Abstract: Systems and methods for security in power systems are provided. A security-aware distributed control framework for resilient operation of power systems can detect and mitigate different types of attacks that might target power systems. The framework can discover a change in the features of transmitted data from neighbor agents, discard an infected agent, and achieve an updated consensus protocol agreement while satisfying a control system objective.

Abstract: Methods and systems described in this disclosure electronically notarize a document. The system can receive biometric information from a user, extract characteristics from the biometric information, and compare the characteristics of the biometric information with previously stored characteristics of the user's biometric information. When the characteristics of the biometric information match the previously stored characteristics to a threshold, the system can create an identity of the user using the characteristics of the biometric information. The system can send a document to the user for cryptographic signature and receive an indication that the document has been signed. The cryptographic signature can be generated with a digest of the document, the identity, and a cryptographic key associated with the user. The system can inspect the digest of the document, the cryptographic key, and the identity associated with the document to verify authenticity of the document and the identity of the user.

Abstract: Systems, apparatus, and methods are disclosed for controlling internet-connected devices having embedded systems with dedicated functions. A lightweight software that protects the internet-connected devices from security breaches and security threat is installed on the internet-connected devices. The lightweight software sends network traffic data to a management server via one or more rendezvous servers. The management server analyzes the network traffic data and generates a security update. The security update is posted on a blockchain. The lightweight software obtains the security update in the form of a blockchain transaction.

Abstract: An information processing apparatus specifies the phase of activity of a terminal connected to a network by comparing a communication by the terminal with a previously held pattern, specifies the type of behavior of the terminal in relation to a first communication and a second communication, by correlation analysis between a first phase specified based on the first communication of the terminal and a second phase specified based on the second communication which is conducted before or after the first communication, and classifies the unauthorized activity of the terminal based on the specified type of behavior when determination is made that the terminal is used to conduct unauthorized activity.

Abstract: In general, aspects of the disclosure are directed towards techniques for initiating an authorization flow with a user to enable a user interface-limited client computing device to obtain access to protected resources hosted by a resource service. In some aspects, a computing device comprises at least one processor. The computing device also comprises a short-range wireless communication module operable by the at least one processor to receive, using short-range wireless communication, an authentication request from a client device. The computing device also comprises an authorization module operable by the at least one processor to receive authorization to provide at least one security credential to the client device, wherein the authorization module is further configured to, responsive to receiving the authorization, send an indication of the authorization to an authentication service.

Abstract: Described systems and methods allow protecting a hardware virtualization system from malicious software. Some embodiments use a hybrid event notification/analysis system, wherein a first component executing within a protected virtual machine (VM) registers as a handler for processor exceptions triggered by violations of memory access permissions, and wherein a second component executing outside the respective VM registers as a handler for VM exit events. The first component filters permission violation events according to a set of rules and only notifies the second component about events which are deemed relevant to security. The second component analyzes notified events to detect malicious software.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for training a multi-party secure logistic regression model (SLRM). One of the methods includes receiving, at a plurality of secure computation nodes (SCNs), a plurality of random numbers from a random number provider; encrypting, at each SCN, data stored at the SCN using the received random numbers; iteratively updating a secure logistic regression model (SLRM) by using the encrypted data from each SCN; and after iteratively updating the SLRM, outputting a result of the SLRM, wherein the result is configured to enable a service to be performed by each SCN.

Abstract: A method and an apparatus for verifying identity of a direct communication message using asymmetric keys in a wireless communication network comprising a plurality of electronic devices is provided. The method includes distributing a public key associated with a second electronic device among a plurality of electronic devices by a Device-to-Device (D2D) server. The method includes receiving the direct communication message from the second electronic device at a first electronic device. The direct communication message comprises a digital signature generated using a private key associated with the second electronic device. Further, the method includes verifying the identity of the direct communication message using the public key associated with the second electronic device.

Abstract: A method for authorizing management for an embedded universal integrated circuit card includes: generating, by an eUICC manager, authorization information (S101); encrypting the authorization information by using eUICC management credential (S102); and sending the encrypted authorization information to an eUICC (S103), where the authorization information includes an identifier of at least one first device; or the authorization information includes at least one authorization credential. The authorization information is configured in the eUICC, and therefore, when a subsequently authorized first device manages a profile in the eUICC, the eUICC may directly accept or reject, according to a stored correspondence between a profile management function and an authorized first device, to be managed, without obtaining authorization information each time.

Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.

