies the authenticity of the electronic signature using a signature verification key, encrypts the second public key using the authentic first public key and transmits the encrypted second public key. The communication device receives the encrypted second public key, decrypts the encrypted second public key using the first secret key, encrypts the first public key using the decrypted second public key. The on-vehicle authentication device receives the encrypted first public key, decrypts the encrypted first public key using the second secret key, and authenticates that the communication device is an authentic device when the decrypted first public key has been determined to be authentic.

Abstract: Example threat detection methods and apparatus are disclosed. One example method includes obtaining page code of a first display page group identified by a uniform resource locator (URL) and an overall size occupied by the first display page group in a display area of a browser of a Web sandbox when loading the URL in the browser. After preset dynamic code is injected into the page code of the first display page group, the page code is parsed and executed. A request message is sent when a value of a display variable is greater than or equal to a preset value, to request to obtain page code of a second display page group. A response message that carries the page code of the second display page group is received. It is further detected, in the Web sandbox, whether the page code of the second display page group carries attack code.

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of networks, a plurality of fraud-detection ECUs each connected to a different one of the networks, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a network connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The gateway device receives updated rule information transmitted to a first network among the networks, selects a second network different from the first network, and transfers the updated rule information only to the second network. A fraud-detection ECU connected to the second network acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: Provided is a method for checking the integrity of user data by a processor, which includes a method step for a first check value for the user data to be computed during a security-protected mode of operation. The method includes a further method step for the first check value to be stored in a security-protected memory module of the processor during the security protected mode of operation. The method includes a further method step for a second check value for the user data to be computed during a runtime mode. The method includes a further method step for the first check value to be compared with the second check value by the processor during the runtime mode. The method includes a further method step for a piece of control information to be provided by the processor during the runtime mode, wherein the control information includes a result of the comparing.

Abstract: Users have to assign labels to a ticket to route to right domain expert for resolving issue(s). In practice, labels are large and organized in form of a tree. Lack in clarity in problem description has resulted in inconsistent and incorrect labeling of data, making it hard for one to learn/interpret. Embodiments of the present disclosure provide systems and methods that identify relevant queries to obtain user response, for identification of right category and ticket logging there. This is achieved by implementing attention based sequence to sequence (seq2seq) hierarchical classification model to assign the hierarchical categories to tickets, followed by a slot filling model to enable identifying/deciding right set of queries, if the top-k model predictions are not consistent. Further, training data for slot filling model is automatically generated based on attention weight in the hierarchical classification model.

Abstract: The present disclosure generally relates to creating virtualized block storage devices whose data is replicated across isolated computing systems to lower risk of data loss even in wide-scale events, such as natural disasters. The virtualized device can include at least two volumes, each of which is implemented in a distinct computing system. Each volume can be encrypted with a distinct key, and an encryption service can operate to transform data “in-flight” on the replication path between the volumes, reencrypting data according to the key appropriate for each volume.

Abstract: A computer-implemented method, a device, and a non-transitory computer-readable storage medium of automatically determining an interactive GUI element in a graphic user interface (GUI) to be interacted. The method includes: detecting, by the processor, one or more candidate interactive GUI elements in the GUI based on a plurality of algorithms; determining, by the processor, a likelihood indicator for each of the one or more candidate interactive GUI elements, a likelihood indicator indicating the likelihood that a candidate interactive GUI element associated with the likelihood indicator is an interactive GUI element to be interacted; and determining, by the processor, an interactive GUI element to be interacted from the one or more candidate interactive GUI elements based on the likelihood indicators.

Abstract: An information processing apparatus includes a detection unit that detects a degree of inconvenience to a user who is a target of authority setting, and a setting unit that sets an authority of the user in accordance with the degree of inconvenience.

Abstract: Disclosed embodiments relate to encrypting or decrypting confidential data with additional authentication data by an accelerator and a processor. In one example, a processor includes processor circuitry to compute a first hash of a first block of data stored in a memory, store the first hash in the memory, and generate an authentication tag based in part on a second hash. The processor further includes accelerator circuitry to obtain the first hash from the memory, decrypt a second block of data using the first hash, and compute the second hash based in part on the first hash and the second block of data.

