Abstract: A cyber security system for providing security to a railway, the system comprising: a data monitoring and processing hub; a network comprising a plurality of data collection agents synchronized to a same network clock and configured to monitor railway infrastructure devices and onboard devices of rolling stock having a train communication network (TCN), and forward monitored data to the hub for processing by the hub to detect anomalies in railway operation that are indicative of a cyber-attack; at least one anonymizer configured to scrub information items from data that the hub receives from a data collection agent of the plurality of data collection agents which may be used to identify the cyber security system or the railway for which the system provides security.

Abstract: The present disclosure describes systems and method for performing a vulnerabilities assessment of an organization. A campaign controller executes one or more simulated phishing campaigns directed to a plurality of users of an organization, using a plurality of models determined by the campaign controller based at least on identification of the organization. The campaign controller stores to a database the results of execution of the one or more simulated phishing campaigns and based on the results, the campaign controller determines one or more vulnerabilities to phishing for the organization. In one embodiment, the campaign controller determines a percentage of the plurality of users of the organization that are phish-prone. In some embodiments, the users of the organization that are phish-prone interacted with a link of a simulated phishing communication.

Abstract: This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

Abstract: A computing device may include a memory and a processor configured to cooperate with the memory to store an authentication token having first and second authentication credentials associated therewith. The first and second authentication credentials may be different from one another. The processor may further cooperate with a server to access a session based upon the authentication token.

Abstract: A security analysis method for a control plane and a system therefor are disclosed. The method includes generating a test case for a security property unsuitable for a control plane operation, transmitting the generated test case to target equipment and receiving a response of the control plane for the test case from the target equipment, and diagnosing security for the security property of the target equipment by analyzing the received response. The generating includes generating the test case for the security property by modulating a value of a specific field in a control plane protocol header into a value unsuitable for an operation on standards.

Abstract: To provision a client application on a client device, a user may be provided with a QR code, a one-time password, or a manual entry page for starting a credential provisioning process via a credential provisioning service provided by a credential provisioning server in a secure network. The client application may include information on trusted servers operating in the secure network. The credential provisioning server may operate to perform a sequence of actions to verify user credentials and determine, based on rules applicable to the user, the client device, or a combination thereof, whether the client application is to be provisioned on a client device. If so, the credential provisioning server may operate to generate a key pair, obtain a signed certificate, encrypt them, and send them to the client device such that the client application can use them to establish a mutual secure connection with a trusted server.

Abstract: Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.

Abstract: There is presented a method, a computing device and a computing system for establishing secure communication between computing devices. A method for a first computing device to establish trusted communication with a second computing device comprises the first computing device sending a request to create a secure channel to the second computing device, the request comprising a first cryptographic element and a device identifier. The first computing device receives a channel identifier from the second computing device in response to the request, and a notification over a secure channel using the device identifier, the notification comprising a channel identifier and a second cryptographic element.

Abstract: A method for protecting electronics systems of a vehicle from cyberattacks includes intercepting messages transmitted on a first communications bus between a plurality of Electronic Control Units (ECUs) of a vehicle. The ECUs are communicatively coupled to the first communications bus. At least one recipient ECU that is a recipient of the intercepted messages is determined. The intercepted messages and information indicating the determined at least one recipient ECU are stored in a log. The method further includes detecting a computer attack of the vehicle based on satisfaction of at least one condition of a rule by the stored messages and information in the log and blocking the computer attack of the vehicle by performing an action associated with the rule. The rule may depend on whether one or more intercepted messages are malicious messages and a recipient ECU of the malicious messages.

Abstract: An anonymous credential authentication system receives an anonymous credential signature value indicating that setting proposition information using a credential is satisfied from a user device that has been issued the credential combined with multiple pieces of attribute information constituting personal information, generates signer authentication information that confirms a signer of the anonymous credential signature value using an opening key, and outputs the signer authentication information.

Abstract: Described herein is a system and remote server that may enable a user device to gain access to a secure physical area or physical resource. The remote server may generate, store, and send a first access token to a user device in response to a request to access the physical area or physical resource. The remote server can receive an authentication request from a universal access control device at the location of the physical area or physical resource. The authentication request can contain a second access token and location information of the user device. The remote server can verify the second access token by comparing it to the stored first access token and location information about the access control device. Upon authentication and verification, the user device may gain entry to the secure area.

