Abstract: Communication bus enables devices to communicate and exchange information and control signals. There is a growing concern over the security of such types of buses. Since any device can transmit any message, and device on the bus which can be compromised poses a threat for the bus. Described is a system to authenticate the source of messages from various devices on a communication bus.

Abstract: Systems and methods for device-agnostic, multi-factor network authentication are disclosed. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others.

Abstract: A controller and an accessory controllable by the controller can communicate using secure read and write procedures. The procedures can include encrypting identifiers of accessory characteristics targeted by a read or write operation as well as any data being read or written. The procedures can also include the accessory returning a cryptographically signed response verifying receipt and execution of the read or write instruction. In some instances, a write procedure can be implemented as a timed write in which a first instruction containing the write data is sent separately from a second instruction to execute the write operation; the accessory can disregard the write data if the second instruction is not received within a timeout period after receiving the first instruction.

Abstract: A license managing method including an execution device that executes software and a software storage device coupled to the execution device further includes a license storage device that stores license information indicating the number of licenses for permitting a license of the software, and the license managing method includes the step of license-managing of controlling storage of the software to be downloaded into the software storage device or execution of the software by the execution device based on the license information stored in the license storage device when the software whose license permission is required is downloaded.

Abstract: A method of multi-factor authentication includes receiving, by a remote hosting server from a terminal, a request from a user possessing a trusted device to access a remote service. The remote hosting server generates challenge chirp signal information and sends the challenge chirp signal information to the terminal and the device. Measurements are received of a room impulse response taken by each of the terminal and the trusted device using the chirp signal information. It is checked whether a location of the terminal is known based on a measurement of the room impulse response. The measurements of the room impulse response of the terminal and the trusted device are compared. A level of access to the remote service is granted to the user based on whether the location of the terminal is known and whether the trusted device is present at the location of the terminal.

Abstract: A method to transfer a video stream from a host device comprising a controller configured for bulk transfers to a descrambling device, comprises: forming a chain out transfer comprising a chain out header linked with multiple chain out descriptors, the first chain out descriptor pointing to an out description packet containing at least one producer ID, the second and subsequent chain out descriptor pointing to chunks from the video stream, the last chain out descriptor being configured to generate an interrupt; forming a chain in transfer comprising a chain in header linked with a plurality of chain in descriptors, each chain in descriptor pointing to a descrambled chunk; requesting the controller to process the chain; receiving the description packet by the descrambling device and using key data associated with the chunks to descramble them; receiving by the controller the descrambled chunks and triggering an interrupt on the last chunk.

Abstract: The present disclosure describes systems and methods that provide a hybrid framework for augmenting statistical anomaly detection with contextual features, machine learning and human Subject Matter Expert (SME) input to learn significant characteristics of true anomalies for which alerts should be generated. The framework presented herein is domain agnostic and independent of the underlying statistical anomaly detection technique or the machine learning algorithm. The framework described herein is therefore applicable and adaptable to a number of real world service provider systems and applications, such as, for example, detecting network performance degradation in a service provider network or detecting anomalous conditions from data received from a sensor while filtering out false positives.

Abstract: An encoder for providing encrypted data for transmission via a transmission medium includes an encryption unit that is configured to encrypt data received at the encoder block by block and a processing unit. The processing unit is configured to randomly distribute an encrypted data block to a plurality of channels that are allocated to the transmission medium and to provide a sub-block, which includes part of the encrypted data block, to be transmitted via one of the channels, together with a channel identification allocated to the channel and a code value that is based on the encrypted data in the sub-block to be transmitted and the channel identification, for transmission via the allocated channel of the transmission medium.

Abstract: A secret key value that is inaccessible to software is scrambled according to registers consisting of one-time programmable (OTP) bits. A first OTP register is used to change the scrambling of the secret key value whenever a lifecycle event occurs. A second OTP register is used to undo the change in the scrambling of the secret key. A third OTP register is used to affect a permanent change to the scrambling of the secret key. The scrambled values of the secret key (whether changed or unchanged) are used as seeds to produce keys for cryptographic operations by a device.

Abstract: Examples relate to automated multi-credential assessment in a system. One example enables auditing an application by sending a first request for an action to be performed in the application, the first request based on a first privilege level, where the first privilege level corresponds with a first level of access to the application, and sending a second request for the action to be performed in the application, where the second request based on a second privilege level different from the first privilege level. The second privilege level may corresponds with a second level of access to the application different from the first level of access. The first request and second request may be performed, and the results of the performed first request and second request may be combined. The combined results may be made available.

