Abstract: A method, computer readable medium, and computer wherein a system provides an agent device a remote connection to a server resource, obtains remote environment data from the agent device and obtains communication data exchanged between the agent device and a client device. With that data, the system provides a multidimensional monitoring unit associated with the agent device, and the monitoring unit provides access to the remote environment data from the agent device and the communication data exchanged between the agent device and the client device. The system further detects changes in the remote environment data and communication data associated with the remote agent, and issues alarms in response to detecting changes.

Abstract: One example method includes a device management system detecting an attempt to access a user account by an unenrolled device. The device management system identifies a first enrolled device of the user account by accessing a signature chain of the user account. The device management system facilitates a transmission of a cryptographically-signed enrollment request from the unenrolled device to the first enrolled device. The first enrolled device is configured to cryptographically validate the enrollment request. The first enrolled device is further configured to generate an encrypted attestation message that indicates that the unenrolled device has been authenticated. The unenrolled device can receive and decrypt the encrypted attestation message based on a passcode being displayed on the first enrolled device. The device management system receives a decrypted attestation message from the unenrolled device and updates the signature chain to include a new sequential record for the unenrolled device.

Abstract: Systems and methods of protecting an initial NAS message are described. The NAS message is encrypted using the home PLMN public key during initial registration with the network using a registration request message. An AMF of the serving PLMN sends a serving PLMN public key which is then used to encrypt information including an S-NSSAI of later initial NAS messages after initial registration is completed. The S-NSSAI may not be sent in the later initial NAS message if the S-NSSAI is provided at an access stratum level. The RRC message may contain an indication that the S-NSSAI is encrypted using the serving PLMN public key.

Abstract: Methods of pairing devices wirelessly that include matching received-signal-strength information regarding signal-strength patterns received by differing devices desired to be paired. In some embodiments, signal-strength patterns are based on a user moving an object so as to intentionally create multipath Fresnel-zone propagation disturbances. During pairing, the devices exchange their received-signal-strength information with one another and compare the received-signal-strength information that they receive from another device to the received-signal-strength information that they generated themselves based on the multipath Fresnel-zone propagation disturbances. When the two sets of receive-signal-strength information substantially match one another, the devices determine the presence of a trusted relationship. Methods for assisting with the wireless pairing are also disclosed.

Abstract: Embodiments described herein relate to a method for managing file based backups (FBBs). The method may include obtaining a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage; in response to the FBB mount request: capturing an entity context associated with the application; authenticating the entity context; obtaining, when the authenticating is successful, access control information corresponding to the FBB from the backup storage; determining a subset of the FBB for which the access control information indicates the entity context has permission to access; and enabling access to a portion of the FBB by the application.

Abstract: The present invention relates to a system for establishing a secure connection between a mobile device container and a number of virtual private networks.

Abstract: A computer-implemented security may be implemented on a blockchain comprising applying a one-way function to a first secret value to create a first veiled secret value; communicating the first veiled secret value to a user; receiving a second veiled secret value from the user, wherein the second veiled secret value is created by applying a one-way function to the second secret value; and constructing a first blockchain transaction comprising the first veiled secret value and the second veiled secret value, the first blockchain transaction arranged to be unlockable to transfer control of a first resource upon provision of both the first secret value and the second secret value to a respective blockchain transaction.

Abstract: Disclosed herein are an apparatus and method for user authentication based on multiple pieces of biometric information. The apparatus may include one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program receives multiple pieces of biometric information from the client device of a user, generates the personal identifier of the user using a neural network and a Bloom filter algorithm, and checks the similarity between the personal identifier of the user and each of personal identifiers previously registered in a database, thereby authenticating the user.

Abstract: An apparatus for masking power consumption associated with one or more operations of a logic circuitry of a processor. The apparatus comprises power-complementing circuitry configured to provide a second power consumption to directly power-complementing the power consumption associated with the one or more operations of the logic circuitry. The second power consumption complements the power consumption associated with the one or more operations of the logic circuitry. The apparatus further comprises header circuitry configured to enable a common node to vary in voltage corresponding to the one or more operations of the logic circuitry. The power-complementing circuitry and the header circuitry are each coupled to the logic circuitry at the common node.

Abstract: A system and process for onboarding client devices to a key management server. In operation, a device generates an asymmetric key pair including a public key and a private key. The device obtains an access token from an identity management server after successfully authenticating with the identity management server. The device transmits a request including the access token and the public key to the key management server to onboard the client device. The device receives a response including encrypted bootstrap information from the key management server. The bootstrap information included in the response is encrypted using the public key of the asymmetric key pair. The device decrypts the encrypted bootstrap information using the private key of the asymmetric key pair to obtain the bootstrap information and then uses the bootstrap information for encrypting communications transmitted to the key management server or for decrypting communications received from the key management server.

