Abstract: A system for information interaction includes: an electronic tag configured to present a two-dimensional code; a binding relationship existing between a first terminal and the two-dimensional code; a second terminal configured to: scan the two-dimensional code, generate login request information, send the login request information to the information interaction platform, the login request information including identifier information of the second terminal; receive content presentation information corresponding to the two-dimensional code returned by the information interaction platform, according to the identifier information, and perform information interaction with the first terminal according to a communication manner selected from the content presentation information; and an information interaction platform configured to receive the login request information, authorize and authenticate the second terminal according to the identifier information, and send the content presentation information to the second

Abstract: Various systems, methods, and apparatuses relate to managing data transmissions from one or more Internet of Things (IoT) devices. A method includes discovering one or more IoT devices; tracking data transmission between the one or more IoT devices and an IoT server; restricting audiovisual data transmission by at least one of the one or more IoT devices based on a user profile associated with a user by providing an instruction to the at least one of the one or more IoT devices; determining that the at least one of the one or more IoT devices is continuing to transmit audiovisual data to the IoT server subsequent to the restriction; based on the determination, denying network access; and presenting, via a user device, a user interface including an indication whether communications to the IoT server have been prevented for each of the one or more IoT devices.

Abstract: Methods, systems, and media for protecting and verifying video files are provided.

Abstract: Implementations include receiving an AAG that at least partially defines a digital twin of an enterprise network and includes rule nodes each representing an attack tactic that can be used to move along a path, determining security controls each mitigating at least one rule node, executing an iteration of a simulation of a sub-set of security controls in the enterprise network, the iteration including: for each security control in the set of security controls, determining, an influence score that represents a change in a security risk from implementing the security control and a rule distribution, defining the sub-set of security controls based on the first influence scores, and reducing the AAG based on the sub-set of security controls to provide a residual AAG, determining a decrease in a graph risk value and the first AAG, and selectively implementing the sub-set of security controls in the enterprise network.

Abstract: A system for a vehicle includes a computer, a first electronic control module, and a wired vehicle communications network coupling the computer and the first electronic control module. The computer is programmed to transmit authentication keys to the first electronic control module and a plurality of second electronic control modules via the wired vehicle communications network, encrypt a table of the authentication keys using a first key, store the encrypted table, transmit the encrypted table to the first electronic control module via the wired vehicle communications network, and transmit the encrypted table and the first key to a remote server spaced from the wired vehicle communications network.

Abstract: A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

Abstract: A method identifying clusters with anomaly detection. The method includes aggregating a set of events, of a user, to generate a user vector in response to identifying an event of the set of events. The method further includes aggregating a set of user vectors to a periodic vector for a time period. The method further includes processing a set of periodic vectors to generate a periodic distance. The method further includes selecting the time period, corresponding to the periodic vector, using the periodic distance and a threshold. The method further includes processing the set of user vectors to generate clusters of user vectors, wherein the set of user vectors includes the event during the time period. The method further includes processing the clusters of user vectors to identify a selected cluster and performing an action to a set of user accounts corresponding to the selected cluster.

Abstract: According to an embodiment, a communication control device includes a communication unit and a jamming control unit. The communication unit wirelessly communicates with a first device and uploads information acquired from the first device to a second device via a network. The jamming control unit allows jamming radio waves to be output to interfere with wireless communication between the first device and a device other than the communication control device, the device being to perform wireless communication in a communication band used by the first device.

Abstract: A computerized-system for anomaly detection of Point-to-Point avionic communication messages via a message-bus between an entity to one or more aircraft-systems in an aircraft during phases of flight, is provided herein. The computerized-system may include a bus-message queue to store bus-avionic-communication-messages transmitted via one or more input buses; an anomaly queue to store anomaly bus-messages; a memory to store the bus-message queue and the anomaly queue; a C-BIT mechanism to operate one or more preconfigured test routines; and one or more processors to operate a rule engine based on a preconfigured ruleset to detect one or more anomalies of bus-avionic-communication-messages for each bus-message in the bus-message queue; The rule engine may be configured to store each bus-message that is detected as an anomaly in the anomaly queue and to send one or more alerts to be presented via one or more external devices for each bus-message in the anomaly queue.

