Abstract: This disclosure is directed to devices, systems, and techniques for establishing a secure connection between two or more devices. In some examples, a device is configured for wireless communication. The device comprises signal reception circuitry configured to receive communications transmitted according to at least a first communication protocol, communication circuitry configured for wireless communication according to at least a second communication protocol, and processing circuitry electrically coupled to the signal reception circuitry and the communication circuitry. The processing circuitry is configured to receive, via the signal reception circuitry, a first signal according to the first communication protocol. In response to receiving the first signal, the processing circuitry is further configured to transmit, via the communication circuitry, a second signal according to the second communication protocol and establish a secure link according to the second communication protocol.

Abstract: Technologies are shown for secure management of evaluation data that involves receiving an evaluation value signal from a source, the evaluation value signal relating to an evaluation entity having an evaluation score secured on an evaluation data blockchain and verifying whether the source is identified in trusted source data. If the source is trusted, then the technology involves obtaining a weight associated with the source, obtaining the evaluation score for the evaluation entity from a first evaluation data block in the evaluation data blockchain, where the first evaluation data block is a most recent evaluation data block in the evaluation data blockchain, calculating a new evaluation score based on the evaluation score obtained from the first evaluation data block and the received valuation signal weighted according to the weight associated with the source, and securely committing the new evaluation score to the evaluation data blockchain in another evaluation data block.

Abstract: A method for processing security events by applying a rule-based alarm scheme may be provided. The method includes generating a rule index of rules and an indicator of compromise index for each of the rules. The method includes also processing the incoming security event by applying the rules, increasing a current rule counter relating to a triggered rule, and increasing a current indicator of compromise counter pertaining to the triggered rule. Furthermore, the method includes generating a pseudo security event from received data about known attacks and related indicators of compromise, processing the pseudo security events by sequentially applying the rules, increasing a current rule counter of pseudo security events, and increasing a current indicator of compromise counter for pseudo security events, and sorting the rules and sorting within each rule the indicator of compromise values in the indicator of compromise index.

Abstract: A method of protecting WLAN Control Protocol (WLCP) message exchange between a Trusted WLAN Access Gateway (TWAG)(112) of a Trusted WLAN Access Network (TWAN)(110) and a User Equipment (UE)(101) are provided. The method comprises deriving, by an Authentication, Authorization, and Accounting, (AAA) Server(103) of an Evolved Packet Core (EPC) network which is interfaced with the TWAN, and by the UE, a Master Session Key (MSK) and an Extended MSK (EMSK), sending, from the AAA Server to a Trusted WLAN AAA Proxy (TWAP)(113) of the TWAN and an Access Point (AP)(111) of the TWAN, the MSK or a key derived from at least the MSK, and deriving, by the TWAN or by the AAA Server, and by the UE, from the MSK, the EMSK, or the key derived from at least the MSK or the EMSK, a key for protecting the WLCP message exchange.—Corresponding devices, computer programs, and computer program products are further provided.

Abstract: Aspects of the disclosure provide techniques for using behavior based information for providing and restricting access to a secure website, or computer network and its assets to a user. Components of the system may include the following. Client remote computing device, network and browser unique attribute data collection and fingerprinting. Method for capturing user habits and fingerprinting with ability to detect abnormalities through AIML using mobile and wearable device applications. System for detection of normality of user behavior based on habits, and cyber transactions, device access and determining a confidence score associated with each transaction. Method for calculating individual transaction risk based on contextual factors such as user behavior, device, browser and the network traffic and request for authentication by account owner when risk greater than allowed threshold.

Abstract: A trusted execution environment on a computing device within an enterprise, whether owned by the enterprise or the employee/user, allows invocation of trusted enterprise applications without hindering external or non-enterprise apps from running on the same computing device. Each of the trusted apps can interact with other trusted apps on the same enterprise computing device in a trusted manner such that other apps or untrusted network connections are prevented for access to the trusted apps. The computing device, however, also executes non enterprise applications which operate independently of the enterprise apps in the same address space using the same unmodified operating system as the enterprise apps on the computing device. The trusted execution environment therefore restricts interprocess communication to be only within the set of enterprise apps and also permits unimpeded operation of other apps under the same OTS (off the shelf) operating system.

Abstract: A communication platform exchanges digital data within a value added chain by at least one order. Each individual order corresponds to a collaborative process and has an order structure. The collaborative process and order structure digital data are usable in communication platform modules. The communication platform also has an order structure module configuring at least one such order structure and allocating to one or more user groups for each order structure authorization to generate and/or accept such order; a client module generating, providing or releasing at least one such order, or allocating at least one user group ID to the order(s); a contractor module confirming, declining, or accepting such order and adapting the order status information; and a generic application programming interface connecting the communication platform modules such that order structure digital data is usable in all modules, and any order structure orders can be interconnected.

Abstract: Various embodiments relate to a method and system for resuming a secure communication session with a server by a device, including: sending a message to the server requesting the resumption of a secure communication session; receiving from the server a server identifier, a server nonce, and a salt; determining that the device has a shared key with the server based upon the server identifier; determining that the received salt is valid; calculating a salted identifier based upon the shared key and the salt; sending the salted identifier to the server; and resuming the secure communication session with the server.

Abstract: Tools and techniques for performing life cycle management of user-selected applications on wireless communications devices are described herein. In part, the tools provide machine-readable media for presenting to the subscriber a list of available applications for installation on the device, and for receiving selections from the subscriber of one or more of the applications. Additionally, the tools provide methods for selling advertising space on the devices.

