Abstract: Techniques are provided for validating a mobile device in a passive digital key system. An example method of validating a mobile device includes determining a positioning measurement for the mobile device relative to a reference point, obtaining a measured distance with at least a first transceiver, obtaining a calibration distance based at least in part on the positioning measurement for the mobile device, computing a validation distance based at least in part on a difference between the measured distance and the calibration distance, and validating the mobile device based at least in part on a comparison of the validation distance and a threshold value.

Abstract: Devices, systems, and methods are provided for communications between autonomous and emergency vehicles. A method may include identifying, by an autonomous vehicle (AV), a first message received from a first vehicle, and identifying, by the AV, in the first message, information associated with identifying the AV, a security key associated with identifying the first vehicle, and an instruction associated with causing the AV to perform an action. The method may include authenticating, by the AV, based on the security key, the first vehicle, and controlling operation, based on the instruction and the information associated with identifying the AV, of the AV to perform the action.

Abstract: According to one example, a system includes a first computing device that includes one or more processors configured to generate a first encryption key, and encrypt data, using the first encryption key, for transmittal to a second computing device. The one or more processors are further configured to determine a first set of tokens; determine, from the first set of tokens, a plurality of tokens for the first encryption key; generate a packet comprising the encrypted data, and further comprising the plurality of tokens; and transmit the packet for receipt by the second computing device.

Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.

Abstract: Systems and methods are disclosed to implement an application that can automatically download new digital certificates to verify signed code updates received by the application. In embodiments, under normal circumstances, the application uses a pinned certificate in the application's executable code to verify received updates signed using the certificate. However, if the code signing certificate changes, the application will automatically retrieve the new certificate from a certificate publishing service. Accordingly, the new certificate does not have to be included as part of the code update package, and the retrieval of the new certificate can be managed more robustly by the application updater. In embodiments, downloads from the certificate publishing service may be secured using a nonce and a shared secret that is known to the service and also pinned to the application. In this way, the download process can be protected from hijacking attacks.

Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

Abstract: A method for managing data in view of data controls includes determining that a jurisdictional restriction associated with a jurisdiction applies to utilization of a portion of data, determining that a compliant service to utilize the portion of data is unavailable, deploying an instance of the compliant service, and utilizing the portion of data using the instance of the compliant service.

Abstract: A system and a method for an electronic method of authenticating a user to establish a service session the method comprising the steps of receiving an access request at a service provider device from a user device, authenticating a user based on a unique user credential associated with the user, by the service provider, establishing a service session between the user device and the service device.

Abstract: A denial-of-service detection system includes a denial-of-service detection subsystem coupled to a plurality of storage systems via a network. The denial-of-service detection subsystem receives current first storage system data for each of a plurality of different storage system operating metrics from a first storage system included in the plurality of storage systems.

Abstract: A method of detecting deviation from an operational state of a rotational device includes receiving, from one or more sensor devices coupled to the rotational device, frequency domain data indicative of vibration data sensed during a sensing period. The method also includes processing the frequency domain data using a trained anomaly detection model to generate an anomaly score for the sensing period and processing the anomaly score using an alert generation model to determine whether to generate an alert.

Abstract: A method for securing the communications between a publisher and a subscriber in an Internet of things networks. An example method includes receiving a challenge vector from a subscriber and determining a response vector using a physically unclonable function (PUF) for each challenge value in the challenge vector to generate a response value. The response vector it is sent to the subscriber.

Abstract: A remote access system for policy-controlled computing with a client device connected to a remote software environment is disclosed. The client device communicates with the remote software environment that securely runs applications. Restrictions for a local application that runs on the client device are enforced using a first plurality of policies based on whether the client device is connected to a specific Virtual Private Network (VPN). A mid-link server enforces restrictions on the remote software environment using a second plurality of policies.

Abstract: A computer-implemented method for generating device-identifying digital content on social media platforms may include (i) identifying digital content created by a content-creation device for display on a social media platform, (ii) modifying the digital content to indicate that the digital content was created by the content-creation device such that, when the modified digital content is displayed on the social media platform, the modified digital content identifies the content-creation device as the source of the digital content, and (iii) displaying, on the social media platform, the modified digital content to enable users of the social media platform to identify the content-creation device as the source of the digital content. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed systems and methods may request a merchant identifier associated with a merchant from a third party, receive the merchant identifier, retrieve or receive a first uniform resource locator (URL) associated with the merchant, and store the merchant identifier and the first URL in a database. In response to a web browser extension detecting that a user is preparing to make an online purchase associated with the merchant, the system may receive an age request for an age of the merchant from a user device and identify the merchant identifier in the database based on a second URL included in the age request. The system may then request the age of the merchant from the database based on the merchant identifier, receive the age of the merchant from the third party, and transmit the age of the merchant to the user device for display.

Abstract: Example embodiments of systems and methods for data delegation and control through the use of tokenized data are provided. In an exemplary method of data delegation and control, a data device may store private information associated with a user and generate an access token, comprising tokenized data identifying the data device. The data device may transmit the access token to a user device through a front channel and receive an information request from a merchant device comprising the access token through a secure back channel. Upon authenticating the access token, the data device may transmit a portion of the private information to the merchant device through the secure back channel.

Abstract: A communication system utilizing unified gateways bridges communication gaps between data transmitters having differing transmission, security, data format, overhead restrictions and performance metrics by dynamically determining optimal data paths for the data being routed. The unified gateways can also dynamically alter data packages to upgrade/downgrade security standards, alter transmission networks, translate data to match recipient requirements and split/combine data to optimize data throughput using disparate systems.

Abstract: A method and a corresponding runtime environment for migrating an instance of an actor of an application are provided. An initiating runtime environment performs a method comprising selecting, based on obtained security attributes for a set of target runtime environments, a target runtime environment from the set of target runtime environments for migration of the instance of the actor. The method comprises migrating the instance of the actor to the selected target runtime environment once the target runtime environment has been selected.

Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.

Abstract: Techniques are disclosed relating to contextual authentication across different applications based on user communications. In some embodiments, a user is preauthenticated to certain actions on a second application based on the user's communication via a first application. The user's communication via a first application provides contextual information that may be used to preauthenticate a request to perform an action on the second application. Contextual information may include the user's communication itself, communications characteristics that are determined from the user's communications, or both.

Abstract: Disclosed are methods and systems for system call reduction. An application container may be used to encapsulate an application and to determine an operation state of the application. Based on the application state, the application container may determine one or more allowable system calls for the application. The application container may restrict access to one or more system calls excluded from the one or more allowable system calls.