Abstract: An apparatus including: a biometric sensor for sensing one or more biometric parameters of a subject; a detector configured to detect one or more subject-dependent parameters; and a controller configured to initially perform a security function using the biometric sensor and subsequently perform the security function, after successful verification of the one or more detected subject-dependent parameters, without using the biometric sensor.

Abstract: The disclosed apparatus, systems and methods relate to protecting automotive electronic control units from cyber-attacks.

Abstract: Threat modeling methods include, in response to receiving user input using computing device interfaces: storing threat model components, threats, and security requirements in a one or more database(s); associating each threat with a component; storing an indication of whether each security requirement is a compensating control; associating each compensating control with one of the threats; displaying a diagram of one of a system, an application, and a process, using visual representations of the components, the diagram defining a threat model, displaying a threat report displaying each threat associated with one of the components included in the threat model; and; displaying a report displaying each compensating control associated with one of the threats included in the threat report.

Abstract: Disclosed herein are system, method, and computer program product embodiments for performing transactions or atomic swaps using zero-knowledge proofs (“ZKPs”). A first system may propose a transaction between with a second system. The first system may generate a first ZKP indicating that the first system has possession of an asset desired by the second system and that the first system is committing the asset to the transaction. The second system may also similarly generate a second ZKP. These ZKPs may be encrypted and exchanged. The second system may receive an encrypted version of the first ZKP, perform a decryption using a key specific to the second system, and verify the ZKP. When the parties verify the ZKPs, this confirms that each party has committed the requested asset and that the transaction may proceed. The transaction may be committed to a blockchain.

Abstract: In some examples, a computing device may include a first housing mechanically coupled to a second housing. The coupling may enable the first housing to be placed at an angle of between at least 0 to 180 degrees relative to the second housing. A clasp may be used to temporarily hold the first housing against the second housing when the first housing is placed at an angle of about 0 degrees relative to the second housing. A clasp sensor may determine that a user touched the clasp. In response, the computing device may initiate a boot process of an operating system. The boot process may capture biometric data using a biometric sensor in the clasp and compare the biometric data with previously stored biometric data associated with the user. The boot process may authenticate the user when the biometric data matches the previously stored biometric data.

Abstract: In some examples, input network policies are combined to form a composite network policy, each input network policy of the input network policies specifying at least one characteristic of communications allowed between endpoint groups in a network. Metadata associated with the composite network policy is added, the metadata including information regarding a reason for disallowance of a communication between endpoint groups.

Abstract: The purpose of the present invention is to provide a vehicle data rewrite control device and a data rewrite authentication system which prevent unauthorized rewriting of data due to password leakage and/or by spoofing of a connected device. The vehicle data rewrite control device outputs authentication information generated on the basis of data to be updated and a pre-stored vehicle number.

Abstract: Arrangements described herein relate to accessing a cloud based service. Responsive to a user of a first communication device initiating access to the cloud based service via the first communication device, a prompt for a valid password to be entered to access the cloud based service can be received by the first communication device. Responsive to the valid password required to access the cloud based service not being stored on the first communication device, the first communication device can automatically retrieve the valid password from a second communication device via a peer-to-peer ad hoc communication link between the first communication device and the second communication device. The valid password can be automatically provided, by the first communication device, to a login service for the cloud based service to obtain access by the first communication device to the cloud based service.

Abstract: The present disclosure discloses an access point (AP) connection method, a terminal, and a server, and relates to the field of network technologies. The method includes: scanning a graphic identifier of a target AP, to obtain address information of the target AP, where the address information includes at least an identity of the target AP; acquiring, according to the identity and an operating system identifier of a terminal, target AP connection information prestored in a server; and connecting to the target AP according to the target AP connection information.

Abstract: An online system reviews content for violation of one or more policies of the system. The system may evaluate various content policies to determine how usage of the policy affects user experience and what content is shown to each user. The system can, for example, run an A/B validation for certain policies, such as before launching a new policy. To enable the validation, when content is determined to be violating a policy, it is labeled with the specific policy violated as a shadow tag that is not visible to the user viewing the content. Then, the system may track user interactions with newsfeeds of content that include no policy violating content and newsfeeds that include some policy-violating content, and detect at a policy-by-policy level how each policy affects the newsfeed and user experience.

Abstract: A communication system, including: a NW management device which (i) forms a network together with an authenticated target device, and (ii) manages the network by delivering a session key for use in communication in the network to the authenticated target device; and a device authenticated by the NW management device, wherein the NW management device: determines whether or not to permit the device to be an alternative management device which manages the network in replace of the NW management device when communication is impossible in the network; shares, with the device, authentication information about the authenticated target device, when permitting the device to be the alternative management device; and the device shares the authentication information with the NW management device, and starts managing the network using the authentication information as the alternative management device when determining that the NW management device cannot communicate in the network.

