Abstract: A system for broadcasting that includes a watermark payload.

Abstract: A method of secure data export from an automotive ECU to a requesting entity includes receiving a signed request, the request transmitting a first public encryption key. The signature is verified using a second public key stored in the automotive ECU. Further, the requesting entity is authenticated. Only upon successful verification and authentication the automotive ECU generates a random symmetric key for encrypting the data to be exported. The symmetric key is encrypted using the first public key received in the request, and unencrypted data is deleted. The encrypted data is exported to the requesting entity, which decrypts the symmetric key using a first private key associated with the first public key, and decrypts the data encrypted with the symmetric key.

Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

Abstract: A novel and useful mechanism for providing security features to a wireless communications system that otherwise does not have such features. Security features including encryption and decryption of communications, secure key exchange, secure pairing, and secure re-pairing are provided. The invention is applicable to wireless communication systems such as IO-Link Wireless. The encryption/decryption mechanism uses AES-256 block cypher with counter mode to generate blocks of cypher bits used to encrypt and decrypt communications between the master and devices. Session keys are generated using a random salt and a counter value. The random salt is generated using a secure random number generator such as the CSPRNG algorithm. A master key (or device key) is also used in generating session keys. Session keys are not permanent and are used to encrypt/decrypt only a finite amount of data. Once exhausted, the session key is replaced by a new one and cypher bits are generated using the new session key.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

Abstract: A method of authentication for delivery of a product to a recipient. The method includes: a customer generating a public and a private cryptographic key in accordance with an asymmetrical encryption; the customer providing the public cryptographic key for the deliverer; the deliverer generating a message encrypted using the public cryptographic key; transmitting the encrypted message to the recipient for authentication; generating a plain text of the encrypted message in that the recipient decrypts the encrypted message using the private key; transmitting the plain text to the deliverer; and the deliverer authenticating the recipient if the transmitted plain text matches the message.

Abstract: A method for securing a Wi-Fi link in a wireless communication system includes configuring an existing agent with a controller, wherein the existing agent is configured as a first Basic Service Set (BSS). An enrollee agent is onboarded with a Push Button Configuration (PBC) method to establish an 1905 layer security between the existing agent and the enrollee agent. The enrollee agent is configured with the controller, including the controller transmitting a Device Provisioning Protocol (DPP) Bootstrapping Information Request to the enrollee agent and the controller receiving a DPP Bootstrapping Information Response from the enrollee agent, wherein the enrollee agent is configured as a second BSS.

Abstract: A method, an apparatus, and a system for collecting an access control list (ACL), where a second network device receives a first link-state advertisement (LSA) packet flooded by a first network device, where the first LSA packet includes a first network device identifier and first ACL information, and the first network device and the second network device belong to a same Interior Gateway Protocol (IGP) area, and sends an extended first Border Gateway Protocol-Link State (BGP-LS) packet to a controller, where the extended first BGP-LS packet includes the first network device identifier and the first ACL information such that the controller can collect ACL information of the first network device and manage the ACL information of the first network device.

Abstract: An information processing system includes a first management unit that manages assignment of authority to use a second service to a first user registered for a first service in the individual unit on a user side receiving provision of the first service, and a second management unit that manages a second user having authority to use the second service on a provider side providing the second service, in which the second management unit acquires information regarding the first user not assigned with the authority to use the second service, from the first management unit.

Abstract: A system for storing and managing secure information is disclosed that includes a secure identity and profiling system, which serves as a middleman between a user and an entity requesting personally identifiable information (PII) from the user. The system collects the PII from the user and stores it securely, such as in an alternate blockchain in an encrypted form. The location of the that PII within the alternate blockchain may be indexed using smart contracts in a main blockchain that can only be read with an access token generated and supplied by the user's mobile device. When an entity requests PII from the user that has already been collected and securely stored, the user can provide permission to release that PII by providing the access token. The system will use the access token to locate where the PII is stored and release the PII to the requesting entity.

Abstract: Aspects of the present disclosure include methods, systems, and non-transitory computer readable media that perform the steps of transmitting a token to a gateway, receiving a response token including an encrypted message, decrypting the encrypted message using a decryption key associated with the token to generate a decrypted message, validating content of the decrypted message, transmitting a certificate request in response to successfully validating the content of the decrypted message, receiving a certificate in response to the request, validating the certificate against a certification authority, and transmitting encrypted data via a secured connection in response to successfully validating the certificate.

