Abstract: Creating a certificate for a software module. A method includes obtaining a public key for a software module. The method includes obtaining a public key for a software module implemented on a hardware device. The method further includes creating a certificate using the public key by signing the public key using a hardware protected key and hardware protected compute elements. The hardware protected key is protected by a protected portion of the hardware device, and not accessible outside of the protected portion of the hardware device.

Abstract: To provide a log analysis system which is capable of detecting unauthorized access, an analysis device, an analysis method and a storage medium on which an analysis program is stored, a client terminal communicates with an external communication device. A relay device relays communications between the external communication device and the client terminal, in accordance with a request from the client terminal. An analysis device analyzes the content of communications by the client terminal. Then, the client terminal stores program information indicating a program that handled communications with the external communication device. The relay device stores a relay log that indicates each request, made by the client terminal, to communicate with the external communication device. In addition, the analysis device compares the program information and the relay log.

Abstract: Systems and methods for configuring the operation of recording devices that may be removably mounted to a mount. A mount may provide a unique identifier. The unique identifier may be used to select a configuration profile for configuring the operation of the recording device coupled to the mount. A recording device that is moved from one mount to another may receive a different profile in accordance with the identifier of the new mount to control the operation of the recording device while mounted to the new mount. A server may store, retrieve, and provide profiles to recording devices.

Abstract: A method and system for providing secure delivery, transport, modification, exchange of digital design and build files that have been bundled into a digital asset within a complex digital supply chain. The system also provides for quality standards when the digital asset is used to manufacture a physical part, and provides for secure feedback to stakeholders for the purpose of digital logistics, data analytics, or liability. The system includes, but is not limited to, manufacturing, licensing, modification and delegation policy, generating authorization certificates, authenticating manufacturing devices and provide qualitative and quantitative file consumption data.

Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.

Abstract: A device attempts to access a resource that requires a multi-factor authentication (MFA), and receives, from an MFA server device, a challenge form. The device performs natural language processing on the challenge form to determine a first location of an input for a security code and a second location of a verify button. The device provides, to an email server device, a request to access emails associated with a user of the device, and receives access to multiple emails associated with the user. The device processes the multiple emails to identify an MFA email in the multiple emails, and identifies a security code in the MFA email. The device provides the security code at the first location, and selects the verify button at the second location. The device provides the security code to the MFA server device, and receives information indicating whether the device is authenticated.

Abstract: Disclosed are systems and methods for detecting and blocking attacks on electronics systems of a means of transportation. A protection module intercepts messages being transmitted on the buses of the means of transportation and saves the intercepted messages, and also for each intercepted message at least one ECU of the means of transportation which is the recipient of that message. The protection module detects computer attacks on the electronics systems by applying one or more rules, which can be received from a security server, to the saved data in the log. The rules may depend on one or more indicators of compromise that include malicious messages used in a computer attack and information on at least one ECU that is a recipient of the malicious messages. The described system further blocks the computer attacks by blocking, modifying, or changing communications within the communications bus of the vehicle.

Abstract: The present disclosure relates to a system, a method, and a non-transitory computer readable storage medium for deep packet inspection scanning at an application layer of a computer. A method of the presently claimed invention may scan pieces of data received out of order without reassembly at an application layer from a first input state generating one or more output states for each piece of data. The method may then identify that the first input state includes one or more characters that are associated with malicious content. The method may then identify that the data set may include malicious content when the first input state combined with one or more output states matches a known piece of malicious content.

Abstract: A method connecting a user's mobile terminal with a server of a service provider. The method includes: the server stores an identifier of a card assigned to the user by the service provider, corresponding to alias data associated with a user identifier by which the mobile terminal is authenticated with the mobile network; storing, in association with the identifier, first data of a first transaction performed between the user and the service provider by using the card; establishing, via the mobile network and using a service platform capable of obtaining the alias data, a communication link between the mobile terminal and the server, in which the alias data authenticate the user with the server; sending to the mobile terminal information regarding a service provided to the user by the service provider in accordance with the first data stored in association with the card identifier corresponding to the alias data.

