Abstract: An authentication method is used by an automated driving system that includes a vehicle and an external device, the external device communicating with the vehicle to cause the vehicle to implement automated driving. The vehicle holds a first certificate that certifies validity of the vehicle. The external device holds a second certificate that certifies validity of the external device. The authentication method includes: validating a third certificate that certifies validity of a combination of the vehicle and the external device, in accordance with a result of device authentication performed between the vehicle and the external device by reference to the first certificate and the second certificate.

Abstract: A method includes receiving, by a computer system, information related to device health of an electronic device, determining, by the computer system, a health status of the electronic device based at least in part on the received information related to the device health of the electronic device, requesting, by a switch having a port connected to the electronic device, the health status of the electronic device from the computer system, receiving, by the computer system, the request for the health status of the electronic device from the switch, transmitting, by the computer system, the health status of the electronic device to the switch, evaluating, by the switch, the transmitted health status of the electronic device using network access rules associated corresponding to health statuses, and applying, by the switch, a network access control configuration to the port of the switch based on the evaluating the transmitted health status.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: A node in a blockchain network may generate a secret information proof, generate a private/public key pair, encrypt the secret information proof with the private/public key pair, and submit the proof to a blockchain network.

Abstract: The present invention reduces security risks while improving convenience in a utilization control technique of a usage target object. A utilization control device (1) can communicate only via Near Field Communication, and is separated from a network. And in the utilization control device (1), a hole data including a public key is set. In a use permit notification device (2), a use permit and signature are registered for each user ID. The signature is generated by using a private key paired with the public key included in the hole data. The use permit notification device (2) sends the use permit and signature in connection with the ID read from an ID card (3) to the utilization control device (1) via the Near Field Communication.

Abstract: The disclosed embodiments relate to systems and methods for secure and efficient resource access using distributed directory caching techniques. Techniques include obtaining, from a directory service, client directory data associated with a client; providing the client directory data to a computing device associated with the client for caching on the computing device; identifying a request from the client; receiving, from the computing device, the client directory data that was cached on the computing device; and evaluating the request based on the received client directory data.

Abstract: Systems and methods for linking an authentication account to a device may include processor(s) to maintain a plurality of authentication profiles, each authentication profile corresponding to a respective user and including at least one profile image, an immutable identifier, and authentication data used to authenticate the respective user. The processor(s) may receive a request including the device key, an immutable identifier, and a biometric image captured by a camera of a client device. The processor(s) may identify a subset of authentication profiles having respective immutable identifiers that match the immutable identifier from the request. The processor(s) may compare feature(s) extracted from the biometric image of the request to features extracted from the a profile image of the subset of authentication profiles, and link the device key of the client device with an authentication profile in a data structure to register the client device with the authentication server.

Abstract: The present disclosure describes systems and methods for detection and mitigation of malicious encryption. A security agent on an infected computing device may monitor data writes to disk, memory, or network transmission buffers for strings that may represent encryption keys or moduli. The security agent may apply one or more techniques to decode and parse the string to either identify or extract the keys, or rule out the string as containing an encryption key or modulus. If a key is identified, or its presence cannot be excluded, then the security agent may generate an alert and take mitigation actions.

Abstract: Systems and methods are provided for implementing a machine learning approach to modeling entity behavior. Fixed information and periodically updated information may be utilized to predict the behavior of an entity. By incorporating periodically updated information, the system is able to maintain an up-to-date prediction of each entity's behavior, while also accounting for entity action with respect to ongoing obligations. The system may generate behavior scores for the set of entities. In some embodiments, the behavior scores that are generated may indicate the transactional risk associated with each entity. Using the behavior scores generated, a user may be able to assess the credit riskiness of individual entities and instruct one or more individuals assigned to the entities to take one or more actions based on the credit riskiness of the individual entities.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for secured user equipment communications over a user equipment relay. In some embodiments, symmetric or asymmetric encryption may be used for the secured user equipment communications.

Abstract: Techniques are described for communications in an L2 virtual network. In an example, the L2 virtual network includes a plurality of L2 compute instances hosted on a set of host machines and a plurality of L2 virtual network interfaces and L2 virtual switches hosted on a set of network virtualization devices. An L2 virtual network interface emulates an L2 port of the L2 virtual network. Access control list (ACL) information applicable to the L2 port is sent to a network virtualization device that hosts the L2 virtual network interface.

