Abstract: Formulating a security architecture for an information system is provided. A description of a target environment of the information system is received. The description includes a network zone architecture. A description of one or more security requirements for the information system is received. One or more reference architectures for the information system are selected from a plurality of reference architectures based on the description of the one or more security requirements for the information system. One or more selected reference architectures are adapted to the target environment for the information system.

Abstract: Auditably proving a usage history of an asset, in which the asset includes a hardware security module with at least a public key and a private key. A client application logs hash values of a pair of request data and response data. Usage history of the asset is proved. The proving includes verifying, using the public key, a signature of other hash values of the pair of request data and response data. The other hash values are signed with the private key. The proving further includes comparing the hash values logged by the client application with the other hash values.

Abstract: Systems, devices, and methods are disclosed for enabling private communication between head-mounted displays. A first user dons a first head-mounted display. The first head-mounted display authenticates that the first user is authorized to view information displayed by the first head-mounted display. In response to positive authentication, the first head-mounted display displays the information to the first user. The first user inputs a selection command via an input interface, such as, for example, gazing at particular information, to select some of the displayed information. The first head-mounted display generates a message based on the user selection, which may be encrypted by the first head-mounted display prior to transmission. The first head-mounted display transmits the message to a second head-mounted display, such that the second head-mounted display displays the message to an eye of a second user wearing the second head-mounted display.

Abstract: Example implementations relate to a database and a data stream query. For example, a computing device may include a processor. The processor may receive a query associated with at least one of a database and a buffer storing streamed data from a data stream, where the database stores database data previously stored in the buffer. The processor may identify at least one postponed command relevant to the query, the at least one postponed command being associated with at least one of the database data and the streamed data. The processor may generate a modified query based on the query and the at least one postponed command, the modified query being a modification of the query to account for the at least one postponed command. The processor may process the modified query and provide a query result of the query based on the modified query being processed.

Abstract: A system may facilitate distributed ledger technology (DLT) record based (for example, blockchain-based) voting. A voter may distribute vote-value to answers using committed tokens that bind the voter to a particular vote-value without divulging the particular vote value while in a cryptographic form. The voter may distribute committed tokens to multiple answers. In some cases, the distribution of the committed tokens to multiple answers may frustrate attempts to determine the one or more targets to which the voter delivers a non-null vote-value.

Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.

Abstract: A method of performing an authorization mechanism between a service terminal system (ATM) and a helpdesk system (HD) includes the steps of: sending a request message (RQ) comprising a one-time code (CL), an identifier (CN) for the ATM and a set of access right data (TD) about rights for using the (ATM) by a user (TN); creating a response message (RS) by using the CL, TD, and an ident key (TK) derived from an operation on the CN and a base key (BK), the BK being a common secret of both, the HD and the ATM; sending the RS; creating a reference response message (RS*) by using the CL, the TD, and the TK; and comparing the RS with the RS* to authorize the TN to use the ATM according to the rights being represented by the TD.

Abstract: A facility control service and programmable logic controller (PLC) interfaces enable coordination and optimization of control of various PLCs that use various PLC specific protocols. The facility control service sends control commands formatted in accordance with a secure protocol and respective PLC interfaces convert the control commands into respective PLC specific protocols. In some embodiments, a facility control service employs machine learning techniques to optimize control of PLCs at a facility. Also, in some embodiments, a facility control service coordinates deployment of PLC software to various PLCs in one or more facilities that use various PLC specific protocols.

Abstract: Example techniques described herein relate to a software application that is configured to operate as an add-on software component to audio-playback software on a playback device of a media playback system. An example implementation may involve adding the multiple audio tracks to the playback queue, and before playing back a first audio track, enabling a first add-on component to audio-playback software. The first add-on component corresponds to a first remote source and enabling this component causes a first modification to an equalization of the playback device. The example implementation may also involve before playing back a second audio track, enabling a second add-on component to the audio-playback software. The second add-on component corresponds to the second remote source and enabling this component causes a second modification to the equalization. Enabling the second add-on component disables the first add-on component if enabled.

Abstract: Accessing shared sensitive information in a managed container environment is provided. Each worker node in a plurality of worker nodes has access to shared sensitive application data located in a secure enclave within the plurality of worker nodes using a data encryption key. Each worker node in the plurality of worker nodes protects the data encryption key of each respective worker node using a sealing key that is unique to the secure enclave on a respective worker node.

Abstract: Techniques for authentication for device access are described. In the described techniques, interaction between a client device and an assistant device is utilized to authenticate the client device for access to protected functionality and/or content. For instance, proximity between the client device and the assistant device, and physical authentication of a user with the assistant device, are leveraged for authenticating the client device for access to the protected functionality and/or content.

