Abstract: A method for collecting and managing event data of a vehicle can be performed by one or more computing systems. The method includes acquiring event data generated by an event data recorder mounted on a vehicle and a first certificate assigned to the vehicle, associating the event data with the first certificate, storing the event data in a first database, acquiring the first certificate and a second certificate assigned to the vehicle, associating the first certificate with the second certificate, and storing the first certificate in a second database.

Abstract: Verification of a data recipient is disclosed, including: sending, to a server, a request for requested information, wherein the request includes identifying information associated with a user; receiving, from the server, at least two pieces of information over different transmission channels; sending, to the server, recovered security data that is generated based at least in part on the at least two pieces of information, wherein the server is configured to determine whether the recovered security data matches stored security data; receiving, from the server, protected requested information associated with the request; and using the recovered security data to recover unprotected requested information based at least in part on the protected requested information.

Abstract: Techniques to provide mobile access to content are disclosed. A request from a mobile application running on a mobile device to access content is received at a connector node. A user credential associated with the request is used to identify at the connector node a policy associated with the request. A policy metadata associated with the policy is provided from the connector node to the mobile application running on the mobile device. The mobile application may include application code that is responsive to the policy metadata to perform, with respect to the request to access content, an action indicated by the policy.

Abstract: Various approaches are disclosed to virtualizing intrusion detection and prevention. Disclosed approaches provide for an embedded system having a hypervisor that provides a virtualized environment supporting any number of guest OSes. The virtualized environment may include a security engine on an internal communication channel between the guest OS and a virtualized hardware interface (e.g., an Ethernet or CAN interface) to analyze network traffic to protect the guest OS from other guest OSes or other network components, and to protect those network components from the guest OS. The security engine may be on a different partition than the guest OS and the virtualized hardware interface providing the components with isolated execution environments that protect against malicious code execution. Each guest OS may have its own security engine customized for the guest OS to account for what is typical or expected traffic for the guest OS.

Abstract: Embodiments of this application disclose a permission verification method, and related apparatuses. In the embodiments of this application, a permission operation request is received by a first node device in a blockchain from a client, and the permission operation request is forwarded to a second node device in the blockchain; a first contract execution result is obtained according to the permission operation request; a second contract execution result broadcasted by the second node device is received based on the permission operation request; and the user permission verification is determined to succeed in a case that the first contract execution result is consistent with the second contract execution result. This solution implements decentralized permission verification based on a blockchain permission management contract system, thereby improving the data security.

Abstract: A data storage device can employ a front end bus for boot operations. The physical connection of a secure boot assembly to the front end bus can provide efficient and reliable booting of the data storage device without a connection to a remote host or network. A secure boot assembly can provide a security module that connects to the boot module of the data storage device to authenticate a trustworthiness of the data storage device while the data storage device is disconnected from any remote host.

Abstract: Computational methods and systems for detecting and troubleshooting anomalous behavior in distributed applications executing in a distributed computing system are described herein. Methods and systems discover nodes comprising the application. Anomaly detection monitors the metrics associated with the nodes for anomalous behavior in order to identify an approximate point in time when anomalous behavior begins to adversely impact performance of the application. Anomaly detection also monitors logs messages associated with the nodes to detect anomalous behavior recorded in the log messages. When anomalous behavior is detected in either the metrics and/or the log messages an alert identifying the anomalous behavior is generated. Troubleshooting guides an administrator and/or application owner to investigate the root cause of the anomalous behavior. Appropriate remedial measures may be determined based on the root cause and automatically or manually executed to correct the problem.

Abstract: Disclosed herein are methods and systems for secure data comparison using data clean rooms. In an embodiment, a computer system generates a replica database based on a provider database, which stores a cross reference table that cross references a client dataset of a client database and a provider dataset of the provider database. The system receives, at the replica database, a table that is generated by the client database using the cross-reference table. The system transmits, from the replica database, the table to the provider database. The system receives, at the replica database, a results dataset that is generated by the provider database by applying a database statement to the provider database using the table generated by the client database. The system shares, from the replica database, the results dataset with the client database.

Abstract: Systems and methods of the present disclosure enable reversible blockchain operations. An operation-reverse operation pair specifies an operation for exchange of a first token for a second token, and a reverse operation for return of the second token for the first token upon at least one condition being satisfied. A self-executing software container (SESC) executes the operation-reverse operation pair according to the condition by detecting a transfer of the first token into a first segregated data structure, and a transfer of the second token from a second token storage to a first token storage. The SESC initiates a transfer of the first token from the first segregated data structure to a second segregated data structure in response to the transfer of the second token. Upon detecting a reverse operation matching the condition, the SESC initiates a transfer of the first token back to the first segregated data structure.

Abstract: A server may perform server side authentication of a user device. The user device may generate a first authentication string by performing a hash function on a username, a password, and a first salt. The first authentication string may be registered with the server for subsequent login attempts. At login, the user device generates the first authentication string and transmits the first authentication string to the server. When the authentication strings match, the user device is authenticated. The user device may also update the first authentication string. The server may provide the first salt and a second salt to the user device. The user device may generate a first authentication string and a second authentication string from the first salt and the second salt, respectively. When the first authentication strings match, the server may update the user device's authentication string by replacing it with the second authentication string.