Abstract: When a user attempts to access a first application installed on a user device, it can send an authentication request to an authentication server. The authentication server can assign a unique request token to the request and load a script to a component of the operating system executing on the user device that displays content within the first application. The script can cause a portal application to launch on the user device. The portal application can send a request to the authentication server on behalf of the user, including the unique request token and an access token stored by, or accessible to, the portal application. The authentication server can receive the request from the portal application and validate the request based on the unique request token and the access token. Upon validating the request, the authentication server can authenticate the user at the first application.

Abstract: Disclosed is a method for authenticating a user by using an electronic apparatus including an authentication module and a secure module, which includes the following steps: the authentication module transmits a recognition result to the secure module according to a process that allows the authentication module to be authenticated by the secure module; the secure module generates an authentication token by signing, with a private key stored in the secure module, data including data representing at least one feature of the authentication module; and transmitting the generated authentication token. Also disclosed is an associated secure module, electronic apparatus and system.

Abstract: A server in a blockchain distribution network includes a processor and a transceiver operatively coupled to the processor. The transceiver is configured to receive bytes of an encrypted blockchain from a peer node in a peer-to-peer network, where the server is unable to identify a source node that generated the encrypted blockchain based on the received bytes. The transceiver is also configured to propagate the bytes of the encrypted blockchain to one or more additional peer nodes and to one or more additional servers in the blockchain distribution network.

Abstract: A method for authenticating a user by a verifier device. The method includes: receiving a password entered by a user and a first piece of context information entered by the user; calculating a current fingerprint, by applying a one-way function to the password and to the first piece of context information; and verifying that the current calculated fingerprint is equal to a reference fingerprint of a secret, calculated during a preceding authentication of the user, the authentication being successful when the current fingerprint is equal to the reference fingerprint.

Abstract: A method of rolling security for a system that includes multiple server groups, such as a first server group of one or more servers and a second server group of one or more servers. The method includes repeatedly initiating rebuilding of the first server group of one or more servers. The method also includes repeatedly initiating rebuilding of the second server group of one or more servers. The rebuilding of the first server group of one or more servers is staggered in time from the rebuilding of the second server group of one or more servers. The servers may be physical servers or virtual machines. Rolling security may also be applied to software containers, computing devices within a data center, and computing devices outside of a datacenter.

Abstract: An authentication method includes: at a first device, selecting an original key in which a first identifier has a first value and a second identifier has a second value from m original keys and generating an authentication key based on the selected original key and the authentication identifier; at a second device, selecting an authentication key generated from the original key in which the first identifier has the first value and the second identifier has the second value from n authentication keys, generating response data based on challenge data and the authentication key, and notifying the generated response data to the first device; at the first device, generating verification data based on the challenge data and the authentication key, and authenticating the authentication target device by comparing the verification data with the response data.

Abstract: This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

Abstract: Implementations related to coding and/or decoding image data employing video coding with embedded motion are disclosed.

Abstract: Some embodiments relate to a data processing method comprising selecting a key from a plurality of previously stored keys, depending on at least on predefined criterion relating to at least one current value of at least one given repository. Other embodiments relate to a reception method comprising receiving second data obtained by applying, to first obtained data, a first cryptographic function using a key selected from a plurality of previously stored keys, depending on at least one predefined criterion relating to a current value of at least one given repository and for obtaining the first data by applying, to the second received data, a second cryptographic function using a second key associated with the selected key. Further embodiments relate to a processing device and a reception device that respectively implement the processing method and the reception method.

Abstract: A computer system identifies that a user activity on a user device during a first time period corresponds to a first user activity profile. The computer system monitors user activity on a user device during a second time period. The computer system determines that the user activity associated with the second time period does not correspond to the first user activity profile. In response to the determining that the user activity associated with the second time period corresponds to the second user activity profile, the computer system implements one or more security measures.

Abstract: Methods, systems, and computer readable media for network node validation are disclosed. One method occurs at a first network node.