Abstract: The disclosure includes embodiments for an ego vehicle to detect misbehavior. According to some embodiments, a method includes receiving a V2X message from an attacker. The V2X message includes V2X data describing a location of an object at a target time. The method includes receiving a set of CPMs from a set of remote devices. The set of CPMs include remote sensor data describing a free space region within the roadway environment. The method includes determining a relevant subset of the CPMs include remote sensor data that is relevant to detecting misbehavior. The method includes determining, based at least in part on the remote sensor data of the relevant subset, that the object is not located at the location at the target time. The method includes detecting the misbehavior by the attacker based on the determination that the object is not located at the location at the target time.

Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.

Abstract: Various example embodiments of a reliable firewall are presented herein. Various example embodiments of a reliable firewall may be configured to provide a single, stateful firewall spanning multiple routers. Various example embodiments of a reliable firewall spanning multiple routers may be configured to provide a reliable firewall configured to protect high-availability network services, network services using multipath routing, or the like, as well as various combinations thereof. Various example embodiments of a reliable firewall spanning multiple routers may be configured to provide a reliable firewall by supporting synchronization of firewall synchronization information (e.g., firewall policy information, firewall session state information, or the like, as well as various combinations thereof) across the multiple routers.

Abstract: The invention relates to a secure element device comprising at least one processor, at least one communication interface, at least one memory RAM and NVM and at least one bus access controller, wherein the bus access controller defines at least a first area PBL, a second area SBL and a secure area MZ. The first area comprises a first loader program capable of loading a program package in the second area. The secure area comprises an authentication key capable of authenticating the program package loaded in the second area. After authentication of the program package loaded in the second area, the access right of the first loader program is changed in such a way that a program in the first area can no more access the second area.

Abstract: Systems and methods for providing a privacy screen to a network application accessed via an embedded browser of a client application are described. The method includes establishing, by a client application on a client device, a session to a network application hosted on a third party server. The client application includes an embedded browser for accessing the network application. The method further includes identifying, by the client application, a policy for providing a privacy screen to one or more portions of the network application, detecting, by the embedded browser, that the one or more portions of the network application are to be rendered on a display of the client device, and displaying a privacy screen including one or more masks displayed over at least the one or more portions of the network application rendered on the display of the client device via the embedded browser.

Abstract: A method and system are described for controlling access to online applications using memetic authenticators that are de-identified and passwordless. The method includes curating, issuing ownership, and registering memetic authenticators. The method involves assembling an authenticator package including a fingerprint hash value, matched pairs of user-selected memetic authenticator records, a timer, and encrypting the package using a cipher issued and uniquely-assigned by a service provider. Ciphers may be regenerated on each authentication event providing for episodic re-verification. Fingerprints assign ownership for memetic authenticators, with such associations stored on networked nodes of a distributed database. On authenticating, the client-supplied authenticator package is decrypted and compared to ownership records on an identity network for verification and granting or denying access.

Abstract: Embodiments of the present disclosure are directed to techniques for deriving collaborative intelligence based on constraint computing or constraint querying. At a high level, a data trustee can operate a trustee environment that derives collaborative intelligence subject to configurable constraints, without sharing raw data. The trustee environment can include a data privacy pipeline through which data can be ingested, fused, derived, and sanitized to generate collaborative data without compromising data privacy. The collaborative data can be stored and queried to provide collaborative intelligence subject to the configurable constraints. In some embodiments, the data privacy pipeline is provided as a cloud service implemented in the trustee environment and can be spun up and spun down as needed.

Abstract: Methods, apparatus, and systems for automatically determining the access rights to be granted to a telecommunication device to the assets in a first network as a function of the access rights previously granted to that same device in another network.

Abstract: A process for improving network performance in systems that utilize secure domain name system (DNS) schemes. Encrypted DNS requests from devices in a local area network (LAN), such as a home or office, are submitted to a local proxy which stores cached DNS records. The proxy decrypts or examines at least a portion of the DNS request in order search for a matching record in its storage. Matching records are retrieved, encrypted, and supplied to the requesting device to satisfy the DNS request. If the proxy does not contain a matching record, the DNS query is encrypted and submitted to an external DNS server for resolution. The matching record can optionally be saved by the proxy prior to being supplied to the requesting device.