Abstract: A method and system for secure and efficient provision of at least one at least partly automated driving mode of a vehicle. The method includes creating a request by the vehicle to retrieve an authorization of a performance of the at least one at least partly automated driving mode; receiving the request at a server; checking the authorization of the performance of the at least one at least partly autonomous driving mode; creating authorization data corresponding to the check; creating a response including the authorization data and further useful data; and receiving and evaluating the response in the vehicle.

Abstract: Method and system for programming a power tool from an external device. The method includes establishing a first communication link with a server. The server includes a profile bank that includes mode profiles generated by a plurality of users. The method further includes receiving, over the first communication link, a list of mode profiles representing a subset of the mode profiles of the profile bank. The method further includes receiving, in response to user input from a first user on the external device, a selection of a mode profile. The method further includes transmitting, over the first communication link, the selection of the mode profile. The method further includes receiving, over the first communication link, the mode profile, the mode profile having been generated by a second user. The method further includes transmitting wirelessly, to the power tool, the mode profile to configure the power tool.

Abstract: A method begins by a processing module of a dispersed storage network (DSN) receiving a signature contribution request and payload, logging the request and determining whether a timestamp for the request compares favorably to a timing template. When the timestamp for the request compares favorably to the timing template the method continues with the processing modules determining whether the request compares favorably to a functionality template and when it compares favorably to a functionality template retrieving a key share based on sharing function parameters and outputting a signature result. When the timestamp for the request does not compare favorably to the timing template or the request does not compare favorably to the functionality template the method continues with the processing module outputting a signature contribution request rejection message.

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for using a single sign-on proxy to regulate access to a cloud service. In a particular embodiment, a method provides receiving an authentication request from a user system directed to a SSO service and determining whether the authentication request satisfies at least one criterion for allowing access to the cloud service associated with the SSO service. Upon determining that the authentication request satisfies the at least one criterion, the method provides forwarding the authentication request to the SSO service.

Abstract: A system and method using a system for authenticating a person as an authorized user before waking an information handling system from an inactive state. A sensor receives an input from a person, captures information about the person and a microcontroller unit (MCU) determines if the captured information matches information corresponding to an authorized user. If the MCU determines the captured information corresponds to information corresponding to an authorized user, the MCU sends a command to one of a central processing unit (CPU) or an embedded controller (EC) to change operation of the information handling system to an active state. If the MCU determines the captured information does not correspond to information corresponding to an authorized user, no command is sent to the CPU or EC to change operation of the information handling system.

Abstract: Aspects of the subject disclosure may include, for example, a processing system including a processor with a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, the operations including: receiving an identity bridge file comprising records from a service provider, wherein each record includes one or more encrypted service identifiers for a customer, a customer location code of the customer, and an address location code of the customer; determining whether a tokenized identifier exists in a cross-reference table; responsive to a determination that the tokenized identifier does not exist in the cross-reference table: a) generating a new tokenized identifier; and b) adding a record to the cross-reference table comprising the new tokenized identifier, the customer location code, the address location code, and the one or more encrypted service identifiers; securing a usage record of a data usage log, wherein the usage record includes a uniq

Abstract: Embodiments of the present invention relate to the technical field of wireless communications, and in particular to an access control method and device, for use in resolving the problem in the prior art that a user equipment cannot securely access an access points group (APG). According to the embodiments of the present invention, when a user equipment needs to access a network, the user equipment conducts network-layer two-way authentication with a local service center; after the network-layer two-way authentication succeeds, the user equipment conducts access-layer two-way authentication with a corresponding APG so as to enable the user equipment to access the corresponding APG after the access-layer two-way authentication succeeds. The embodiments of the present invention use dual-layer two-way authentication, and enables the user equipment to access a corresponding APG after the dual-layer two-way authentication succeeds, so that the user equipment can securely access the corresponding APG.

Abstract: A system includes first electronic devices and a digital signature carrier. Each of the first electronic devices has a network identifier distinct from another. The digital signature carrier is configured for recording a connective information list. The connective information list includes the network identifiers of all of the first electronic devices. A second electronic device includes a digital signature reader. The second electronic device is configured to read the digital signature carrier by the digital signature reader, extract the connective information list comprising the network identifiers and pair the second electronic device with each of the first electronic devices according to the network identifiers.

Abstract: A computer implemented method, device and computer program device are provided including one or more processors and an input to collect credential related content including a first network resource identifier related to a first one of multiple network resources, the credential related content further including a master password that is associated with the first network resource identifier and that is associated with network resource identifiers for a remainder of the multiple network resources. Responsive to execution of the program instructions, the processor converts the master password and the first network resource identifier into a first hash code to receive a temporary credential token from the authentication service in connection with the first hash code.

