Abstract: A method and a system for providing a bridging solution in order to ensure that a current authentication protocol remains effective when a new authentication protocol is to be introduced but has not yet been implemented at both ends of an interaction between a requesting application and a database are provided. The method includes determining whether a first authentication protocol that is currently implemented by the application is the same protocol as a second authentication protocol that is currently implemented by the database. When the two protocols are different, the first protocol is used to validate a request for data submitted by the application in conjunction with authentication information; the authentication information is converted into a format that is usable by the second protocol; and the converted information is used with the second protocol to generate information that indicates that the request has been authenticated.

Abstract: Generating a persona key based on at least internet protocol session information associated with a user equipment and user data associated with the user equipment is disclosed. The disclosed subject matter can enable communication of the persona key to a capturing device to enable a portion of information from a user profile correlated to the persona key to be communicated to a receiving device. In some embodiments, the persona key can further be based on time, date, location, user input, etc. The persona key can be a dynamic representation of identification that can be more secure than conventional static representations. Additionally, the persona key can be communicated by optical, audio, or electromagnetic techniques that can avoid a user having to speak an account number, password, username, etc., to provide access to the portion of the information from the user profile.

Abstract: An electronic device for managing secured data containers, the electronic device comprising at least one network interface, at least one memory storing executable instructions, and at least one processor coupled to the at least one network interface and the at least one memory. Execution of the executable instructions by the at least one processor causes the electronic device to receive a request for data container creation, retrieve data related to the request for data container creation, retrieve one or more parameters constraining use of the data, encrypt the data using a public encryption key, encode the encrypted data into a data storage area of a data container, encode the one or more parameters constraining use of the data into a machine readable parameter storage area of the data container, and assign a UUID to the data container.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: A method for authenticating a vehicle with a service unit by way of a central computer unit external to the vehicle is provided. An initial value is transmitted from the service unit to the authentication unit and, depending on the initial value, the authentication unit reads a request command from a request table and outputs it to an interface of the vehicle. The authentication unit receives an output value from the interface, generated in response, and calculates a vehicle check value from the output value. The vehicle check value and the initial value are transmitted to the central computer unit. Depending on the initial value, the central computer unit reads a characteristic value from a characteristic value table and calculates a further vehicle check value. When the vehicle check value and the further vehicle check value match the central computer unit sends a predetermined enable signal to the service unit.

Abstract: A blockchain-based user privacy data providing method and apparatus is provided. The method includes receiving a data consumption request from a data consumer, where the data consumption request requests user privacy data of a target user, the user privacy data includes personal data that is pre-encrypted and uploaded to a trusted execution environment (TEE), and the TEE is constructed in a blockchain node; performing predetermined verification on the data consumption request in the TEE based on request body data corresponding to the data consumption request using a smart contract deployed in the blockchain to obtain a corresponding predetermined verification result; if the predetermined verification result satisfies a verification success condition, obtaining target privacy data for the data consumption request, and sending the encrypted target privacy data to the data consumer, where the target privacy data is obtained in the TEE based on the user privacy data stored in the blockchain.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically controlling access and limiting functionality of a computer workstation based on which user is currently logged in. In some implementations, an overwatch application is installed on the workstations to be controlled and monitored. If an authorized, but limited, user logs in, the overwatch application can initiate a lockdown process on the workstation. In some instances, the lockdown process is managed by a dedicated lockdown application, which is initiated or notified from the overwatch application, and which can initiate a lockdown of particular applications, functionality, and allowed interactions on the workstation until the limited user has completed their task and a new user logs in.

Abstract: A method for protecting confidential information in an EV power transfer system includes determining whether there is an abnormality in a storage device in which confidential information for transferring electric power from a charging station to the EV is stored. The method further includes transmitting a message warning a risk of leakage of the confidential information when it is determined that there is the abnormality in the storage device. An apparatus for protecting confidential information in an EV power transfer system includes a processor and a memory storing instructions that cause the processor to perform the method.

Abstract: The present disclosure pertains to validation of runtime objects for a software deployment using a certificate. After creating the runtime objects during a build process, a certificate may be generated based on the runtime objects. The certificate may include a fingerprint of the runtime objects that may be used before deployment to determine whether the runtime objects have been changed. Before deployment, the runtime objects and the certificate may be obtained and the certificate may be validated. In addition, the runtime objects may be validated using the fingerprint included in the certificate. For instance, the fingerprint may be re-generating based on the runtime objects for deployment. The runtime objects may be validated by comparing the re-generated fingerprint to the fingerprint in the certificate. The runtime objects may be deployed if the certificate and the runtime objects are valid.

Abstract: Systems, and methods are provided to provide cloud-based coordination of customer premise service appliances. A system can include a cloud-based service platform, which includes a coordination server and a cloud-based service appliance, and an on-premise service appliance. The coordination server is configured to establish a service session, select a service appliance, and control a sequence of operations on the selected service appliance. Establishing the service session can include establishing a service session with a first client in response to a service request received from the first client, the first client associated with an account including a service policy. Selecting the service appliance can include selecting the cloud-based service appliance or the on-premise service appliance, based on the service policy, to handle the service request.

