Abstract: A system for tracking an asset including one or more processing devices that identify a spatial region in a complex number space, the spatial region being associated with the asset, receive a user defined password, identify a plurality of key locations within the spatial region at least in part using the user defined password, calculate key numerical values at each of the plurality of key locations using a defined complex number formula and use the key numerical values to generate an encryption key. The asset can be associated with a user by storing an asset record in a database which is indicative of an asset identifier, the spatial region and an encrypted payload derived using the encryption key.

Abstract: A system and method for binding or assigning network access credentials to computer chip modules may include transmitting to a remote server a set of initialization data items each including an identification and a derivation of a secret value; and receiving from the remote server credential files, each including encrypted network access credentials and an initialization data item. For each computer chip module, a credential file may be installed on the computer chip module, an identification and a secret value may be installed on the computer chip module, and binding software may be executed. The execution of the binding software may accept as input the identification and a derivation of the secret value and may cause extraction of the network access credentials if the identification and the secret value when input to a formula result in a match.

Abstract: A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

Abstract: A computer-implemented method includes: establishing a connection between a user device of a user and a system onboard a vehicle being driven by the user; requesting access, through the established connection, to user information on the user device; in response to a grant of access, retrieving at least a portion of the user information from the user device, the portion of user information including a digital identification document of the user that had been issued by an entity after having vetted the user, the digital identification document including a digital biometric of the user as well as a digital watermark indicating the issuing entity; and retaining, on the system onboard the vehicle, data encoding the digital identification document of the user on the vehicle such that when the vehicle is inspected by a third-party agent, the digital identification document of the user is presented to the third-party agent.

Abstract: Methods for transitioning an existing TLD from an existing registry operator to a new TLD of a new registry operator, the new TLD subsequently accessible over a communications network, the existing TLD having a non-operational zone or an operational zone.

Abstract: Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have two clocks. The first clock is a real-time clock and the second clock is a variable-time clock. The variable time clocks are synchronized and run at the same rate, faster or slower than real time. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp obtained from their variable time clocks. Since the computing systems have synchronized variable-time clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another.

Abstract: Described herein is a data security system for enabling tokenized access to sensitive data, including a token provider configured to initiate a secure connection with a remote client computing device of a first data subject, and receive, from the remote client computing device, a request for an access token to provide a service provider with access to sensitive data associated with the first data subject. The request includes a data definition and authorization parameters including a data source identifier. The token provider is also configured to generate the access token that enables access to the sensitive data from the data source, store the access token in a token database, and transmit, to the remote client computing device, a response including the access token and instructions that enable the remote computing device to display the access token to the first data subject or transmit the access token to the service provider.

Abstract: Techniques are described herein that are capable of providing security for code between a code generator and a compiler. The code generator generates source code. The code generator generates a first checksum of a file that includes the source code. The code generator provides the first checksum to the compiler via a secure channel. The compiler generates a second checksum of the file that includes the source code. The compiler determines whether to compile the source code based at least in part on whether the first checksum and the second checksum are the same. The first checksum and the second checksum being the same indicates that the source code is to be compiled. The first checksum and the second checksum being different indicates that the source code is not to be compiled.

Abstract: An electronic device may include circuitry and an anti-tamper device having a physical characteristic that changes in response to a tamper attempt. The circuitry is configured to determine physically unclonable function (PUF) data based on the physical characteristic and to perform at least one secure operation based on the PUF data. The circuitry is further configured to detect the tamper attempt based a change to the physical characteristic and to perform at least one action in response to detection of the tamper attempt for protecting the electronic device from the tamper attempt.

Abstract: One embodiment a method, including: providing, using a processor, a user challenge over a network, wherein the user challenge is associated with a predetermined gesture to be performed by a user; obtaining, using a processor, user image data; determining, using the user image data, that a user has performed the predetermined gesture; and thereafter providing the user access to information. Other aspects are described and claimed.

