Abstract: The present disclosure relates to a method for operating a transmitting device of a motor vehicle, in which method the transmitting device is operated in a private mode or in a transmitting mode. In the transmitting mode, the transmitting device transmits vehicle data to a computing device external to the vehicle. In the private mode, transmission of the vehicle data is stopped. A switchover from the transmitting mode into the private mode occurs as soon as a successful authentication of a specified user action has been captured.

Abstract: A Confidence Broker System is disclosed. One embodiment of the present invention includes a confidence broker (10) which communicates with a plurality of confidence producers (12A, 12B, 12C) and a plurality of confidence consumers (14A, 14B, 14C). Communications between these elements is conducted via a communications infrastructure (16). The confidence broker (10) also includes a communications interface (42) which is connected to a protocol converter (44). The protocol converter (44) is connected to a confidence normalizer (46). The confidence normalizer (46) is connected to a confidence mediator (48). The confidence mediator (48) is connected to a confidence mapper (50). The confidence mapper (50) is connected to the protocol converter (44). Each of the protocol converter (44), the confidence normalizer (46), the confidence mediator (48) and the confidence mapper (50) is connected to a storage device (52).

Abstract: The system and method disclosed performs entity authentication through identification proofing. A relying party such as a corporation or other type of entity having a secure website, computer network and secure facility working a risk engine can determine the authenticity, validation and verification during registration of a user entity. The identification proofing is integrated with a risk engine. The risk engine is capable of using bio-behavior based information which may be continuously monitored.

Abstract: Systems and methods for securely sharing and authenticating a last secret. A system includes a dealer computing system and a combining computing system. The dealer computing system includes a public/private key pair, an encryption key established with the combining computing system, and a circuit structured to generate a last secret and a first key controlling access to a secure computing system. The last secret is the last cryptographic element controlling access to the first key. The circuit is structured to split the last secret into first and second splits. The circuit is structured to generate a first and second SigncryptedData messages by signcrypting each of the first split and the second split with the public/private key pair and the encryption key established with the combining computing system. The circuit is structured to transmit the first SigncryptedData message to a first share-holder and the second SigncryptedData message to a second share-holder.

Abstract: Internet-of-Things (IoT) prioritized sensor authentication management includes receiving in an IoT gateway different packets of data from different sensors over a computer communications network. For each received packet of data from a corresponding one of the different sensors, the received packet of data is compared to a pattern associated with the corresponding one of the different sensors. On the condition that the received packet of data is within a threshold of similarity to the pattern, a sensor value may be extracted from the received packet of data and transmitted to a sensor monitor. But otherwise, the received packet of data is placed into quarantine in memory of the IoT gateway, authentication of the corresponding one of the different sensors is performed, and in response to the authentication, the packet is released from quarantine, the sensor value extracted from the received packet of data and transmitted to the sensor monitor.

Abstract: A system and method for determining whether a cryptographic system is being observed for power consumption analysis in an attempt to decipher secret keys. The system comprises a first external connection to receive an input voltage, an internal voltage regulator with an external capacitor to produce the desired voltage for the cryptographic system. The internal voltage regulator typically includes a switch that passes current from the first external connection to the external capacitor. By monitoring the frequency at which the switch is activated, it is possible to detect that an external voltage is being applied to the external capacitor. This external voltage is typically used to perform SPA or DPA operations. Thus, the cryptographic system may cease performing any encryption or decryption operations if an external voltage is detected.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identity verification are provided. One of methods, implemented by a mobile terminal device, includes: obtaining a device identifier of a service device configured to provide a service based on a digital key; uploading the device identifier to a server in communication with the service device and the mobile terminal device and storing registration information of service devices, to cause the server to perform validity verification on the device identifier; in response to receiving a result indicating the device identifier is valid, collecting identity feature information of a user; uploading the identity feature information of the user to the server, to cause the server to perform identity verification on the user based on the identity feature information; and obtaining the digital key issued by the server in response to the identity verification being successful.

Abstract: A method of operating a mobile device includes displaying a user interface as an image, the user interface being composed of a plurality of widgets, storing a privacy policy identifying at least one of the widgets, capturing a screenshot image corresponding to the screenshot image, excluding the at least one of the widgets from the screenshot image to create a modified screenshot image, and transmitting the modified screenshot image over a network to a monitoring server.

Abstract: A method is disclosed. A digital assistant device receives a biometric sample from a user and then converts the biometric sample to a biometric template. The digital assistant device can scan for user devices in communication range of the digital assistant device, thereby receiving user device identifiers. The digital assistant device can transmit, to a server computer, an authentication request comprising the biometric template and at least one user device identifier. The digital assistant device can then receive a cryptogram request message comprising the at least one user device identifier, from the server computer. The digital assistant device can transmit, to a user device corresponding to the at least one user device identifier, the cryptogram request message and can then receive a cryptogram. The digital assistant device can then transmit the cryptogram to the server computer. The server computer verifies the cryptogram before further processing of a transaction.

Abstract: A system is configured for managing a plurality of files containing sensitive information associated with an organization to be sent to a particular receiver. The system is further configured to determine whether the particular receiver is an internal receiver or an external receiver with respect to the organization. If the particular receiver is an external receiver, a CRC code generated from the personal information and location coordinates of an external server where the plurality of files will be accessed is added to the plurality of files. A security code is also added to the plurality of files to facilitate that they are secured from being exposed and disposed at a retention time set by the organization. The system generates a custom compressed file from the plurality of files, configures it to be decompressed by the personal information of the external receiver, and sends it to the external receiver.