Abstract: An image forming apparatus (a) causes the image scanning device to scan an image of: (a1) the mobile terminal apparatus before model changing that displays the subscriber ID, (a2) the mobile terminal apparatus after model changing that displays the subscriber ID, and (a3) a fill-in form in which the authentication setting information was written on a platen glass as one-time scanning and generate a scanned image, (b) extracts the subscriber IDs of the mobile terminal apparatuses and the authentication setting information, (c) causes the wireless communication device to transmit the authentication setting information to the mobile terminal apparatus after model changing if the subscriber ID of the mobile terminal apparatus before model changing and the subscriber ID of the mobile terminal apparatus after model changing are same as each other.

Abstract: The network logon protocol used in a pass-through authentication request embedded in an encrypted network packet is identified. A protocol detection engine correlates events and network requests received at a domain controller in order to use the data contained in a correlated pair to determine a size of a challenge response in the encrypted network packet. The size of the response is used to identify the network logon protocol used in the pass-through authentication request.

Abstract: A method for the authentication of a first electronic entity (C) by a second electronic entity (H), wherein the first electronic entity (C) implements the following steps: reception of a challenge (HCH) from the second electronic entity (H); generation of a number (CCH) according to a current value of a counter (SQC) and a first secret key (K-ENC); generation of a cryptogram (CAC) according to the challenge (HCH) and a second secret key (S-MAC); and transmission of a response including the cryptogram (CAC) to the second electronic entity (H), without transmission of the number (CCH).

Abstract: A gateway apparatus, a detecting method of malicious domain and hacked host thereof, and a non-transitory computer readable medium are provided. The detecting method includes the following steps: capturing network traffics, and parsing traces and channels from the network traffics. Each channel is related to a link between a domain and an Internet Protocol (IP) address, and each trace is related to an http request requested from the IP address for asking the domain. Then, a trace-channel behavior graph is established. The malicious degree model is trained based on the trace-channel behavior graph and threat intelligence. Accordingly, a malicious degree of an unknown channel can be determined, thereby providing a detecting method with high precision.

Abstract: A technique is described herein by which a user may gain access to a target resource via one or more particular peripheral devices that have been associated with the user. The technique performs this task by detecting when a user communicatively couples an identity-bearing component to a hub device. The user may thereafter use any input and/or output peripheral device that is also coupled to hub device to interact with the target resource, in a manner specified by authentication information associated with the user. In another use scenario, two or more users may interact with the same target resource via respective collections of user-associated peripheral devices.

Abstract: Disclosed are various examples for validating a public SSH host key. The examples can be implemented in a hyper-converged computing environment to detect potential man-in-the-middle attacks in which an attacker intercepts or spoofs an internet protocol (IP) address of a target virtual machine (VM) that is being addressed by a management service and with which a secure shell (SSH) session is being established.

Abstract: A method includes receiving a first file attribute from a computing device. The method also includes determining whether a classification for a file is available from a first cache of the server based on the first file attribute. The method includes sending the first file attribute from the server to a second server to determine whether the classification for the file is available at a base prediction cache of the second server. The method includes receiving a notification at the server from the second server that the classification for the file is unavailable at the base prediction cache. The method includes, in response to receiving the notification, determining the classification for the file by performing an analysis of a second file attribute based on a trained file classification model. The method includes sending the classification to the computing device and sending at least the classification to the base prediction cache.

Abstract: A method is provided for performing a cryptographic operation in a white-box implementation on a mobile device. The cryptographic operation is performed in the mobile device for a response to a challenge from a mobile device reader. The mobile device reader includes a time-out period within which the cryptographic operation must be completed by the mobile device. In accordance with an embodiment, a first time period to complete the cryptographic operation on the mobile device is determined. A predetermined number of dummy computations are added to the cryptographic operation to increase the first time period to a second time period. The second time period is only slightly less than the time-out period by a predetermined safety value to make it less likely a relay attack with be successful.

Abstract: A key store microservice is provided for a cloud based identity management system. The key store microservice receives, over a network, a request from a client application to retrieve a key, the request including a tenancy identifier, and determines whether the key is present in a tenant specific memory cache associated with the tenancy identifier. When the key is determined to be present in the tenant specific memory cache, the key store microservice retrieves the key from the tenant specific memory cache, retrieves a decryption key from a key wallet, decrypts the key retrieved from the tenant specific memory cache using the decryption key retrieved from the key wallet, and sends, over the network, the key to the client.

Abstract: Upon receiving a new CRL, a device with a large storage capacity in an authentication system detects another device connected to a controller to which this device is connecting, and determines whether or not to transmit the new CRL depending on the magnitude of the storage capacity of the device that has been detected.