Abstract: In an embodiment, a computer system is configured to improve security of server computers interacting with client computers through an intermediary computer, and comprising: a memory comprising processor logic; one or more processors coupled to the memory, wherein the one or more processors execute the processor logic, which causes the one or more processors to: intercept, from a server computer, one or more original instructions to be sent to a browser being executed on a client computer; inject, into the one or more original instructions, one or more browser detection instructions, which when executed cause one or more operations to be performed by an execution environment on the client computer and send a result that represents an internal state of the execution environment after performing the one or more operations to the intermediary computer; send the one or more original instructions with the one or more browser detection instructions to the browser; receive the result and determine whether the browse

Abstract: A device transmits or receives a packet in a memory network including one or more processors and/or one or more memory devices. The device includes a key storage unit configured to store a one-time password (OTP) key that is shared with a target node, an encryption unit configured to encrypt a transmission packet with the OTP key stored in the key storage unit and to transmit the encrypted transmission packet to the target node, and a decryption unit configured to decrypt a receiving packet from the target node with the OTP key stored in the key storage unit. The device is a processor or a memory device in the memory network.

Abstract: The present invention provides an authentication which is performed by means of simultaneously inputting biometric data such as fingerprint, iris and the like when inputting an authentication number, wherein input area provided to a user varies such that biometric data can be input and recognized accurately and easily. Therefore, the present invention enhances convenience for a user and increases security and reliability of authentication.

Abstract: An identity provider IP service provides an optimized sign out experience for a user accessing a single account service. The IP service designates a first account of a service as signed in based on first credentials provided by a user. The IP service provides a first security token for the first account to the service. Upon receiving a first sign out notification, the IP service determines whether the user wants to switch to a second account of the service. Upon determining that the user wants to switch to the second account, the IP service designates the second account as signed in based on second credentials provided by the user, provides a second security token for the second account to the service, and designates the first account as soft signed out so that the user can switch to the first account without re-providing the first credentials.

Abstract: A cloud-based identity and access management system that implements single sign-on (“SSO”) receives a first request for an identity management service configured to allow for accessing an application. Embodiments send the first request to a first microservice which performs the identity management service by generating a token. The first microservice generates the token at least in part by sending a second request to a SSO microservice that is configured to provide SSO functionality across different microservices that are based on different protocols. Embodiments then receive the token from the first microservice and provide the token to the application, where the token allows for accessing the application.

Abstract: A security event that is associated with one or more communication devices is detected. For example, the security event may be an unexpected change in data being sent from a communication device outside an enterprise. In response to detecting the security event, a Virtual Service Network (VSN) is created that isolates one or more communication devices that may pose a security risk. A corrective action to mitigate the security event is then implemented. For example, the corrective action may be to dynamically instantiate a firewall on the VSN that blocks the transfer of data from the communication device outside the enterprise. This allows an administrator to review the security event and take further action if necessary. Because the VSN with the firewall is created dynamically, the network remains secure while the security event is investigated.

Abstract: Provided is a method of providing, by a server, account information, the method including: receiving an account generation request message from a first device; generating first account information, based on user identification information included in the account generation request message; transmitting the generated first account information to the first device; receiving an account use request message from a second device; identifying the first account information and service identification information included in the received account use request message; and transmitting second account information corresponding to the identified first account information and the service identification information, to the second device.

Abstract: Methods, systems, and media for adding IP addresses to firewalls are provided. In some embodiments, the method comprises: receiving a network packet that includes an external IP address associated with an external device, wherein the external device is a device not protected by a firewall; determining whether the external IP address is included in a group of IP addresses maintained by the firewall; determining whether to add the external IP address to the group of IP addresses; identifying an Internet Service Provider (ISP) associated with the external IP address; determining whether the ISP is included in a group of ISPs maintained by the firewall; and in response to determining that the ISP is not included in the group of ISPs maintained by the firewall, adding the external IP address to the group of IP addresses and adding the ISP to the group of ISPs.

Abstract: A method for confirming pairing connection of terminal devices, including: acquiring third touch slide data collected by a target second Bluetooth device via a touch sensing point thereof, if a touch slide operation is detected after a connection between the first Bluetooth device and the target second Bluetooth device is established; establishing a third touch slide variation curve device according to the third touch slide data; acquiring fourth touch slide data collected by a touch screen thereof, and establishing a fourth touch slide variation curve according to the fourth touch slide data; determining whether the third touch slide variation curve matches with the fourth touch slide variation curve or not; and disconnecting the connection with the target second Bluetooth device if the third touch slide variation curve does not match with the fourth touch slide variation curve.

Abstract: Systems, computer program products and methods implementing access control on a distributed file system are described. A file system enforcement point protects an HDFS from unauthorized access by authenticating a declared identity of a task submitting a request from a client. Upon receiving the request, the file system enforcement point submits a challenge to the client, requesting the task to provide credentials of the declared identity. The task submits credentials. On the client, each task has access to credentials of a true identity of the task. Accordingly, in case a task submits a claimed identity that is different from the true identity of the task, the task cannot submit correct credentials in response to the challenge. The file system enforcement point authenticates the declared identity using the submitted credentials. The file system enforcement point allows the client to access the HDFS only upon successful authentication.