Abstract: Systems and methods for identifying unknown attributes of web data fragments during operation of a web browser with a web page. A security engine allows for the correct displaying of a web page in a browser when no information is available about the attributes of web data fragments for the web page by identifying the attributes of web data fragments for the web page.

Abstract: Encoding element (100) at least selectively transparent to an infrared or ultraviolet light radiation, incident thereon on a first incidence surface (101), wherein—in the volume defined by said encoding element (100)—a plurality of areas (104) is provided, previously selected and arranged according to a predefined pattern wherein at least one polarisation characteristic of the optical radiation (200) that is incident thereon is varied, wherein the variation of said polarisation characteristic of said incident radiation is varied according to a localised alteration pattern biunivocally associated to a predefined ciphering key, and wherein said plurality of areas is arranged between said first incidence surface (101) on which said infrared or ultraviolet light radiation is incident in use, and a second output surface (102) of said infrared or ultraviolet light optical radiation.

Abstract: Periodically re-encrypting user data stored on a storage device, including: detecting that a data encryption key should be decommissioned; and for user data stored on the storage device that is encrypted with the data encryption key: reading the user data that is encrypted with the data encryption key from the storage device; re-encrypting the user data utilizing a current data encryption key; and writing the user data that is encrypted utilizing the current data encryption key to the storage device.

Abstract: A privacy data integration method and a server are provided. The privacy data integration method includes the following steps. A first processing device and a second processing device respectively obtain a first generative model and a second generative model according to a first privacy data and a second privacy data. A server generates a first generative data and a second generative data via the first generative model and the second generative model respectively. The server integrates the first generative data and the second generative data to obtain a synthetic data.

Abstract: Disclosed are techniques for remotely managing computing devices using blockchain and DICE-RIoT. In one embodiment, a method is disclosed comprising scanning a network to obtain a list of devices on the network; classifying the devices as either controlled or uncontrolled devices; establishing a secure channel with the controlled devices; issuing one or more control commands to the controlled devices over the secure channel, the one or more control commands included within a signed message, the signed message signed using a private key of the sender and verified using a public key of the receiver, the private key and public key generated during the establishing of the secure channel; receiving a response to the control commands; and logging the control commands and the response in a blockchain.

Abstract: A method of sharing content by using a personal cloud device and an electronic device and a personal cloud system using the method are provided. The method includes connecting to a personal cloud device configured to share the content with another electronic device, if a new first content is added to a set first folder, determining an upload condition of the electronic device, and if the upload condition satisfies a set condition, transmitting the first content to the personal cloud device. Accordingly, a user is able to share contents between a plurality of electronic devices by using a personal cloud device in real time.

Abstract: Methods and systems for detecting and correcting anomalies include predicting normal behavior of a monitored system based on training data that includes only sensor data collected during normal behavior of the monitored system. The predicted normal behavior is compared to recent sensor data to determine that the monitored system is behaving abnormally. A corrective action is performed responsive to the abnormal behavior to correct the abnormal behavior.

Abstract: A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data. In operation, a confident subset of a set of biometric values of the subject is extracted, including by performing a transform of the set of biometric values. The transform may variously be a Gabor transform, a wavelet transform, processing by a machine learning system, etc.

Abstract: Apparatus, method, computer program product and computer readable medium are disclosed for trusted computing. A method includes, at an isolated processor including a trusted execution environment and an isolated storage, receiving data encrypted with a first public key; decrypting the encrypted data with a first private key; performing calculation on the decrypted data by using an approved program; and providing the calculation result, wherein the approved program is authorized by a smart contract, a unique identifier of the smart contract is stored in the isolated processor, both the approved program and the isolated processor are verified by at least one participant of the smart contract, and the first public key and the first private key are generated by the isolated processor.

Abstract: There are described computer-implemented methods of obtaining a user input. A first such method comprises: (a) providing access to video content, the video content representing a user interface including a plurality of elements for selection by a user; (b) playing a first portion of the video content to the user; (c) detecting a first user interaction occurring in response to the played first portion of the video content; and (d) determining a first element selected by the user based on one or more properties of the detected first user interaction.

Abstract: A device may receive a packet from a first endpoint that is destined for a second endpoint. The first endpoint may be hosted on the device. The device may determine whether a secure session exists between the first endpoint and the second endpoint. The secure session may permit encrypted traffic to be exchanged between the first endpoint and the second endpoint. The device may process the packet using a set of rules after determining whether the secure session exists between the first endpoint and the second endpoint. The device may encrypt the packet using security information associated with the secure session after determining that the secure session exists, or establishing the secure session when the secure session does not exist. The device may provide the packet toward the second endpoint after encrypting the packet.