Abstract: Systems and methods are disclosed for an ADV to leverage pre-defined static objects along a planned route of travel to detect and counter attacks that attempt to change the destination or the planned route. The ADV may detect updates to the static objects if the planned route is changed. Based on the updated static objects, the ADV determines if there is an abnormal re-routing of the planned route or if there is a new route due to a suspicious destination change. The ADV may also leverage the static objects to detect spoofing attacks against the sensor system. The ADV may evaluate if sensors of the sensor system are able to detect and identify the static objects to identify an impaired sensor. The ADV may perform cross-check on the ability of the sensors to detect and identify dynamic objects to gain confidence that the impaired sensor is due to spoofing attacks.

Abstract: A machine-readable medium may store instructions executable by a processing resource to access log data of an enterprise and extract time-series data of an enterprise entity from the log data. The time-series data may include measured feature values of a set of selected features over a series of time periods. The instructions may be further executable to train a predictive model specific to the enterprise entity using the time-series data, wherein the predictive model is to generate, for a particular time period, a predicted feature value for each of the selected features; access actual feature values of the enterprise entity for the particular time period; apply first-level deviation criteria to the actual feature value and the predicted feature value of each selected feature to identify deviant features of the enterprise entity; and apply second-level deviation criteria to the identified deviant features to identify the enterprise entity as behaving abnormally.

Abstract: Provided are computer-implemented methods that may include receiving, via a communication network, a request to perform an online action from a user device; retrieving data associated with a number of times the user device performed the online action within at least one time interval; determining whether a dataset associated with a number of times a plurality of user devices have performed the online action within the at least one time interval is normally distributed; and determining a standard deviation associated with the number of times the user device performed the online action within the at least one time interval in response to determining that the dataset is normally distributed, and performing a control operation associated with the request to conduct the online action based on a threshold of standard deviation. Systems and computer program products are also provided.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of authenticating customers and service agents. The innovation receives a connection request to connect a customer and a service agent. The customer is authenticated for the service agent by matching biometric data of the customer to previously stored biometric data using a biometric recognition algorithm. The service agent is authenticated for the customer by matching a unique identifier to a previously stored unique identifier. A confirmation notification is generated and sent to the service agent and the customer to confirm the authentications. A connection is established between the customer and the service agent according to the authentications and the connection request.

Abstract: Methods and systems for ensuring security of in-car systems in vehicles, particularly, user data privacy and protection of in-car systems from cyber attacks, hacking etc. is provided. After a two-level authentication process, wherein user identification data, token and passwords are used and matched to authenticate the user, a secure OS container is created for use for the user accessing the IVI system of the vehicle. This container is created on the host root file system such that the environments of the container and the host root file system of the IVI system are sandboxed from each other.

Abstract: The invention relates to a method for linking a terminal (1) into a region (4a) of an interconnectable computer infrastructure (2) which is designed for a plurality of users (6, 6a), said region being allocated to a user (6a). A user certificate (12a) is generated for the region (4a) allocated to the user (6a) and is provided to the user (6a) and/or the interconnectable computer infrastructure (2). A terminal certificate (16a) which is compatible with the user certificate (12a) is generated, and the terminal certificate (16a) is entered into the terminal (1). The terminal (1) is registered in the interconnectable computer infrastructure (2) via a data connection (20), wherein the terminal certificate (16a) and/or a password which is encrypted using the terminal certificate (16a) is transmitted from the terminal (1) to the interconnectable computer infrastructure (2) via the data connection (20) for the registration process.

Abstract: Disclosed are various examples for configuring network security based on device management characteristics. In one example, a specification of a set of network resources on an internal network is received from an administrator client. The set of network resources are those network resources that a particular application executed in client devices on an external network should be authorized to access. A gateway from the external network to the internal network is then configured to permit the particular application to have access to the set of network resources.

Abstract: A face authentication method includes receiving, from a first user terminal, a user account and a face image, obtaining a reference image corresponding to the user account, the reference image being prestored, and determining a second user terminal for helping the first user terminal complete face authentication of the face image with the reference image, the second user terminal being in a state of waiting to receive a first authentication code for the second user terminal to complete identity authentication of the first user terminal. The method further includes generating the first authentication code, sending, to the second user terminal, the first authentication code, the face image, and the reference image, and receiving, from the second user terminal, a result of the face authentication of the face image with the reference image, the result indicating whether the face authentication succeeds.

Abstract: The specification discloses a blockchain-based advertisement monitoring method and apparatus, and an electronic device. The method may include: obtaining, by a playing device, an advertisement resource; at each of a plurality of different time points while playing the advertisement resource, collecting, by the playing device, screenshots of the advertisement resource; generating, by the playing device, a plurality of signatures based on the collected screenshots, an device identifier of the playing device, and a private encryption key of the playing device; generating, by the playing device, verification information based on the plurality of signatures; and uploading, by the playing device, the verification information to a blockchain network.

Abstract: A system and method uses different authentication techniques, including weak passive authentication techniques, to authenticate users by generating a score and comparing it to a threshold selected according to the feature the user is requesting.