Abstract: This invention pertains to a method for provisioning and implementing two-factor authentication (2FA) for enterprise services. The system securely establishes a trusted identity for a subscriber device using an immutable hardware key and public/private key sets. The device's identity is verified by an Original Equipment Manufacturer (OEM) cloud service. The method includes generating unique transaction nonces for each 2FA request, securing private keys within a Trusted Execution Environment (TEE), and employing a cloud wallet service to store keys. The subscriber device interacts with the system, decrypting and re-encrypting transaction nonces using corresponding keys. This process enables secure transaction from enterprise applications. The system also integrates user consent into the 2FA process, displaying a prompt to approve or deny authentication. This technology enhances security in enterprise services, prioritizing user consent and secure data transfer.

Abstract: A computerized method supporting SSL-based or TLS-based communications with multiple cryptographically protected transmissions is described. Responsive to a first transmission including a first content encrypted with a public key of an intended recipient and a first digital signature for use in detect tampering to the first content, a second transmission is received. The second transmission includes a combined result including the first content and a second content, which is encrypted with a public key of the sender. Recovery of the first content verifies to the sender that the second transmission originated from the intended recipient. Thereafter, a third transmission is sent. The third transmission has data including at least the second content, being the remaining data after extraction of the first content from the combined result, which is encrypted with the public key of the intended recipient and a third digital signature for use in verifying non-tampering of the data.

Abstract: The technology disclosed describes a network security system that is configured to configure a synthetic request with an object identifier, and to inject the synthetic request into an application session to transmit the synthetic request to a cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive from the cloud application a response to the synthetic request. The response supplies the object metadata.

Abstract: A remote controlled battery cell monitoring and control system that utilizes empirical and theoretical data to compare performance, sensor data, stored patterns, historical usage, use intensity indexes over time and tracking information to provide a sophisticated data collection system for batteries. This tracking is designed to better the specifications, designs, training, preventative maintenance, and replacement and recycling of batteries.

Abstract: A method for signing data such as software images is provided that uses modules executable by a generic client to sign hashes of the software images rather than the images themselves. The method avoids both the requirement for new or updated client software and the uploading of full software images to the signing system. This approach uses a generic client that requests and downloads processing modules from the signing system to perform the pre-processing operations in signing software images, as well as optionally for post-processing operations.

Abstract: A computer-implemented method is disclosed.

Abstract: In some aspects, a computing system can control access of a user computing device to a resource. The computing system can obtain an access request submitted by a user computing device. The computing system can verify permission information in the access request to determine that the access request is valid. If the access request is valid, the computing system submits an authentication request to request an authentication system to authenticate the user and obtains authentication results generated by the authentication system. The computing system further provides, based on the authentication results, an access control decision for the access request.

Abstract: The present disclosure includes apparatuses, methods, and systems for validating an electronic control unit of a vehicle. An embodiment includes a memory, and circuitry configured to generate a run-time cryptographic hash based on an identification (ID) number of an electronic control unit of a vehicle and compare the run-time cryptographic hash with a cryptographic hash stored in a portion of the memory.

Abstract: Authentication of electronic document is based on multiple digital signatures incorporated into a blockchain. Structured data, metadata, and instructions may be hashed to generate the multiple digital signatures for distribution via the blockchain. Any peer receiving the blockchain may then verify an authenticity of an electronic document based on any one or more of the multiple digital signatures incorporated into the blockchain.

Abstract: Secure pairing of computing devices, such as a field tool and a battery-powered device (BPD), may include generating by the BPD a challenge message including a randomly-generated challenge, and receiving at the field tool a challenge message from the BPD via a Bluetooth low-energy (BLE) advertisement message. The challenge message can include a randomly-generated challenge and can be issued in a scannable undirected advertising message. The challenge key can be calculated via a secure hash algorithm (SHA) to obtain a response solution. The response solution can be sent by the field tool to the advertising device in response to the challenge message. The response solution can be verified by the BPD using a cryptographic message authentication code such as an HMAC, and the BPD sends a confirmation message to the field tool indicating that the response solution is verified as correct.

Abstract: A cloud-based security service that includes external evaluation for accessing a third-party application. The security service receives a request to access a third-party application from a client device. The security service enforces a set of one or more access policies configured for the third-party application including an external evaluation rule. As part of enforcing the external evaluation rule, the security service transmits an external evaluation request to an external endpoint defined in the external evaluation rule. The external evaluation request includes an identity of a user associated with the request. The security service receives the result of the external evaluation. If the external evaluation passed, the security service grants access to the third-party application based at least in part on its passing.

