Abstract: The present application is directed to a method for enhancing security. The method includes a step of sending a request to a cloud provider to create a server on a cloud. The method also includes a step of receiving a notification from the cloud provider that the requested server is available on the cloud. The method also includes a step of embedding the server with a VPN service. The method further includes a step of sending a credential of the server to an entity on the network. Yet further, the method includes a step of reviewing a list of servers created by the cloud provider. Yet even further, the method includes a step of evaluating progress of server generation by the cloud provider and one or more additional cloud providers. The application is also directed to system for enhancing security on a cloud server.

Abstract: A method for user identity authentication using virtual reality includes presenting one or more virtual elements on a virtual reality (VR) scenario of a VR application for initiating a service, identifying, using one or more sensors communicably coupled to the VR device, one or more interactive operations of a user of the VR device with the one or more virtual elements, determining whether the one or more interactive operations match one or more predetermined operations for selecting the one or more virtual elements to initiate the service and trigger biometric authentication for user identity authentication, invoking biometric authentication if the one or more interactive operations match one or more predetermined operations, presenting a virtual guidance in the VR scenario for guiding the user to perform the biometric authentication, and presenting a service interface to the user if the biometric authentication is successful.

Abstract: A method of digital forensics based on blockchain technology and a fine-grained access control scheme, using a finite state machine (FSM) based on smart contracts to manage a digital certificate, where a law enforcement agency ends the warrant request to a court and upon approval of the request collects the forensics data by obtaining the master secret key for accessing the forensic data from a plurality of authorities. The forensics data are encrypted by D-KP-ABE (Distributed Key Police Attribute-based Encryption) with privacy-preserved access policy. The secret sharings are required to form the decryption key for accessing the forensics data. The secret sharings are distributed among the plurality of authorized authorities so that no individual authority has a complete master key by itself. Each state of the FSM requires digital signature(s) of at least one specific authorized authority for transitioning to a next state.

Abstract: A method for providing a brain computer interface that includes detecting a neural signal of a user in response to a calibration session having a time-locked component and a spontaneous component; generating a user-specific calibration model based on the neural signal; prompting the user to undergo a verification session, the verification session having a time-locked component and a spontaneous component; detecting a neural signal contemporaneously with delivery of the verification session; generating an output of the user-specific calibration model from the neural signal; based upon a comparison operation between processed outputs, determining an authentication status of the user; and performing an authenticated action.

Abstract: At least some embodiments of the present disclosure provide a system that can collect metadata from objects on at least one platform; evaluate, based on the collected metadata, at least one lifecycle policy to provide derived metadata; evaluate, based on the derived metadata, at least one security and analytics policy; and based on evaluation of the at least one security and analytics policy, perform at least one action on at least one first object, wherein the at least one first object is on the at least one platform.

Abstract: A reprogramming method of a vehicle includes authenticating a diagnostor; receiving integrated firmware comprising a plurality of firmwares that correspond to a plurality of target controllers, respectively, from the diagnostor that is completely authenticated; authenticating the integrated firmware; encrypting and storing the plurality of firmwares included in the integrated firmware; and generating encryption keys that corresponds the plurality of target controllers, respectively apparatus. The encrypting and storing comprises encrypting and storing the plurality of firmwares to the encryption keys that correspond to the plurality of firmwares, respectively.

Abstract: A secure key system is described that distributes a private key of a key server to an edge server for encryption on behalf of an owner of the private key when establishing a session with a client. To distribute the private key, the key server receives from the edge server a quote generated by a secure enclave of the edge server. The quote attests to code of the secure enclave. The key server verifies the quote to ensure that the code of the secure enclave is trusted code. The key server encrypts the private key using a key of the edge server and sends the encrypted private key to the code of the secure enclave. The code of the secure enclave decrypts the private key using its key. Untrusted code of the edge server then requests the code of the secure enclave to perform cryptographic actions using the private key.

Abstract: Systems, methods, and computer-readable media for generating a keystream using media data and using the keystream to encrypt and decrypt messages are described herein. The keystream may be generated independently and at least partially in parallel by both a sender and a receiver of a message. The sender may use its independently generated keystream to encrypt a message and a receiver may use its independently generated keystream to decrypt the message. Both the sender and receiver may utilize the same algorithm for generating their respective keystreams, thereby ensuring that the same keystream is generated by both sender and receiver. The sender may share a session key with a receiver using an asymmetric encryption technique. The session key may contain a collection of subkeys. Both the sender and the receiver may independently determine media database indices that match the subkeys and aggregate the corresponding media data streams to obtain the keystream.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for utilizing an access log of a proxy server device of a content delivery network (CDN) to detect and mitigate a denial of service (DOS) on a web or content server hosted by the CDN. Through an analysis of the content requests received at the proxy server listed in the access logs, one or more IP addresses may be identified as involved in a potential DOS attack or other suspicious behavior. Once identified, the suspicious activities of the one or more IP addresses may be tracked and aggregated over a particular period of time, with each detected suspicious request to the content server being counted. The count of suspicious requests to the content server may then be compared to one or more threshold values and a remediation action may occur when the thresholds are met or exceeded.