Abstract: Provided are embodiments for performing encryption and decryption in accordance with one or more embodiments. The embodiments include generating a random key address, obtaining a pre-stored key using the random key address, and re-arranging portions of the pre-stored key using the random key address. Embodiments also include selecting a dynamic logic operation based on the random key address, receiving data for encryption, and combining portions of the received data for encryption with the re-arranged portions of the pre-stored key using the dynamic logic operation to produce encrypted data. Embodiments include re-arranging portions of the encrypted data based on the random key address and combining the re-arranged portions of the encrypted data with the random key address into an encrypted data packet for transmission. Also provided are embodiments for a transmitter and receiver for performing the encryption and decryption.

Abstract: The disclosure relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The disclosure is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the disclosure suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

Abstract: An encryption device includes an encryption unit that encrypts blocks, obtained by dividing a plaintext, with use of an auxiliary variable, a partial checksum generation unit that generates a plurality of partial checksums on the basis of the blocks obtained by dividing the plaintext, a meta checksum generation unit that generates a meta checksum on the basis of the partial checksums generated by the partial checksum generation unit, and a tag generation unit that generates a tag to be used for detecting tampering, on the basis of the meta checksum generated by the meta checksum generation unit. The encryption device outputs a ciphertext encrypted by the encryption unit and the tag generated by the tag generation unit.

Abstract: A method, non-transitory computer readable medium and device that minimize error conditions with substantially simultaneously and independently generated secret keys includes synchronizing with a mobile device configured to execute a corresponding key generation process. Data obtained based on at least one shared characteristic with the synchronized mobile device is converted into a plurality of binary numbers. At least one bit for each of the plurality of binary numbers which are at least measurably random is identified. An error condition with any of the determined bits for the plurality of binary numbers is identified. At least a portion of the determined bits for the plurality of binary numbers without the detected error condition are selected. A key is generated based on the selected determined bits for the plurality of binary numbers for use in securing communications with the synchronized mobile device.

Abstract: A method of communicating between a terminal device and a back-end system assigned to the terminal device, the terminal device receives via a direct wireless communication link an authorization code from the mobile communication device. Responsive to receiving the authorization code, the terminal device transmits via the direct wireless communication link to the mobile communication device a terminal report message which includes a message content part and a message addressing part. The mobile communication device transmits the terminal report message in a forwarding message via a telecommunications network to a remote message processing system determined by the addressing part. The remote message processing system determines from the addressing part the back-end system assigned to the electronic terminal device and transfers the content part of the terminal report message to the back-end system.

Abstract: Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-range transceiver, such as a contactless card, with a client device such that, once the secure memory block is created in memory of the client device, personal user data may be stored in the secure memory block, and access to the stored personal user data may only be provided to users authorized to review the data.

Abstract: A method for propagating configuration data using a blockchain includes: storing a blockchain comprised of a plurality of blocks, each being comprised of a block header having a timestamp and one or more configuration transactions; receiving one or more configuration data items; generating a new configuration transaction for each configuration data item; hashing a most recent block identified based on the timestamp included in the respective block header to generate a previous block hash value; hashing a combination of the new configuration transactions and/or data associated therewith to generate a current block hash value; generating a new block header, the new block header including a current timestamp, the previous block hash value, the current block hash value, and a digital signature; generating a new block comprised of the new block header and each new configuration transaction; and updating the blockchain by appending the new block.

Abstract: An Autonomous System (AS) may receive an AS route update from a remote AS at an isolated border gateway (BGW) router of an AS. The AS may analyze a data traffic routing path in the AS route update to determine whether the AS route update is a problematic update, the data traffic routing path for routing data traffic through a plurality of ASs that include the AS. In response to determining that the AS route update is a non-problematic update, the AS may implement the AS route update into the one or more operational BGW routers of the AS to route the data traffic between the plurality of ASs. In response to determining that the AS route update is a problematic update, the AS may designate the AS route update from the remote AS as unsuitable for implementation into one or more operational BGW routers of the AS.