Abstract: A security device includes an attack detection part, a security risk state determination part, and an execution environment controller. The attack detection part detects a cyber attack on an embedded device controlled by an embedded control device. The security risk state determination part determines a security risk state indicating at least one of a type and degree of risk of threat in a security caused by the cyber attack based on a result of the detection. The execution environment controller is included in the embedded control device, determines a security function against the cyber attack in accordance with the security risk state, and constitutes an execution environment of the security function in the embedded control device so that the embedded control device can execute the security function.

Abstract: Provided is a security information analysis device. This security information analysis device is provided with: one or more security information collection units for acquiring security information, which indicates information pertaining to a certain security concept, from an information providing source capable of providing security information; and a learning unit for creating an analysis model for calculating the importance of the one or more security information collection units according to security information received as an input. The learning unit learns an analysis model according to security information included in one of training data by using training data including multiple pieces of security information, which is pre-collected and pertains to the certain security concept, such that the importance of a security information collection unit capable of acquiring another piece of security information included in the training data is increased.

Abstract: An exemplary apparatus includes a processor and a memory communicatively connected to the processor, the memory containing instructions configuring the processor to store, using a computing device, on an immutable sequential listing, a plurality of user identifiers, wherein each user identifier of the plurality of user identifiers is associated with the same user, each user identifier of the plurality of user identifiers is associated with a plurality of action data, and each of the plurality of user identifiers is associated with a user role of the user, receive, using a computing device, information relating to an element of posting data associated with a posting generator, classify, as a function of the received information, the information to a user identifier of the plurality of user identifiers as a function of the plurality of action data associated with the user identifier and reveal the user identifier to the posting generator.

Abstract: A verification platform may include a data connection to receive a stream of industrial asset data, including a subset of the industrial asset data, from industrial asset sensors. The verification platform may store the subset of industrial asset data into a data store, the subset of industrial asset data being marked as invalid, and record a hash value associated with a compressed representation of the subset of industrial asset data combined with metadata in a secure, distributed ledger (e.g., associated with blockchain technology). The verification platform may then receive a transaction identifier from the secure, distributed ledger and mark the subset of industrial asset data in the data store as being valid after using the transaction identifier to verify that the recorded hash value matches a hash value of an independently created version of the compressed representation of the subset of industrial asset data combined with metadata.

Abstract: An improved One Time Password (iOTP) is used in a two-factor authentication mechanism to decode a username, and the inherent security of the iOTP eliminates the need for a password. When the user is identified by the iOTP, a second challenge is sent. The second challenge may be confirmed by user biometrics or via a PIN code if the user's device does not support biometrics. Benefits of the subject invention include: (1) no username, which eliminates exposure to multiple domain attacks (i.e., attacks on other sites with the same username) that attempt to extract passwords from less secure sites (e.g., where a user used the same username and password across multiple sites); and (2) password-less access—the iOTP replaces both the username and password function, thereby eliminating the need for the user to manage multiple usernames and passwords.

Abstract: A method for securing and authorizing sensitive operations is described. A computing device may receive a first authentication factor from a second computing device based on a request from the second computing device to authorize an operation; upon validating the first authentication factor, send to at least the second computing device and a third computing device, a request for a second authentication factor; and authorize the operation based on validating the second authentication factor from the second computing device or from the third computing device, or from both.

Abstract: Management of IoT devices through a private cloud. An IoT device is coupled to a gateway. A request from the IoT device to connect to a private cloud, wherein the private cloud is used to manage IoT devices, is received at a private cloud control center agent. An identification of the IoT device is determined. The IoT device is onboarded, using the identification, for management through the private cloud. A device profile of the IoT device is generated. The flow of data to and from the IoT device is regulated through application of IoT rules according to the device profile of the IoT device.

Abstract: A machine-assisted method for verifying a video presence that includes: receiving, at a computing device of an identity provider, an authentication request initially sent from a requester to access an account managed by a relying party, different from the identity provider; retrieving, from the authentication request, at least a portion of a video stream feed initially from the requester, to the computing device, the portion of video stream feed portraying a face of the requester; extracting the face of the requester from the portion of the video stream feed; providing a directive to the requester soliciting a corresponding gesture; and receiving a response gesture from the requester.

Abstract: The described embodiments relate to data protection methods, systems, and computer program products. A process-based encrypted data access policing system is proposed based on methods of encrypted data file management, process authentication and authorization, Trojan detection for authorized processes, encryption key generation and caching, and encrypted-file cache management. The process-based encrypted data access policing system may be implemented as a kernel level file system filter and a user-mode filter companion application, which polices the reading/writing of encrypted data in either a server system or an endpoint computer and protects data from data breaches and known or unknown attacks including ransomware and/or phishing attacks.

Abstract: A method and apparatus for using a dynamic security certificate. The method analyzes a browser to access browser information and generates a dynamic security certificate based on the browser information. The method modifies a configuration file for the browser to cause the browser to trust the dynamic security certificate and inserts the dynamic security certificate into the browser to enable a client application to access encrypted data available to the browser. The method may be performed solely upon a user device or have portions thereof performed by a user device and a server.