Abstract: A method of and system for performing metadata tag compression in security policy enforcement system may comprise conveying a set of data elements, each with an associated metadata tag, from a first processor subsystem to a second processor subsystem. The first processor subsystem may be configured to process conventional tasks, the second processor configured to apply one or more policy decisions to the data element. The conveying may further comprise sending the set of data elements along with an index element that identifies one or more metadata tags, and sending one or more of the metadata tags identified by the index element.

Abstract: A communication terminal which is capable of reducing load of a server apparatus by reutilizing a message key to be used for encrypting a message is provided.

Abstract: A multifactor authentication system onboard a vehicle including at least one processor, a first database, a second database, and one or more protected computer systems is provided. The at least one processor is programmed to receive, from a user, a request for access to the one or more protected computer systems, wherein the request contains authentication information including a first authentication factor and a second authentication factor, retrieve first factor authentication data associated with the user from the first database, compare the first factor authentication data with the received first authentication factor to determine if there is a match, retrieve the second factor authentication data associated with the user from the second database, compare the second factor authentication data with the received second authentication factor to determine if there is a match, and grant access to the one or more protected computer systems if all of the comparisons match.

Abstract: A computer-implemented method, computer program product and computing system for: obtaining one or more artifacts concerning a detected security event; obtaining artifact information concerning the one or more artifacts; and generating a conclusion concerning the detected security event based, at least in part, upon the detected security event, the one or more artifacts, and the artifact information.

Abstract: Example implementations relate to device management. In some examples, a system may include a computing device comprising executable instructions to authenticate the computing device to a first wireless network, implementing a first level of security, while in an active state. A system may include a computing device comprising executable instructions to disconnect from the first wireless network responsive to entering a sleep state. A system may include a computing device comprising executable instructions to provide, from a basic input/output system (BIOS) of the computing device, a wireless parameter for a second wireless network implementing a second level of security. A system may include a computing device comprising executable instructions to connect to the second wireless network while in the sleep state.

Abstract: The present technology pertains to an organization directory hosted by a synchronized content management system. The corporate directory can provide access to user accounts for all members of the organization to all content items in the organization directory on the respective file systems of the members' client devices. Members can reach any content item at the same path as other members relative to the organization directory root on their respective client device. In some embodiments novel access permissions are granted to maintain path consistency.

Abstract: Systems and processes for improved processing of biometric data may include a hash controller including a processor, a server, and a registry. The hash controller can receive biometric information, such as a biometric scan, and apply an EGH transformation to convert the biometric information into an irreversible, unlinkable, and revocable EgHash. The EGH transformation can include blending biometric information with non-biometric information and permuting the biometric representation for additional security. The permuted biometric representation can be projected based on a randomly generated matrix and the output permuted to obtain an EgHash. The resultant EgHash can be lossy such that the EGH transform causes an irreversible loss of biometric information between the original biometric information and the EgHash. The EgHash can be compared and retrieved at speed and scale by the processor to support operations including, but not limited to, verification, identification, and database deduplication.

Abstract: An integrated circuit may be provided with cryptocurrency mining capabilities. The integrated circuit may include control circuitry and a number of processing cores that complete a Secure Hash Algorithm 256 (SHA-256) function in parallel. Logic circuitry may be shared between multiple processing cores. Each processing core may perform sequential rounds of cryptographic hashing operations based on a hash input and message word inputs. The control circuitry may control the processing cores to complete the SHA-256 function over different search spaces. The shared logic circuitry may perform a subset of the sequential rounds for multiple processing cores. If desired, the shared logic circuitry may generate message word inputs for some of the sequential rounds across multiple processing cores. By sharing logic circuitry across cores, chip area consumption and power efficiency may be improved relative to scenarios where the cores are formed using only dedicated logic.

Abstract: Implementations of this specification provide signature verification methods and apparatuses for a blockchain ledger. An example method includes receiving by a server, a signature verification instruction that comprises a verification object parameter and a hash value. The verification object parameter includes a third-party parameter, a platform parameter, or a time service certificate parameter, the verification object parameter indicates a type of a to-be-verified object, and the server is configured to store data by using the blockchain ledger. The server obtains the to-be-verified object based on the verification object parameter and the hash value. The type of the to-be-verified object includes a third-party digital signature, a server digital signature, or a time service certificate. The server sends the to-be-verified object to a client for verification by the client.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

Abstract: The present invention relates to a method for securing against N-order side-channel attacks a cryptographic process using in a plurality of encryption rounds an initial Substitution box S0 comprising the steps of: —generating (E12) a first randomized substitution box S1 by masking said initial substitution box S0 such that S1(x XOR m1)=S0(x) XOR m2, with m1, m2 uniformly-distributed random values, for any input value x of the initial substitution box S0, —generating (E13) a first transrandomized Substitution box S(1,1) from the first randomized substitution box S1 and from masks m1,1, m?1,1 such that S(1, 1)[x]=S1[x xor (m1 xor m1,1)] xor (m2 xor m?1,1) for any input value x of the first transrandomized Substitution box S(1,1), —generating (E14) from the first transrandomized Substitution box S(1,1) a N?1th transrandomized Substitution box S(1, N?1) by performing iteratively N?2 times a step of generation of a ith transrandomized Substitution box S(1, i) from a i?1th transrandomized substitution box S(1, i?1)