Abstract: A computer-implemented method for dynamically disabling an end-to-end encryption session within an online meeting session is provided. The method comprises engaging in an online meeting session in which an end-to-end encryption session is enabled. The method further comprises sending, to a key orchestration server, a first encrypted message in which the contents of the first encrypted message are instructions to disable the end-to-end encryption session. The method further comprises receiving, from the key orchestration server, a second encrypted message that indicates that a participant has initiated disabling of the end-to-end encryption session. In response to receiving the second encrypted message disabling the end-to-end encryption session while maintaining the online meeting session.

Abstract: Mitigating multiple authentications for a geo-distributed security service is disclosed. A request to access a web service from a client device is received. The request is redirected to a geo-distributed authentication service including a distributed cache for storing a user's authentication authorization. An authorization token included in a distributed authentication cache cookie and uniform resource locator (URL) for the web service to facilitate secure access to the web service from the client device are returned.

Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Abstract: The following relates generally to data retrieval and user authentication. In some embodiments, a user is authenticated in a native mobile application. The native mobile application then obtains an authorization code, and calls an application programming interface (API) to store contextual data about the user. The API then returns, to the native mobile application, a retrieval data token. The native mobile application then launches a chat application via a universal resource identifier (URI), and passes an identification (ID) parameter to the chat application. The chat application then passes the ID parameter to a customer service provider, which then retrieves an access token based upon the authorization code. The customer service provider then retrieves, from the API, the contextual data based upon the: (i) access token, and (ii) retrieval data token.

Abstract: A method of protecting a model, which relates to a field of computer, a field of artificial intelligence, and may be applied to an AI model protection scenarios. The method includes: generating a WASM file for providing a runtime environment for a target model, the WASM file containing a corresponding model inference algorithm and security verification algorithm, wherein the security verification algorithm is configured to perform at least one security verification operation to protect the target model, the at least one security verification operation is selected from: a verification of a host environment; a verification of an integrity of the WASM file; a verification of an integrity of the model file generated corresponding to an original model file of the target model; a timeout verification of a specified inference process during a model inference process; or a timeout verification of an entire inference process during the model inference process.

Abstract: A key generation technology of the present disclosure does not additionally set a combinational logic circuit on an original path of a scanning flip-flop, but utilizes a plurality of existing combinational logic circuits in a circuit system to generate multiple values of a key. Correspondingly, a key generation unit used in the key generation technology has two data flip-flops. One of the data flip-flops is used as a data flip-flop in one of a plurality of scanning flip-flops. The other data flip-flop is to obtain a node data signal of a node in the corresponding combinational logic circuit as one of the values of the key.

Abstract: A method and an apparatus for determining a security protection mode. In the method, a terminal device may determine a security protection mode of a second communications mode based on security protection information in a first communications mode. In this way, when switching from the first communications mode to the second communications mode, the terminal device may directly use the security protection mode corresponding to the second communications mode to protect transmitted data, so as to ensure data security of the terminal device after communications mode switching is performed.

Abstract: A second party receives confirmation that a first party agrees to a statement. The second party receives a piece of information after said confirmation and after a cryptographic signature of the first party. To attest to this, the second party generates their own cryptographic signature by signing a portion of data comprising said piece of information or a transformation thereof. A network of nodes is then sent one or more transactions comprising the first and second signatures. Transactions are propagated across the network to be recorded in a blockchain on condition of meeting a validation condition. The validation condition for one of the one or more transactions is that the first signature is included in one of the one or more transactions, the second signature is included in one of the one or more transactions, and the second signature was generated by signing the particular portion of data.

Abstract: An integrated circuit is provided which includes a physically unclonable function (PUF). The integrated circuit comprises a PUF block including a plurality of physically unclonable function (PUF) cells configured to output a cell signal having a unique value according to an input, a conversion unit is configured to receive the cell signal as input, convert the cell signal, and output a conversion signal. A select signal generator provides a first selection signal to the conversion unit. A key generator is configured to receive the conversion signal from the conversion unit and generate a security key therefrom, wherein the conversion unit includes a first layer which outputs a second signal obtained by converting a provided first signal on the basis of a bit value of the first selection signal.

Abstract: A trusted device, such as a wristwatch, is provided with authentication circuitry, used to perform an authentication operation to switch the trusted device into an authenticated state. Retention monitoring circuitry monitors the physical possession of the trusted device by the user following the authentication operation and switches the trusted device out of an authenticated state if the trusted device does not remain in the physical possession of the user. While the trusted device remains in the physical possession of the user, communication triggering circuitry is used to detect a request to establish communication with a target device that is one of a plurality of different target devices and communication circuitry is used to communicate with that target device using an authenticated identity of the user.