Abstract: In general, this disclosure describes encryption engines that adaptively synchronize signals and suppress glitch propagation in a data decryption pipeline. An apparatus includes a decryption data path having a plurality of computational stages arranged in a pipeline configured to decrypt an encrypted block of data to form a decrypted block of data. One of the computational stages included in the pipeline of the decryption data path includes multiple asymmetric logical paths. A first signal traverses a first logical path and a second signal traverses a second logical path having a greater number of logical units than the first logical path. A glitch suppression register of the apparatus is configured to synchronize the first signal with respect to the second signal such that the first signal and the second signal arrive at a downstream logic element of the computational stage of the decryption data path at substantially a same time.

Abstract: Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized.

Abstract: An apparatus for sharing location information of a vehicle may include: a communication circuit configured to communicate with a server, and a processor electrically connected with the communication circuit. The processor may be configured to receive, via the communication circuit, authentication information for sharing the location information of the vehicle from the server; transmit, via the communication circuit, the authentication information to an external device, which is a target for sharing the authentication information, such that the external device receives the location information from the server; and acquire the location information from the server using the authentication information.

Abstract: A programmable integrated circuit device includes a programmable core, a boot device configured to boot up the programmable core, and a one-time programmable memory module controlling life cycle states of the programmable integrated circuit device, including (i) an operational state during which programming resources of the programmable device are locked, and (ii) an inspection state in which the programming resources of the programmable device are accessible. The one-time programmable memory module is configured to allow unidirectional advance from the operational state to the inspection state, when authorized by a lock control circuit responsive to control signals from the boot device to authorize the unidirectional advance from the operational state to the inspection state. Authorization of the unidirectional advance may be limited to a time interval during a boot cycle of the programmable device. The unidirectional advance may be based on receipt of an authenticated request from a requester.

Abstract: For each of a number of naming deviation types, the number of deviations within a domain name of a domain is determined. Each naming deviation type is a different type of deviation from domain name naming rules. For each naming deviation type for which the number of deviations is non-zero, first benign and malicious probabilities that benign and malicious domains, respectively, have the naming deviation type are estimated. Second benign and malicious probabilities that any given domain is respectively benign and malicious are estimated. Probabilities that the domain is benign and malicious are estimated based on the number of deviations for each naming deviation type and based on the estimated first and second benign and malicious probabilities. Whether the domain is benign or malicious is determined based on the estimated probabilities that the domain is benign and malicious.

Abstract: A system and method for automatically adjusting a learning mode duration on a virtual computing instance for an application security system extends a minimum duration of time for the learning mode duration for a guest agent running in the virtual computing instance based on a condition with respect to suspicious activities and deviations from normal behaviors detected during a fixed time interval. The guest agent is switched to a protected mode when the condition with respect to the suspicious activities and the deviations from the normal behaviors is satisfied for any fixed time interval after the minimum duration of time.

Abstract: A computer-implemented method includes: determining assets held by a remitter, the assets to be spent in a remittance transaction between the remitter and one or more payees, in which each asset corresponds to a respective asset identifier, a respective asset amount, and a respective asset commitment value; determining a remitter pseudo public key and a remitter pseudo private key; determining a cover party pseudo public key, in which the cover party pseudo public key is obtained based on asset commitment values of assets held by the cover party; and generating a linkable ring signature for the remittance transaction.

Abstract: A terminal apparatus (1) includes a data acquisition unit (113) that acquires data from a business server (2) by transmitting a request to access a one-time URL indicated by URL information received from the business server (2). The business server (2) includes a URL generation unit (212) that generates a one-time URL, an expiration date setting unit (213) that sets an expiration date of the one-time URL, an authentication processing unit (216) that authenticates the terminal apparatus (1), and a state setting unit (215) that sets either an authentication function active state or an authentication function inactive state within the expiration date of the one-time URL. In a case where the authentication processing unit (216) receives the access request, the authentication processing unit (216) starts an authentication process when the authentication function active state is set, and avoids executing the authentication process when the authentication function inactive state is set.

Abstract: A system and methods for identifying personal identifiable information in a data container are disclosed. The system and methods interrogate data at its most fundamental level, thereby allowing complex rule matching to occur. This can be coupled with a data in transit analysis mechanism, or be integrated into a data store search mechanism, to ensure maximum awareness of any potential issues with the security of the qualified data elements.

Abstract: In one embodiment, a network assurance service maintains a first set of telemetry data from the network anonymized using a first key regarding a plurality of network entities in a monitored network. The service receives a key rotation notification indicative of a key changeover from the first key to a second key for anonymization of a second set of telemetry data from the network. The service forms, during a key rotation time period associated with the key changeover, a mapped dataset by converting anonymized tokens in the second set of telemetry data into anonymized tokens in the first set of telemetry data. The service augments, during the key rotation time period, the first set of telemetry data with the mapped dataset. The service assesses, during the time period, performance of the network by applying a machine learning-based model to the first set of telemetry data augmented with the mapped dataset.