Abstract: A method for execution by one or more processing modules of one or more computing devices begins by encoding data using a dispersed storage error encoding function to produce a plurality of sets of encoded data slices arranged into a plurality of chunksets of encoded data slices. The method continues by selecting a set of storage units for storing the plurality of chunksets and assigning a distributed computing task to each storage unit of the set of storage units. The method then continues by generating a unique key set for each storage unit of the storage units, encrypting each chunkset of encoded data slices with a corresponding one of the unique key sets to produce a plurality of encrypted chunksets and sending an encrypted chunkset of the plurality of encrypted chunksets and an indication of a corresponding distributed computing task to each storage unit of the set of storage units for storage of the encrypted chunksets and execution of the distributed computing task.

Abstract: Methods and systems for malicious non-human user detection on computing devices are described. The method includes collecting, by a processing device, raw data corresponding to a user action, converting, by the processing device, the raw data to features, wherein the features represent characteristics of a human user or a malicious code acting as if it were the human user, and comparing, by the processing device, at least one of the features against a corresponding portion of a characteristic model to differentiate the human user from the malicious code acting as if it were the human user.

Abstract: A creation device includes processing circuitry configured to collect pieces of information about IoT (Internet of Things) apparatuses connected to IoT gateways, and white lists stored in the IoT gateways, the white lists specifying content of communication allowed for each of the IoT apparatuses, calculate a feature value showing communication features of IoT apparatuses for each of the IoT gateways, and degrees of similarity in the feature value among the IoT gateways, based on the collected pieces of information about the IoT apparatuses, and extract, if any of the calculated similarity degrees is equal to or above a predetermined threshold, pieces of white list information about IoT apparatuses to mutually complement white lists stored in IoT gateways, from pieces of white list information about IoT apparatuses included in the white lists.

Abstract: Systems and methods for generating shell-wrapped self-executing programs for conducting cryptographically secure blockchain actions on public, non-permissioned blockchain networks that are cryptographically secure. For example, the shell-wrapped self-executing program may comprise a shell program and the self-executing program. The shell program may contain and output one or more validation characteristics about the self-executing program and coupled data input systems (e.g., oracles) in response to a query about accessing the self-executing program. As such, any entity (e.g., a legacy computing system and/or another self-executing program) that requests to access the self-executing program may first receive information about the validation (if any) of the self-executing program.

Abstract: A method of authorizing a client device to a service includes, by a customer electronic device associated with a customer: defining an access control list that includes permissions for authorized clients of the customer, creating authorization tokens and encoding the ACL into each of the authorization tokens, and distributing the authorization tokens to the authorized clients. The method includes, by a data center that provides a service to one or more of the authorized clients: receiving a service request for the service from a requesting client that includes a submitted authorization token, decoding the submitted authorization token to identify a received ACL in the submitted authorization token, analyzing the received ACL to determine whether the requesting client is an authorized client and the permissions in the received ACL grant the requesting client permission to access the service, and if so, providing the service to the requesting client.

Abstract: Systems and methods of interface-based ACLs in a virtual Layer-2 network. The method can include sending a packet from source compute instance in a virtual network to a destination compute instance via a destination virtual network interface card (destination VNIC) within a first virtual layer 2 network and evaluating an access control list (ACL) for the packet with a source virtual network interface card (source VNIC). ACL information relevant to the packet can be embedded in the packet. The VSRS can receive the packet and can identify the destination VNIC within the first virtual layer 2 network for delivery of the packet based on information received with the packet and mapping information contained within a mapping table. The VSRS can access ACL information from the packet and can apply the ACL information to the packet.

Abstract: In an example implementation according to aspects of the present disclosure, a method may include discovering, by a computing device, a module attached to the computing device, interrogating the module to determine parameters associated with the module, and updating a human-readable interface to include the parameters.

Abstract: A communication system comprising a server and a plurality of clients constrained so that in order to communicate with each other by means of the system they must communicate via the server, the server having access to a set of stored communication rules defining permitted and/or non-permitted communications between the clients and the server being configured to, on receiving a message from a first client designating as recipients a second client and a third client, the first client matching a first set of characteristics stored in the communication rules and the second client and the third client being clients who are not permitted to directly communicate according to the communication rules, alter the communication rules to permit the second and third clients to directly communicate.

Abstract: Techniques for determining whether a public encryption key is vulnerable as the result of deficiencies in pseudorandom number generation algorithms are provided. In some embodiments, a system may compile a database of cryptographic information received from a plurality of sources, including databases, and network traffic monitoring tools. RSA public keys extracted from the cryptographic information may be stored in an organized database in association with corresponding metadata. The system may construct a product tree from all unique collected RSA keys, and may then construct a remainder tree from the product tree, wherein each output remainder may be determined to be a greatest common divisor of one of the RSA keys against all other unique RSA keys in the database. The system may then use the greatest common divisors to factor one or more of the RSA keys and to determine that the factored keys are vulnerable to being compromised.