Abstract: A web conferencing operator can enable participants to share multimedia content in real-time despite one or more of the participants operating from behind a middlebox via network address translation (NAT) traversal protocols and tools, such as STUN, TURN, and/or ICE. In NAT traversal, participants share a transport addresses that the participants can use to establish a joint media session. However, connectivity checks during NAT traversal can expose a media distribution device hosted by the web conferencing operator to various vulnerabilities, such as distributed denial of service (DDoS) attacks. The web conferencing operator can minimize the effects of a DDoS attack during the connectivity checks at scale and without significant performance degradation by configuring the middlebox to validate incoming requests for the connectivity checks without persistent signaling between the web conference operator and the middlebox.

Abstract: The present disclosure includes secure device coupling. An embodiment includes a processing resource, memory, and a network management device communication component configured to, identifying a network attached device within a first domain. Generating a domain device secret corresponding to the first domain. Each network attached device within the first domain can share the same domain device secret. Coupling iterations may be performed for each device within the first domain can include: generating a network management device private key and public key. Providing, via short-range communication, the network management device public key and the domain device secret to a network attached device communication component included in each network attached device of the first domain.

Abstract: Systems and techniques are provided for decentralized name verification using recursive attestation. A name and identifying information may be received at a computing device. The computing device may determine that there is a contact item that includes both the name and the identifying information in a contacts database stored on the computing device or accessible to the computing device. A positive attestation and an attestation score for an entity associated with the computing device may be sent to be used to generate an attestation score for the name and identifying information. The attestation score for the name and identifying information is used to determine whether to allow the creation of an account with the name. The attestation score for the entity associated with the computing device may be generated based a positive attestation from another computing device.

Abstract: Embodiments described herein relate to implantable medical devices (IMDs) and methods for use therewith. Such a method includes enabling a communication capability of an IMD during a message alert period and monitoring for a message while the communication capability is enabled during the message alert period. In response to receiving a message during the message alert period, there is a determination whether the message is valid or invalid. If the message is invalid, the message is ignored, and an invalid message count is incremented. A further message is monitored for during the message alert period occurs, when the invalid message count has not yet reached a corresponding invalid message count threshold. The communication capability of the IMD is disabled for a disable period, when the invalid message count reaches the corresponding invalid message count threshold. If a valid message is received, the IMD acts upon information included therein.

Abstract: The system and methods described allow a content delivery application to provide temporary access to a content item for display on a content access device based on a user obtaining access to the content item initially on another system. The content delivery application receives content accessed confirmation that user access a content item and then monitors whether that access was interrupted. If the access was interrupted, the content delivery application generates a content access bookmark based on a content timeline and stores a content access authorization comprising the content access bookmark and an identifier from the profile. When the user requests the content item, the content delivery application transmits access information corresponding to segments of the content item, based on the content access bookmark to a user's device.

Abstract: In described examples, a method of routing messages in a system on a chip (SoC) includes a secure message router receiving a message including a content, an identifier of the message's sending (origin) functional block and/or of a receiving (destination) functional block, a message secure value, a promote value, and a demote value. A context corresponding to the identifier is retrieved from a memory. The context includes an allow promote value and an allow demote value. The message secure value is increased if the promote value requests the increase and matches the allow promote value. The message secure value is decreased if the demote value requests the decrease and matches the allow demote value. Cleartext corresponding to the content is made accessible by the destination if the context secure value matches the message secure value. The message is then outputted from the secure message router to the destination.

Abstract: Systems and methods with multiple different modes for bidirectional data transfer of messages encrypted with Random Cipher Pads (RCPs) are disclosed. A direct mode is from one single endpoint to another endpoint in a peer-to-peer fashion. A throughput mode may be configured as a communication between endpoints with a cryptographic data server (CDS) managing communications and additional encryption between the endpoints. The CDS further encrypts the messages such that there is a peer-to-peer encryption between the source endpoint and the CDS and a different peer-to-peer encryption between the CDS and destination endpoints. The throughput mode may also be configured as a broadcast communication between a sender and multiple destinations, each with its own different RCP encryption. A router-to-router mode may be thought of as a specific type of peer-to-peer transfer where the peers on each end are routers, servers, Virtual Private Network servers, and gateways rather than user endpoints.

Abstract: A method of personalizing a security document, which includes a processing method performed by a processing device in order to prepare personalization of a security document. The method includes obtaining personalization data, encrypting the personalization data by using diversification data associated with the security document so as to produce encrypted data, and transmitting the encrypted data to a personalization device. The encrypted data enables the device to personalize the security document by using the encrypted data and the diversification data. Also described is a method of personalizing a security document by means of such a personalization device, as well as devices that employ the methods.

Abstract: The present disclosure relates to a method for using a service processor to communicate with a remote component. The method may involve using the service processor of the device to discover a remote component connected to the device by a network. Once the remote component is discovered, the method may further involve using the service processor to establish a communications channel, using the network, with the remote device. The method may also involve using the service processor of the device to authenticate the remote component.