Abstract: An authentication system includes: ECUs constituting on-vehicle network and server device communicating with the ECU. The ECU stores ID and encryption key set individually to the ECU and used for authenticating data exchanged between the ECUs. The server device stores the ID and encryption key of the ECU. The ECU includes: first CPU configured to perform: generating authentication data; generating authentication code by encrypting the authentication data using the encryption key; and transmitting the ID, authentication data, and authentication code to the server device. The server device includes: second CPU configured to perform: acquiring the ID transmitted from the ECU; retrieving the encryption key of ECU corresponding to the ID acquired; acquiring the authentication data and authentication code transmitted from the ECU; and authenticating the ECU using the encryption key retrieved.

Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.

Abstract: A communication device may display an instruction screen in a case where a first wireless connection is established between the communication device and a first external device; in a case where it is instructed that a target process is to be executed in a situation where the instruction screen is displayed, supply, to the first wireless interface, first instruction information; after the public key has been sent to the first external device, receive an authentication request from the first external device; send an authentication response to the first external device; receive connection information from the first external device; and in a case where the connection information is received from the first external device, establish, by using the connection information, the second wireless connection between the communication device and a second external device.

Abstract: An information handling system may include a persistent memory configured to be secured via a passphrase; a basic input/output system (BIOS); and a management controller configured to provide out-of-band management of the information handling system. The BIOS may be configured to set the passphrase of the persistent memory, encrypt the passphrase via a first key of a first asymmetric key pair, and transmit the encrypted passphrase to the management controller. The management controller may be configured to decrypt the encrypted passphrase via a second key of the first asymmetric key pair, re-encrypt the passphrase via a first key of a second asymmetric key pair, and transmit the re-encrypted passphrase to an external management console via an out-of-band management interface.

Abstract: Described is a system for side-channel based detection of cyber-attack. In operation, the system converts data bus signals from a platform (e.g., vehicular platform) into a first time series of system states. The system further converts analog side-channel signals from the platform into a second time-series of system states. Anomalous behavior of the platform is detected by comparing the first time series of system states with the second time series of system states to identify violations of predetermined constraints. Upon detection, the anomalous behavior is designated as a cyber-attack of the platform, which causes the platform to initiate an action based on the detected cyber-attack. Such actions include implementing a safe made, etc.

Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

Abstract: Disclosed are various embodiments for account management using a portable data store. In one embodiment, an authentication client is stored in a portable data store. In response to receiving a master security credential from the user, the authentication client decrypts encrypted account data stored in the portable data store. The authentication client detects that a network site is being accessed. The authentication client automatically provides a corresponding security credential to the network site.

Abstract: Methods, systems, and computer-readable media for a client-side filesystem for a remote repository are disclosed. One or more files of a repository are sent from a storage service to a client device. The file(s) are obtained by the client using a credential sent by a repository manager. Local copies of the file(s) are accessible via a local filesystem mounted at the client device. One or more new files associated with the repository are generated at the client device. Using the credential, the one or more new files are obtained at the storage service from the client device. The one or more new files are added to the repository.

Abstract: Techniques are disclosed relating to user authentication. In some embodiments, a first computing device receives, from a second computing device, a request for a user credential to be input into an authentication prompt associated with the second device. The first computing device determines a proximity associated with the second computing device based on a received wireless location beacon and, based on the request and the determined proximity, presents a selection prompt asking a user of the first computing device to select a user credential stored in the first computing device. The first computing device then provides the selected user credential to the second computing device to input into the authentication prompt. In some embodiments, the first computing device receives the wireless location beacon from a remote controller of the second computing device and determines a proximity based on a signal strength associated with the received location beacon.

Abstract: A distributed system responds to a request to enable a restoration capability for a database instance by beginning a process for replicating configuration and transaction data for the database instance. The system associates the replicated configuration and transaction data with a first account and a second account, and prevents termination of the replication process except where consent for the termination is provided by both accounts. In response to a request to restore the database instance, the distributed system accesses the configuration and transaction data using the second account.