Abstract: Methods and systems for secure data offload in a sensor network. The method comprises offloading data indicative of sensor measurements from a wireless sensing device to a gateway device through a first secure communication channel; and storing the data at the gateway device if there is not currently a second secure communication channel established between the gateway device and the management server. The method continues with offloading the data to the management server when the second secure communication channel is established; and reconciling the data at the management server to generate reconciled sensor measurements in which duplicates have been removed.

Abstract: Systems and methods are provided for adding security to client data by maintaining decryption keys at a server that provide access to encrypted keys that are maintained at a client system with encrypted client data. A specialized protocol is utilized for accessing the decryption keys from the server. Once obtained, the decryption key is used to decrypt the encrypted key at the client and then the newly decrypted decryption key is used to decrypt the encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to the server decryption key. Furthermore, in some instances, the server can also prevent access to the server decryption keys in response to anomalies, such as decommissioning and other asset management events.

Abstract: This relates to a vehicle and, more particularly to, a vehicle configured to perform a secure firmware update. Some examples of the disclosure include receiving a firmware update package including updated firmware for one or more electronic control units (ECUs) of a vehicle. According to the disclosure, the firmware update package can be transmitted to and stored on an untrusted ECU and distributed to one or more target ECUs in a secure firmware update process monitored by a secure ECU.

Abstract: A computer security system comprises a security module adapted to control access to a secure computer resource by a user via a client based on verification of a security credential provided by the user. The computer security system also comprises verification data disposed on the client and accessible by the security module. The security module is adapted to enable the user to recover the security credential based on a response received from the user associated with the verification data.

Abstract: Scalable video coding and multiplexing compatible with non-scalable decoders is disclosed. In some embodiments, video data is received and encoded in a manner that renders at least a base layer to be compatible with a non-scalable video encoding standard, including by assigning for at least the base layer default values to one or more scalability parameters. In some embodiments, video data is received and encoded to produce an encoded video data that includes a base layer that conforms to a non-scalable video encoding standard and one or more subordinate non-scalable layers, which subordinate non-scalable layers do not by themselves conform to the non-scalable video encoding standard but which can he combined with the base layer to produce a result that does conform to the non-scalable video encoding standard, such that the result can be decoded by a non-scalable decoder.

Abstract: A system and method for generating pseudorandom numbers by initializing a counter value for a call-counter, sending a bit-wise form of the counter value from the counter to a mixing function, and mixing the counter value to generate the pseudorandom number. The mixing function may be a XOR tree, substitution-permutation, or double-mix Feistel. The pseudorandom number generator can operate by mixing the bits of the call-counter, repeatedly mixing its own output, or a combination thereof. The counter is incremented by a predetermined value. In order to provide backward secrecy, the pseudorandom number is processed by a one-way function or is hashed with a cryptographic hash function, and the result thereof is used as an input value for a subsequent cycle of the mixing function. Also, several mixing functions can be operated in parallel with their output XORed.

Abstract: An example semiconductor device includes a first integrated circuit (IC) die including a first column of cascade-coupled resource blocks; a second IC die including a second column of cascade-coupled resource blocks, where an active side of the second IC die is mounted to an active side of the first IC die; and a plurality of electrical connections between the active side of the first IC and the active side of the second IC, the plurality of electrical connections including at least one electrical connection between the first column of cascade-coupled resource blocks and the second column of cascade-coupled resource blocks.

Abstract: The present invention provides for protecting against denial of service attacks. A request is sent by a client, the request comprises client indicia. The request is received at a server. A request count is incremented by the server. A sequence number is assigned as a function of the client indicia. A problem is selected by the server. The problem is sent by the server to the client. A solution to the problem is sent to the server. It is determined if the solution by client is correct. If the solution is correct, a session is performed. If the solution is not correct, the request is discarded. This can substantially decrease the amount of attacks performed by a rogue client, as the session set-up time can be substantial.

Abstract: A method comprises obtaining at least a first software module not classified as benign or potentially malicious, extracting a set of features associated with the first software module, the set of features comprising static features, behavior features and context features, identifying a first cluster comprising one or more known software modules previously classified as benign, computing distance metrics between the extracted feature set of the first software module and feature sets of respective ones of the known software modules in the first cluster, classifying the first software module as one of benign and potentially malicious based on a comparison between the computed distance metrics and a neighborhood distance metric based on distances between feature sets of the known software modules in the first cluster, and modifying access by a given client device to the first software module responsive to classifying the first software module as potentially malicious.

Abstract: This disclosure describes techniques for verifying the identity of a user with a network access control (NAC) device in response to receiving a security assertion request for the user. To verify the identity of a user, an NAC device may, in response to receiving a security assertion request from a user agent executing on a client device, cause the user agent to redirect a session verification request to an NAC client executing on the client device. The NAC client may detect the session verification request, and provide information indicative of a valid network access session for the user to the NAC device. The NAC device may verify the identity of the user based on the information indicative of the valid network access session. In this way, an NAC device may verify the identity of a user without requiring the user to re-authenticate with the NAC device.

Abstract: The present invention relates to a combined fingerprint sensing and body area network communication system for communication with an electronic unit using the body of a user as communication medium, comprising: a sensing arrangement and a body area network communication circuitry. The system is controllable between: a fingerprint sensing state, in which a first signal corresponding to the finger potential is provided to a connection electrode and a readout circuitry is controlled to provide sensing signals indicative of the capacitive coupling between each sensing structure and the user's finger; and a body area network communication state in which a second signal is provided to the connection electrode by a first of the electronic unit and the body area network communication circuitry to the other one of the electronic unit and the body area network communication circuitry.

Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.