Abstract: Systems and methods are provided for use in implementing access controls to content blocks of a user profile associated with a user. One exemplary system includes an access engine configured to receive an access command from a user, via a communication device, to access the user profile. The access command includes a designation of at least one the content blocks for access by a provider, an identity of the provider, and a duration of the access. The access engine is configured to also modify a permission associated with the designated content block(s) in relation to the provider to permit the access by the provider, and to expose the content block(s) to the provider, thereby granting the access for the provider to the content block(s). The access engine is configured to further terminate the access of the provider to the content block(s) when the duration of the access expires.

Abstract: Aspects of the disclosure relate to multicomputer systems and methods for data authentication and event execution using a blockchain approach. Any full node computing device in a network, including a data authentication and event execution computing platform, may receive data from one or more sources. The computing platform may verify the authenticity of at least one aspect of the received data. Once the authenticity of the data has been verified, the computing platform may generate a new block of a user's blockchain by cryptographically encrypting the received data, may add the new block to the user's blockchain, and may store the updated blockchain. The platform may then transmit an indication that the received data has been authenticated to the data source. In addition, the computing platform may generate a command configured to execute an action associated with the new block and may transmit the command to the data source.

Abstract: Encrypted memory access using page table attributes is disclosed. One example is a memory system including a memory controller at a memory interface. The memory controller includes an encryptor to control a plurality of memory access keys respectively associated with memory regions, where each memory region is allocated to a respective client, and an access manager to receive an access request from a client, the access request including a client access key to access a memory element. The access manager looks up a memory access key from a page table attribute associated with a physical address of the memory element, and determines if the access request is valid by comparing the client access key with the memory access key associated with the memory region that includes the memory element. Based on the determination and a mode of operation, the access manager provides a response to the access request.

Abstract: Adding an internet location to a greylist includes receiving a login pairing that includes login credentials and an internet location that the login credentials are received from. A successful login number of prior successful logins associated with the login pairing is determined and the internet location may be added to the greylist based at least in part on the successful login number.

Abstract: The invention utilizes a two-component system to detect third party security threats and drive improved security threat mitigation based on the detection. The first component of the system is a security threat assessment engine, which receives and/or identifies external data and internal data regarding third parties in order to determine information security threats posed by third parties. The second component of the system is an analytics engine, which may comprise a machine learning component which is configured to detect threat patterns and anomalies. In response to the detection of the threat patterns and anomalies the security threat assessment engine may be modified in order to more accurately determine security threats.

Abstract: Credential phishing attacks mitigation is disclosed. A URL that is associated with a suspicious web page is received. The suspicious web page is one that includes at least one element soliciting at least one credential. An artificial credential is provided to the suspicious web page. A determination is made that an attempt has been made to use the artificial credential to access a resource. In response to the determination that the attempt has been made, at least one remedial action is taken with respect to the suspicious web page.

Abstract: Methods, devices, and systems are provided for providing continuous authentication to a user having a wearable device in an access control system. The wearable device allows the authentication of the user to be maintained until an authentication interruption signal is received. The interruption signal may be based on user biometrics, a state of the wearable device, a communication range of the wearable device with a trusted mobile device, and more. Upon receiving the interruption signal, the continuous authentication for the wearable device, and the user, may be revoked, destroyed, or disabled.

Abstract: The present application discloses a method and a device for vehicle security communication, a vehicle multimedia system, and a vehicle. The method applied to a security chip comprises: receiving a control instruction from a network system when the network system is connected, wherein the control instruction includes encrypted control data; decrypting the encrypted control data in the control instruction; obtaining the decrypted control data when the decryption is successful; and transmitting the decrypted control data to the vehicle body system to make the vehicle body system control the vehicle to perform a target operation according to the decrypted control data.

Abstract: A system, computer program product, and computer-executable method of providing a layout-independent cryptographic stamp of a distributed data set from a data storage system, the system, computer program product, and computer-executable method comprising receiving a request for a cryptographic stamp of the distributed data set, creating a hash of each slice of the distributed data set, and using each hash from each slice of the distribute data set to create the cryptographic stamp of the distributed data set.

Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.

Abstract: An input is received from a client device and is indicative of a desire to add a device for secure operations. Artifacts are generated and a quick response (QR) code is generated that represents the artifacts. The QR code is transmitted to the client device where it can be read by the device to be added, so the artifacts can be used in performing the secure operations.