Abstract: Disclosed is an approach to implement an on-demand secure communications channel to a cloud-related resource that is located in a customer's on-premises data center, where the on-demand channel provides access to the resource to a cloud provider's operator employees. This creates on a temporary basis all of the infrastructure that is needed to allow the operational access to the customer system, which can then be destroyed once it is no longer needed.

Abstract: Described embodiments provide for provisioning devices securely using zero touch deployments. A controller application can receive a first authentication code from the controller. The controller application can establish, responsive to receiving the first authentication code, a short-range wireless connection with the device within a pairing range of the controller application using at least one of one or more short-range wireless communication types. The controller application can receive a second authentication code from the device via the short-range wireless connection. The controller application can determine that the first authentication code received from the controller corresponds to the second authentication code received via the short-range wireless connection.

Abstract: A system and method for providing remote access to a device is disclosed. The method comprises receiving an automatically expiring authentication token having encrypted authentication token data including a session key from the device, transmitting the authentication token to secure facility, receiving the decrypted authentication token data from the secure facility, signing a tool package with a package verification key derived at least in part from the session key, the tool package comprising processor instructions providing remote access to the device when executed by the processor, providing the signed tool package to the device. The device verifies the signed tool package using the package verification key and executes the tool package only if the signature of the tool package is verified.

Abstract: Methods, systems, and devices for supporting security for private data inputs to artificial intelligence models are described. A device (e.g., an application server) may receive a request to run an artificial intelligence model. The device may run the artificial intelligence model on a public data set and an extended set of data that includes both the public data set and a private data set. The device may determine a first set of outcomes based on running the artificial intelligence model on the public data set and a second set of outcomes based on rerunning the model on the extended set of data. The device may then compare the two sets of outcomes to determine whether a private data value is identifiable based on the second set of outcomes. If a private data value is identifiable, the device may obfuscate the results prior to transmitting the results to the requestor.

Abstract: The described techniques facilitate the secure transmission of sensor measurement data to an ECU by implementing an authentication procedure. The authentication procedure includes an integrated circuit (IC) generating authentication tags by encrypting portions of sensor measurement data. These authentication tags are then transmitted together with the sensor measurement data as authenticated sensor measurement data. The ECU may then use the authentication tags to authenticate the sensor measurement data based upon a comparison of the portions of the sensor measurement data sensor measurement data to the authentication tag that is expected to be generated for those portions of sensor measurement data.

Abstract: A streaming one time Pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) to establish multiple secure point-to-point connections. This can be used to implement a streaming OTP point-to-point firewall, virtual private network or other communications facility for communicating secure information across one or more insecure networks.

Abstract: This document discloses a method and device for implementing secure communication, and a storage medium. The method for implementing secure communication includes: encrypting first information and second information of a data packet respectively to generate an encrypted message; wherein, a region in which the encrypted first information is located is a first encrypted region, and a region in which the encrypted second information is located is a second encrypted region; the first information is used for a receiving device to determine whether to acquire the second information; and sending the encrypted message.

Abstract: A computer-implemented method for submitting feedback for an entity to a blockchain is disclosed. The method, which is implemented at one of a plurality of participating nodes, includes: obtaining a first key, the first key being one of a fixed set of keys distributed to participating nodes that are eligible to submit feedback for the entity; generating first feedback (rj) of the entity for submission to the blockchain; encrypting the first feedback (rj) using at least the first key; and submitting the encrypted first feedback to a mixing service, the mixing service being configured to generate a mixed transaction based on the encrypted first feedback and at least one other encrypted feedback submission from one or more eligible participating nodes.

Abstract: An Authorization Verification Service (AVS) is disclosed that may be provided by an IoT/M2M service layer to registrants of the service layer for Dynamic Context Aware Authorization. The AVS may allow the IoT/M2M service layer entities to define dynamic limits for authorizing access to services or data. The limits may be set, for example, in terms of the number of allowed accesses. When an IoT/M2M registrant makes a request for data or services for which it has dynamic context aware authorization, the AVS may maintain records of the remaining accesses available.

Abstract: Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-range transceiver, such as a contactless card, with a client device such that, once the secure memory block is created in memory of the client device, personal user data may be stored in the secure memory block, and access to the stored personal user data may only be provided to users authorized to review the data.