Abstract: The present invention relates to methods, apparatus, and products for generating a data warehouse index. Generating a data warehouse index includes storing a refresh token for a user and obtaining, automatically without user interaction, an access token for the user from an identity provider. Subsequently, one or more queries are submitted to a data warehouse requesting connection information for data structures of the data warehouse accessible by the user. During the query submission, the access token for authorization of the user is provided to the data warehouse. One or more responses are then received from the data warehouse specifying connection information for data structures of the data warehouse accessible by the user. Finally, an index of the data warehouse for the user based on the received connection information for data structures of the data warehouse accessible by the user.

Abstract: Methods, systems, and computer readable media for managing network function (NF) request messages at a security edge protection proxy (SEPP) are disclosed. One method comprises receiving, by a SEPP and from an NF service consumer, an initial NF request message and obtaining a target NF type identifier, a requestor NF type identifier, and a network identifier from the initial NF request message. The method further includes utilizing the target NF type identifier, the requestor NF type identifier, and the network identifier to determine whether the initial NF request message is to be blocked by an associated service based interface at the SEPP and discarding, by the SEPP, the initial NF request message if the initial NF request message is determined to be blocked by the associated service based interface.

Abstract: An example operation includes one or more of determining a portion of memory in a transport for storing sensitive temporary data, setting a hardware threshold of a maximum number of reads of the data from the portion of memory, and clearing the data from the portion of memory with a hardware-enabled trigger in response to the maximum number of reads is reached.

Abstract: A user authentication system includes a main body device and an authentication device. The main body device has an authentication code transmission requesting unit, a verification unit, and an unlocking unit. The authentication code transmission requesting unit generates an authentication code transmission request including a first value, and transmits the authentication code transmission request to the authentication device. The authentication device generates an authentication code in response to the first value in the authentication code transmission request, and transmits the authentication code to the main body device. The verification unit determines that authentication is successful if the authentication code is received from the authentication device. When the verification unit determines that the authentication is successful, the unlocking unit enables a predetermined functionality.

Abstract: Ensuring privacy consent for handling of occupant vehicle data is provided. A feature identification vector indicative of an identity of a vehicle occupant of a vehicle is identified. The feature identification vector is used to identify whether consent for use of vehicle data was provided by the vehicle occupant. The consent is requested responsive to the identity of the vehicle occupant not having consented to data collection. Responsive to the consent being given by the vehicle occupant, the consent and the feature identification vector of the vehicle occupant is stored in a storage of the vehicle. The vehicle data is uploaded in accordance with whether the consent was granted for the vehicle occupant.

Abstract: Token expiration is managed for requests in an asynchronous request-reply pattern of communication. If a token in a request expires, an operation to be performed utilizes a new token to execute the operation. The new token is obtained from a status check sent to a different location than the initial request.

Abstract: Disclosed is a hooking detection method and system that may specify position information of a function referenced by an executable module from an outside or provided to the outside or a unique value of an executable code, and may determine application programming interface (API) hooking based on a classification acquired by comparing unique values or by clustering the unique values.

Abstract: A method for validating an access request with respect to an application is provided. The method includes: receiving an access request from a user with respect to an application; retrieving, from a memory, group identification information that relates to at least one group to which the user belongs; retrieving, from the memory, scope information that indicates qualifications and/or characteristics of a relationship between the user and the at least one group; and generating a token that notifies the application of the group identification information and the scope information, and is usable by the application for validating the access request. The method may be implemented in an Active Directory Federation Services (AD FS) environment.

Abstract: A system and method for determining physical locations associated with activities detected on mobile devices is disclosed. The method includes accessing at least one enterprise rule set which is based on a plurality of security vulnerability events, and for monitoring at least one application used on the mobile devices. Device data indicative of one or more actions performed on a mobile device and a time associated with each action is used to detect whether actions performed on the mobile device breach a rule of the enterprise rule set. Geolocation information associated with the mobile device at the time associated with the breach is received based on an identifier associated with the mobile device or with wireless network access points in range of the mobile device. The received geolocation information, enterprise rules, and device data is used determine if a security vulnerability is associated with the mobile device.

Abstract: Various embodiments of a system and methods for reasoning about enterprise-related external cyber threats using a rule-leaning approach are disclosed.