Abstract: A system and method for managing security credentials of a user are disclosed. The method includes establishing a connection with a local web browser hosted on a user device. The method also includes receiving a request for accessing a web application on the local web browser hosted on the user device. The method also includes determining whether current web page associated with the web application on the local web browser requires authentication of the user. Further, the method includes determining a password policy. Furthermore, the method includes authenticating the user on the web page using pre-stored user credentials based on the determined password policy. Additionally, the method includes routing the web page of the local web browser to the web application via an intermediate web browser. Also, the method includes providing access of the web application to the local web browser based on privileges associated with the user.

Abstract: A threat management system provides a collection of queries for investigating security issues within an enterprise. Useful inferences are drawn about the value of different queries, and about the security posture of the enterprise, by monitoring contextual activity such as the popularity and context of query usage, patterns of end user modification to queries, and post-query activity.

Abstract: A device for generating a key has a multimode interferometer which can be coupled to a light source and has a light path having an electro-optical material, the light path being configured to obtain light at an input side, influence the light under the influence of a locally varying refraction index of the electro-optical material and provide influenced light at an output side. The device has a receiver configured to receive the influenced light at the output side, and has an evaluator configured to perform an evaluation based on the influenced light and to generate the key based on the evaluation.

Abstract: The disclosure relates to an electronic device for processing a digital key and an operation method thereof. The electronic device for processing a digital key may include a communicator configured to receive a request from a digital key framework, verify a package, a signature information of the package, and a certificate information of the target device based on a first authentication information received from the digital key framework and a second authentication information stored in the secure element, and generate the digital key by using configuration information included in the package.

Abstract: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.

Abstract: A sender device includes: a first sequence generator configured to generate a first sequence of bits having a bit pattern that incudes first bit values and second bit values; a first parsing processor configured to receive a first plurality of data blocks and the first sequence of bits, and select a first subset of data blocks and a second subset of data blocks from the first plurality of data blocks based on the bit pattern; an encryption processor configured to encrypt the selected first subset of data blocks received from the first parsing processor to generate encrypted data blocks and output the encrypted data blocks to an output terminal that is configured to output the encrypted data blocks and the selected second subset of data blocks as unencrypted data blocks from the sender device.

Abstract: A chip includes a security core module. The security core module includes a security core and a memory. The security core module prevents access of an external module that is inside the chip and that is other than the security core module, and the security core module prevents access of an external device outside the chip. The security core is configured to generate a layer 1 public key and a layer 1 private key based on a hash of a first root public key and a UDS of the chip stored in the memory; and the memory is configured to store the layer 1 private key.

Abstract: In an aspect of the present disclosure is a system for encrypted flight plan communications, the system including a first computing device communicatively connected to a peer-to-peer network including a second computing device, the first computing device configured to receive a verified flight plan from the second computing device, wherein the verified flight plan is encrypted, wherein the verified flight plan comprises battery datum, and decrypt the verified flight plan.

Abstract: Embodiments of the present invention include a computer program product, a computer-implemented method, and a system, where program code executing on one or more processors (on a client) obtains, from a host within a secure environment, data stored on the host. To obtain the data, the processor(s) establishes a communications connection to a computing resource in the secure environment and authenticates to the computing resource to obtain a key. The processor(s) intercepts the data, encrypts the data, with the key, and stores the encrypted data on a buffer accessible to the client.

Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Abstract: Systems and methods of determining file-access patterns in at least one computer network, the network comprising a file-access server, including training a first machine learning (ML) algorithm with a first training dataset comprising vectors representing network traffic such that the first ML algorithm learns to determine network characteristics associated with file-access traffic, determining, using the first ML algorithm, network characteristics based on highest interaction of traffic with the file-access server compared to other interactions in the at least one computer network, and determining file-access patterns in the at least one computer network based on the network characteristics associated with file-access traffic.