Abstract: Disclosed are various examples for gateway onboarding for IoT device management. In one embodiment, activation of a gateway is initiated by transmission of a request to activate the gateway to a network address. The request to activate the gateway includes a gateway identifier that uniquely identifies the gateway. A gateway enrollment agent is received. Enrollment of the gateway with the management service is performed using the gateway enrollment agent. The enrollment includes a transmission of a request to enroll the gateway to a management service address and an installation of an enrollment policy received from the management service. The gateway enrollment agent is updated to a gateway management agent that includes an ability to install at least one IoT device management product.

Abstract: A communication apparatus determines whether or not a security function relating to communication of the communication apparatus is set when the information processing apparatus performs direct wireless communication; and controls to prohibit or permit wireless communication with the information processing apparatus in accordance with the determination result.

Abstract: The present invention relates to a method for sharing secure data between players (5) on a net said method comprising a cryptography step for data using an asymmetrical cryptographic method with double keys, each player (5) having at least one said double key. The method includes a step for initializing (STP1) a blockchain that includes an operation for storing, at least one initialization block (26) in the blockchain by a predetermined authority using at least one computer, said at least one initialization block (26) comprising at least one said transaction (36) that includes an identity record (84) of a major player, said authority no longer intervening at the end of the initialization step (STP1) at least outside a reinitialization step of a player.

Abstract: Methods and systems for obtaining a high trust digital signature from a signer utilizing a high trust signature mobile device are described. Some embodiments include receiving, at the high trust signature mobile device, a signature request regarding a document that requires a high trust digital signature. The signature request includes a one-time signer authentication code. The document that requires the high trust digital signature is displayed on the mobile device. Then a plurality of signer verification elements is obtained. Obtaining a plurality of signer verification elements includes obtaining from the signer a signer-specific password. Furthermore, it includes automatically applying the one-time signer authentication code obtained from the signature request. Then the signature request is replied to by providing the plurality of signer verification elements to a server system for verification. Once the signer verification elements are validated, the high trust signature is applied to the document.

Abstract: Methods, systems, and computer readable media for monitoring encrypted packet communications are disclosed. According to one method executed at an encryption aware visibility (EAV) device, the method includes receiving copies of encrypted network traffic flow records belonging to at least one communication session involving a monitored application and obtaining, from a secure session management (SSM) server, session decryption information (SDI) via a secure backchannel interface connection, wherein the session decryption information includes cryptographic keys generated by the SSM server to establish the at least one communication session. The method further includes using the cryptographic keys to decrypt the copies of encrypted network traffic flow records to produce decrypted network traffic flow records.

Abstract: An example operation may include one or more of initiating a timer to begin timing an audit procedure, when the timer expires after a predefined period of time, randomly selecting a committer node member of a blockchain, transmitting a request for a hash of a blockchain block, comparing the hash of the blockchain block, received from the randomly selected committer node, to a known value of the hash of the blockchain block, and determining whether the hash of the blockchain block received matches the known value of the hash of the blockchain block.

Abstract: A secure hub as a communication security apparatus includes a port that receives a packet from a device and transmits the packet to another device. The secure hub also includes a storage area that retains address authentication information containing pairs of a physical address and a logical address of one or more devices. The secure hub further includes a transfer processing unit that determines whether the pair of the physical address and the logical address of the device, and the pair of the another device, each match any pair of the one or more devices when the address authentication information contains the physical address or the logical address of the device and the another device contained in the packet, and discards the packet when the pair of the device and the pair of the another device do not match any of the pairs of the one or more devices.

Abstract: A method for accessing a target application, where the method is applied to a terminal device on which a target application is installed, the target application is set with an application password to access the target application, the terminal device is set with first fingerprint information to unlock the terminal device, the terminal device is further set with an operation sequence corresponding to the first fingerprint information, and the operation sequence includes unlocking the terminal device and accessing the target application.

Abstract: A method for secure device-to-device communication using multilayered ciphers is provided. A selected cipher is employed to generate a pair of encryption/decryption keystreams for enabling multilayered encryption/decryption on a pulsed-index communication (PIC) packet(s). In examples discussed herein, a first layer encryption/decryption is performed by encrypting/decrypting a PIC data(s) (PD(s)) in the PIC packet(s) based on a first of the pair of encryption/decryption keystreams. In addition, a second layer encryption/decryption is performed by encrypting/decrypting selected control information (e.g., information related to encoding/decoding the PD(s)) in the PIC packet(s) based on a second of the pair of encryption/decryption keystreams.