Abstract: A communication control system includes a first communication control device and a second signal processing device. The first communication control device is connected to a client terminal device and a network communication grid. The second communication control device is connected to a server terminal device and the network communication grid.

Abstract: This disclosure provides an apparatus, method, and non-transitory computer readable medium for operating networking for members and supporting a controlled-access establishment. The apparatus includes a memory and a processor couple to the memory. The memory stores a plurality of member profiles corresponding to a plurality of member devices including a first member profile corresponding to a first member device, where each member profile contains information about a member related to the member a member device.

Abstract: There are provided methods and systems for providing security on endpoints which are used on environment where temporary user access is needed without any session persistence. When a file is requested to be executed on any endpoint, the execution source would be checked for user information. If the file execution is requested by guest and/or pre-configured user accounts or any of the parent process is launched by guest and/or pre-configured user accounts, it is launched inside the secure container to isolate the all resource usage of that application from the rest of the system and user applications. This achieves the isolated data and application execution between temporary session/user files and persistent or system users session files. It enables a secure computing environment on an endpoint for shared and temporary user access enabled endpoints.

Abstract: A management system and a method for secure signing of certificates, which have a certificate signing subsystem set up in a device of a controlled management site, unless authorized externally, internal data of the subsystem cannot be accessed arbitrarily, and each unit applying for a certificate needs confirmation of identity to increase the security of certificate application and signing. In addition, the certificate signing subsystem is a device with arithmetic capability, which operates fast and can increase the efficiency of certificate signing. Because units or companies applying for certificates do not need to set up a certificate signing system by themselves, provided that they are connected to the certificate signing subsystem of the present invention, certificates can be applied for and obtained, thereby saving business operating costs.

Abstract: Methods, systems, and devices for secure endpoint authentication credential control are described. An endpoint agent may receive an indication from an operating system of an endpoint device that the operating has received authentication credentials from a user. The endpoint agent may be housed in the endpoint device, and may detect a change between the received set of authentication credentials and a previous version of authentication credentials. Based on this detection, the endpoint agent may transmit the received authentication credentials to a central server. The central server may transmit the authentication credentials to an information technology (IT) resource which requires user authentication prior to granting access to a user.

Abstract: An electronic device according to an embodiment may include a processor, a wireless communication module, and a security module. The security module may store and manage a shared key and an authentication key. The processor may be configured to receive a request for transmission of the authentication key to a first external electronic device and transmit, to the security module, information and command for generation of the shared key. The security module may generate the shared key based on the information for generation of the shared key, and the security module may transmit, to the first external electronic device, the generated shared key and information associated with the generated shared key. Various other embodiments are possible.

Abstract: The invention relates to a system and method for preventing a protected computing device from executing unauthorized processor commands. A data entry database of the system stores encoded data entered by a human user as data entry events. A command verification module of the system implements an authentication algorithm for determining whether a processor command to be executed by the computing device originates from a trusted source. The command verification module determines the trustworthiness of a processor command as a function of parameters of the processor command, which include an association of the command with one or more of the data entry events. Determination can also be made based on other processor command parameters, such as the type of processor command and/or contextual parameters of the processor command.

Abstract: A security check system using face ID sensing for secure access to an electronic platform includes a light source, a camera disposed adjacent the light source and configured to form an image of the object while a light beam provided by the light source is incident on the object, a computer memory configured to store face ID data of an authorized person, and a processing module configured to analyze the image to extract facial signatures and to determine whether there exists an indication of a retro-reflection, compare the facial signatures to the face ID data to determine whether a match exists, in response to determining that the match exists and the indication of the retro-reflection exists, grant access to the electronic platform, and in response to determining that the match does not exist or the indication of the retro-reflection does not exist, deny access to the electronic platform.

Abstract: A method selectively installs a particular signature on a particular gateway based on the type of signature and the type of computer asset that is protected by that particular gateway. A system and/or analyst receives multiple signatures, where different signatures from the multiple signatures are specific for different types of computer assets. The system and/or analyst identifies and extracts a particular signature, from the multiple signatures, that will protect, if implemented on the appropriate gateway, a particular computer asset. The system and/or analyst identifies the appropriate gateway that protects the particular computer asset, and installs only the extracted particular signature from the multiple signatures on that appropriate gateway.