Abstract: A map information management system includes a map company exclusive application data management device that confirms data authenticity from encrypted data obtained from a dynamic map data management device and generates encrypted data from added map company exclusive application data to dynamic map data by a map company exclusive secret key, and an automotive data management device that obtains added map company exclusive application data to dynamic map data from the map company exclusive application data management device, confirms data authenticity that is added map company exclusive application data to dynamic map data with using a map company exclusive application data public key, and generates encrypted data from data with automotive company exclusive application data by an automotive company exclusive application data secret key. When providing map information via plural organizations, the map information management system prevents data alteration and confirms data authenticity of the map information.

Abstract: A scalable configurable universal full spectrum cyber process that utilizes measure points from sensor observation-derived representations or analytically rich sparse data sets for making selected cyber determinations regarding or utilizing sensor observations or sensor observation subjects.

Abstract: A scalable configurable universal complete spectrum concise datasets platform is provided that utilizes measure points from sensor-observation-derived representations or concise datasets in the making of selected cyber determinations regarding or utilizing sensor observations or sensor observation subjects. The platform utilizes necessary resources and predetermined criteria in the making of selected cyber determinations, the platform utilizes measure points and personalized processes in the accurate or reliable locating of selected analytically rich aspects, characteristics or features from sensor-observation-derived representations, wherein appropriate informational representations are assigned to the selected analytically rich aspects, characteristics, features, measure points or the sensor observation and stored in concise datasets where they may be utilized in real-time or thereafter in the making of selected cyber determinations regarding or utilizing sensor observations or sensor observation subjects.

Abstract: Method and system for recording data describing a first entity, the data endorsed by a second entity comprising the second entity validating data describing the first entity, wherein an identifier is associated with the data, the identifier being generated from a public key of the first entity. Cryptographically signing data corresponding with the data describing the first entity using at least a private key of the second entity. Posting a transaction to a block chain including the cryptographically signed data. Method and system for obtaining data describing a first entity the data endorsed by a second entity comprising. Receiving an identifier of data describing the first entity. Retrieving an entry from a block chain based on the received identifier. Authenticating the entry using a public key of the second entity. Extracting the data describing the first entity from the retrieved entry.

Abstract: The invention relates to a method for tightly coupling context to a secure pin and securely storing an asset in hardware. The method comprises a step of sending the context to a secure element, a step of ensuring that the context is shown to a user, and a step of acquiring user consent by performing an authentication check. Further, the method comprises a step of combining an authentication result with the secured context, and a step of performing an operation on the context with the asset if the authentication was successful.

Abstract: The invention relates to a system of obtaining authorization where there are multiple authorization modules. When an authorization is provided by a module, it is combined with a security token, digital signature or encryption identifying which module provided the authorization. To obtain a full authorization, multiple authorization modules may be required and these modules can be connected in parallel and or in series with each other.

Abstract: A computer-implemented method of securely controlling access to data, the method including a consolidation server creating and securely storing a consolidated file labelled by a user device ID, including a first record including a first app ID and a first account ID, and a second record including a second app ID and a second account ID, transmitting encrypted data, including the consolidated file, to the user device, receiving encrypted data indicating a request to modify the first record from the user device, and responsive thereto, modifying the first record according to the request to modify the first record and securely storing a resulting modified first record, and transmitting to the first issuer server encrypted data, including the first app ID and the first account ID, indicating an instruction to modify the first app's access rights to data relating to the first account according to the request.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core configured to obtain, from a timestamp, a truncated timestamp comprising a first number of least significant bits of the timestamp and not comprising at least one most significant bit of the timestamp, to derive a hash value based at least in part on the timestamp, a payload and a secret value, and to compile a first message comprising the truncated timestamp, the payload and, at least in part, the hash value, and a transmitter configured to be directed by the at least one processing core, to transmit the first message toward a recipient.

Abstract: Examples of the present disclosure provide a method and device for achieving the cloud platform security. In the present disclosure, an Openflow bridge is established on a cloud server of a cloud platform to replace a MAC bridge, the Openflow bridge may achieve the cloud platform security through an Openflow security table.

Abstract: Techniques are disclosed relating to detecting that a client system is an emulated computer system based on its computational performance of one or more challenge problems. In some embodiments, a server computer system may receive, from a client system, a request to access a web service. The server computer system may determine reported technical features of the client system and select a particular challenge problem to provide to the client system. The server computer system may determine an expected response time of the particular challenge problem for the client system. The server computer system may receive a challenge response from the client system that includes a proposed solution to the particular challenge problem. The server computer system may then determine whether to authorize the request based on a measured response time by the client system and the expected response time of the particular challenge problem for the client system.