Abstract: Disclosed is a system for notifying hacking to a user thereby ensuring verified connection of a client machine with a server intended to be connected is disclosed. The system acquires a server certificate comprising data structure. The data structure may be acquired upon receipt of a response to a request initiated by the client machine. In one aspect, the data structure may be referred to as a tree site to verifier pertaining to the request. The system further receives a validation acknowledgement indicating validity of the server certificate. The system further performs a reverse certificate look up verification process upon receipt of the acknowledgment.

Abstract: A wireless system can be used to authenticate a user device via proximity information of wireless network devices. The system can include the user device, the wireless network devices, and a server. At least some of the wireless network devices can be wirelessly connected to the user device and at least some other wireless network devices can be wirelessly unconnected to the user device. The server can use proximity information about the user device with respect to the wireless network devices to authenticate a user.

Abstract: A method for double anonymization of data includes: receiving, by a first computing system, a plurality of first data sets, each including a set identifier and personally identifiable information; anonymizing, by the first computing system, each of the first data sets, by hashing the set identifier included in each first data set to obtain a hashed identifier and deidentifying the personally identifiable information; transmitting, by the first computing system, the plurality of anonymized first data sets to a second computing system, wherein the second computing system is distinct and separate from the first computing system; anonymizing, by the second computing system, each of the anonymized first data sets, by hashing the hashed identifier to obtain a double-hashed identifier; and storing, in the second computing system or a third separate and distinct computing system, the plurality of double anonymized first data.

Abstract: An authorizing party determines an authorization record set that needs to be revoked, where an authorization record included in the authorization record set corresponds to a token that is issued to an authorized party after the authorizing party grants access to the authorized party, and where each authorization record includes an authorization validation moment for a corresponding token. A time validity attribute of the authorization record set is configured. For a specific point-in-time, a value associated with the time validity attribute is set. A determination is performed as to whether the authorization record is revoked based on the authorization validation moment and the value associated with the time validity attribute.

Abstract: Techniques and apparatuses are described that enable integrated second factor authentication. These techniques and apparatuses enable the improved security of something you have without the accompanying inconvenience or chance of loss. To do so, a secure physical entity is integrated within a computing device. While this provides the something you have without a need to carry a separate object with you, the something you have also must not be able to be accessed remotely. To prevent remote access physical wires are connected from the secure physical entity to physical structures on the computing device. In this way, a hacker or cyber thief cannot convince an authentication system that the cyber attacker does indeed have the something you have because to do so the attacker must be in physical possession of the computing device.

Abstract: A method for authenticating an individual for login to a server computer includes receiving at the server computer data for a first authentication image from an electronic computing device. First attributes are identified of one or more similar geometrical shapes from the data for the first authentication image. A determination is made as to whether the first attributes of the one or more similar geometrical shapes from the data for the first authentication image correspond to second attributes from a second authentication image accessible on or by the server computer. When the first attributes correspond to the second attributes, the individual is authenticated on the server computer.

Abstract: An encrypted file system key associated with a first secure enclave may be received. A request from a second secure enclave to access a file system associated with the encrypted file system key may be received. In response to receiving the request, the encrypted file system key may be decrypted with a cryptographic key associated with an enclave manager to obtain a file system key. The file system key may be encrypted based on another cryptographic key associated with the second secure enclave to generate a re-encrypted file system key. Furthermore, the re-encrypted file system key may be provided to the second secure enclave.

Abstract: Described systems and methods enable a swift and efficient detection of fraudulent Internet domains, i.e., domains used to host or distribute fraudulent electronic documents such as fraudulent webpages and electronic messages. Some embodiments use a reverse IP analysis to select a set of fraud candidates from among a set of domains hosted at the same IP address as a known fraudulent domain. The candidate set is further filtered according to domain registration data. Online content hosted at each filtered candidate domain is further analyzed to identify truly fraudulent domains. A security module may then prevent users from accessing a content of such domains.

Abstract: A system, method, and computer-readable medium are disclosed for enforcing security policies. Enforcing security policies includes monitoring electronically-observable user interactions of an entity, the electronically-observable user interactions comprising corresponding user behavior of the entity; converting the electronically-observable user interactions into electronic information representing the user behavior; and, applying an organization specific security policy based upon the electronic information representing the user behavior, the organization specific security policy comprising an automatically generated organization specific rule.

Abstract: A system, method, and computer-readable medium are disclosed for generating security policies. Generating security policies includes gathering information related to an organization, the information related to the organization comprising electronically-observable information related to the organization; converting the electronically-observable information related to the organization into electronic information related to the organization; using the electronic information related to the organization to automatically generate a plurality of organization specific rules; and, generating an organization specific security policy, the organization specific security policy comprising at least one organization specific rule.