Abstract: Systems and methods are described for rate-limiting a message-sending client interacting with a message service based on dynamically calculated risk assessments of the probability that the client is, or is not, a sender of a spam messages. The message service sends a proof of work problem to a sending client device with a difficulty level that is related to a risk assessment that the client is a sender of spam messages. The message system limits the rate at which a known or suspected spammer can send messages by giving the known or suspected spammer client harder proof of work problems to solve, while minimizing the burden on normal users of the message system by given them easier proof of work problems to solve that can typically be solved by the client within the time that it takes to type a message.

Abstract: Device, system, and method of managing trustworthiness of electronic device. For example, an Internet of Things (IoT) device is able to transmit data to a recipient device. The recipient device operates as a querying device, and utilizes a query agent to query a trust-management server with regard to the trustworthiness of the IoT device. The trust-management server receives from the IoT device a set of values indicating various parameters of the IoT device. The trust-management server generates a trustworthiness report pertaining to the IoT device, and sends the report as a response to the trustworthiness query. Optionally, a caching agent caches copies of trustworthiness reports and provides to querying devices such previous reports, together with an indication of their freshness level.

Abstract: Disclosed herein are new methods and systems for detecting obfuscated programs. We build a recursive traversal disassembler that extracts the control flow graph of binary files. This allows us to detect the presence of interleaving instructions, which is typically an indication of the opaque predicate anti-disassembly trick. Our detection system uses some novel features based on referenced instructions and the extracted control flow graph that clearly distinguishes between obfuscated and normal files. When these are combined with a few features based on file structure, we achieve a very high detection rate of obfuscated files.

Abstract: A method for sharing read access to a document stored on memory hardware. The method includes receiving a shared read access command from a sharor sharing read access to a sharee for a document stored on memory hardware in communication with the data processing hardware, and receiving a shared read access request from the sharee. The shared read access command includes an encrypted value and a first cryptographic share value based on a write key, a read key, a document identifier, and a sharee identifier. The method also includes multiplying the first and second cryptographic share values to determine a cryptographic read access value. The cryptographic read access value authorizes read access to the sharee for the document. The method also includes storing a read access token for the sharee including the cryptographic read access value and the encrypted value in a user read set of the memory hardware.

Abstract: An apparatus comprises a memory to store data and a processor coupled to the memory. The processor may modify a plurality of data elements using a semantic relationship between the plurality of data elements and a pre-selected data security policy and to store data representing the modified plurality of data elements in the memory.

Abstract: The present disclosure discloses a processor security checking method, system and checking device. The processor security checking method includes: acquiring recording information of data read and write operations between a processor and a peripheral device, where the data read and write operation is a data read and write operation initiated by the processor or a data read and write operation initiated by the peripheral; and determining whether the processor is secure according to the recording information of the data read and write operation and an analysis result on the data read and write operation by the checking device. The embodiments of the present disclosure may detect hardware vulnerabilities and improve the security of hardware usage.

Abstract: The present disclosure provides a method, an apparatus, and a system for collecting an access control list. A second network device receives a first LSA packet flooded by a first network device, where the first LSA packet includes a first network device identifier and first ACL information, and the first network device and the second network device belong to a same IGP area; and sends an extended first BGP-LS packet to a controller, where the extended first BGP-LS packet includes the first network device identifier and the first ACL information, so that the controller can collect ACL information of the first network device and manage the ACL information of the first network device.

Abstract: A sequence of photographs is taken of the face (and if desired the upper body) of a user of a mobile device using the camera of the mobile device. Each photo is taken at a different angle from the user. The sequence is compared with a stored sequence and if a match is found, access to the device is granted. The user typically holds the device with arms extended outward and moves the device 180° across his face to take the sequence for authentication purposes.

Abstract: One embodiment relates to a method for monitoring the security of a virtual machine hosted by a host system, the virtual machine comprising an operating system communicating with a hypervisor of the host system. The hypervisor interfaces between the operating system and hardware resources of the host system. The method comprises receiving at least one machine instruction corresponding to an interruption in the operating system, said interruption following an event having occurred in the virtual machine and executing the instruction by the hypervisor using the hardware resources of the host system and transmitting to the operating system a data stream including the result of the execution. The sent data stream is duplicated in a second stream and the second stream is analyzed by a security agent running on an entity separate from the virtual machine in order to detect a security problem during the processing of the interruption.