Abstract: A method for detection and use of device identifiers to enhance the security of data transfers between electronic devices. A first electronic device can transmit access data to a second electronic device. The access data can be associated with a first access code that can be generated based at least in part on data representing a device identifier of the first electronic device. A device identifier can uniquely identify the first electronic device from a plurality of electronic devices. Transferring the access data can involve transforming the first access code into a second access code that can include data representing a device identifier associated with the second electronic device. Transforming the first access code into the second access code can facilitate access to a resource associated with the access data for a second user, but not for a first user.

Abstract: The present invention relates to a method for transmitting an encrypted message at a transmission device, the method comprising: if a first user input to run a message application is detected, displaying a keyboard supporting a security mode; detecting a second user input to select the security mode; switching to the security mode in response to the second user input, and then receiving a message input by a user and temporarily storing the message; if a writing completion instruction of the message is detected on the keyboard, encrypting the message; and transmitting, to a reception device, the encrypted message.

Abstract: Example methods are provided for a firewall controller to implement a distributed firewall in a virtualized computing environment that includes a source host and a destination host. The method may comprise retrieving a first firewall rule that is applicable at the destination host to an ingress packet destined for a destination virtualized computing instance supported by the destination host; and based on the first firewall rule, generating a second firewall rule that is applicable at the source host to an egress packet destined for the destination virtualized computing instance. The method may further comprise instructing the source host to apply the second firewall rule to, in response to determination that the egress packet is blocked by the second firewall rule, drop the egress packet such that the egress packet is not sent from the source host to the destination host.

Abstract: Technologies for cache side channel attack detection and mitigation include an analytics server and one or more monitored computing devices. The analytics server polls each computing device for analytics counter data. The computing device generates the analytics counter data using a resource manager of a processor of the computing device. The analytics counter data may include last-level cache data or memory bandwidth data. The analytics server identifies suspicious core activity based on the analytics counter data and, if identified, deploys a detection process to the computing device. The computing device executes the detection process to identify suspicious application activity. If identified, the computing device may perform one or more corrective actions. Corrective actions include limiting resource usage by a suspicious process using the resource manager of the processor. The resource manager may limit cache occupancy or memory bandwidth used by the suspicious process.

Abstract: Data storage nodes that participate in a requested data statistical analysis as participant data storage nodes are determined and divided into a plurality of node sets. Data stored in each participant data storage node associated with a particular node set is encrypted, where the encrypted data is divided into a number of fragments at least equal to a number of participant data storage nodes associated with the particular node set. Each participant data storage node sends a portion of the encrypted data to each of the other participant data storage nodes within the particular node set. Each participant data storage node processes received encrypted data and data remaining on the particular participant data storage node to obtain a processing result. Each participant data storage node sends the processing result to a proxy node, wherein the proxy node performs data statistical analysis based on the processing result.

Abstract: A method is described for secure communication with a field measuring device of process measuring technology. A plurality of scopes of rights, and a plurality of public keys of a corresponding plurality of asymmetrical key pairs, are stored in the field measuring device. Each public key is assigned a scope of rights, and at least one private key of the corresponding plurality of asymmetric key pairs is stored in an external communicator. Upon establishing contact of the external communicator with the field measuring device, the external communicator identifies itself by a public-key authentication with the stored private key to the field measuring device. The field measuring device authenticates the external communicator using a suitable public key stored in the field measuring device. The field measuring device then opens an operating session in which the external communicator is granted access to the information technology content of the field measuring device.

Abstract: This disclosure relates to remote control of dialysis machines. In certain aspects, a method includes receiving a request for a network connection from a dialysis machine and establishing the network connection with the dialysis machine. The method also includes receiving, from a client device, a request to access the dialysis machine, authorizing the client device to access the dialysis machine, receiving, from the dialysis machine, information pertaining to an operation of the dialysis machine, and providing, to the client device, the received information.

Abstract: Authentication problems often occur when a user of a terminal visits a communications network while roaming. A method is therefore provided for authorizing an authenticated user of a communications terminal. The terminal is configured to connect to a packet-switching network via an access gateway over a current network to which the terminal is connected. The method is implemented by a current authentication server over the current network and includes: receipt of a user authorization request from the access gateway, including an identifier of the user; transmission of a user authorization response to the access gateway, including parameters for authorizing the user, and a unique identifier of an authentication server that authenticated the user.

Abstract: A system on chip is integrated in a first semiconductor chip, and includes a secure element and at least one central processing unit that is coupled to the secure element. Security isolation exists between the secure element and the at least one central processing unit. The at least one central processing unit is configured to communicate with the secure element. The secure element includes a secure processor and a first memory that is coupled to the secure processor. The secure processor can suspend running first secure operating system software and further start second secure operating system software, to implement switching between multiple pieces of secure operating system software. Running data of running secure operating system software is stored in the first memory, and running data of secure operating system software that is not run is stored in a second memory outside the system on chip.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for generating new keys during a secure communication session. A key derivation function is operatively connected to both a counter and a memory. The key derivation function generates new key material from a first input and a second input in response to a signal provided by the counter. The key derivation function generates the new key material and outputs it to the memory.