Abstract: A communication apparatus receives request regarding a wireless communication parameter setting from another apparatus that has obtained information regarding the communication apparatus by capturing an image indicating information regarding the communication apparatus, accepts a user input regarding whether the parameter setting is to be executed with the other apparatus in a case where the request has been received, and executes the parameter setting with the other apparatus in a case where the user input indicating that a parameter setting is to be executed with the other apparatus has been accepted.

Abstract: Embodiments disclosed are directed to a system that performs steps to perform enhanced device fingerprinting. The system at least at receives from an application, a plurality of device attributes identifying a client device on which the application is being used. The plurality of device attributes includes a push token provided by a push token service to the client device. The push token is uniquely paired to the client device. The system further transmits, to a device database, the plurality of device attributes for storage in a device profile. The system also transmits, to the application, a push notification based on the push token. The system receives, from the application, a deliverable status indicating whether the push notification was successfully transmitted to the client device, and transmits, to a notification database, the deliverable status for storage in a notification delivery profile. The system can use the information to authenticate a device.

Abstract: The present disclosure relates to a method for analysis on interim result data in a de-identification procedure, an apparatus for the same, a computer program for the same, and a recording medium storing computer program thereof. A method for de-identification according to an example of the present disclosure may include: generating a first interim result data by applying a first de-identification process to an initial data; generating a first analysis metric for the first interim result data; and generating a final result data based on the first interim result data, when the first analysis metric satisfies a first de-identification criterion.

Abstract: Systems and techniques for AI model and data camouflaging techniques for cloud edge are described herein. In an example, a neural network transformation system is adapted to receive, from a client, camouflaged input data, the camouflaged input data resulting from application of a first encoding transformation to raw input data. The neural network transformation system may be further adapted to use the camouflaged input data as input to a neural network model, the neural network model created using a training data set created by applying the first encoding transformation on training data. The neural network transformation system may be further adapted to receive a result from the neural network model and transmit output data to the client, the output data based on the result.

Abstract: Methods and systems for authenticating users based on user application activities are described herein. One or more questions and one or more answers may be generated and stored based on a history of user application activities associated with a user. The one or more questions and one or more answers may be generated randomly, and may relate to one or more other users. A request for access to a service may be received. Based on the request, a question associated with the history of user application activity may be selected and presented to the user. A candidate answer may be received from the user, and the user may be authenticated based on comparing the candidate answer to an answer associated with the question presented.

Abstract: There is described a system and method of committing a transaction within a UWB network comprising a plurality of anchors, the UWB network covering a predetermined area having at least one trigger area, the method comprising waking up a mobile device upon entering the predetermined area, receiving initial network data at the mobile device, verifying that the UWB network is genuine based on the initial network data, initiating communication between the mobile device and an anchor, including partial mutual authentication, generating a session key for secure communication between the mobile device and the UWB network, tracking the location of the mobile device within the predetermined area based on secure communication between the mobile device and one or more anchors within the UWB network using the session key, and committing the transaction, if the location of the mobile device is within the at least one trigger area.

Abstract: A device and a computer-implemented method for classifying data, in particular for a Controller Area Network or an automotive Ethernet network. A plurality of messages is received from a communications network. A message that has a predefined message type is selected for an input variable for an input model of a plurality of input models of an artificial neural network associated with the predefined message type. The input variable is determined as a function of the message, and in an output area of the artificial neural network a prediction is output that is usable for classifying the message as a function of the input variable, or a reconstruction of an input variable is output that is usable for classifying the message as a function of this input variable.

Abstract: A locking apparatus according to an embodiment includes an approach detector, a signal transmitter, a measurer, and a controller. The approach detector detects an approach of a user carrying a terminal. The signal transmitter transmits a key authentication signal for authenticating a pre-shared digital key to the terminal using first short-range wireless communication when the approach of the user is detected. The measurer connects a session by generating a security channel with the terminal using second short-range wireless communication and measuring at least one of a distance to and an angle with respect to the terminal when the digital key is authenticated through the key authentication signal. The controller determines whether or not to unlock an access facility in accordance with at least one of the distance to and the angle with respect to the terminal.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer-storage media, for platforms for managing database content distribution. In some implementations, a system stores a data set comprising monitoring data collected from remote devices. The system receives a data sharing request, and in response to the data sharing request generates a data sharing record that specifies a data sharing recipient, a portion of the data set to be shared, and a limited set of operations that can be performed using the shared portion of the data set. The system configures a customized portal for the data sharing recipient based on the data sharing record, wherein the customized portal is configured to provide access limited to the shared portion of the data set with functionality limited to the limited set of operations. The system provides the data sharing recipient access to the customized portal.