Abstract: An unmanned vehicle communicates with other unmanned vehicles. When the unmanned vehicle receives a message from another unmanned vehicle, the unmanned vehicle verifies authenticity of the message. For at least some types of messages, if determined that the message is authentic, the unmanned vehicle updates a set of operations the unmanned vehicle will perform in accordance with information in the message.

Abstract: Cipher suites and/or other parameters for cryptographic protection of communications are dynamically selected to more closely match the intended uses of the sessions. A server selects and/or determines, for a cryptographically protected communications session, a plurality of supported cipher suites that may be used for communications with the server over an established protected communications session. A selected cipher suites may be a cipher suite that are selected from a plurality of acceptable cipher suites provided to the server, either implicitly or explicitly. The selection of a cipher suite may further require that the cipher suite be mutually acceptable to the server and one or more parties participating in the cryptographically protected communications session such as a client.

Abstract: Methods and systems are provided to enable access control based on credential properties. Besides authenticating a credential, an authentication service can provide additional credential-related information with respect to a credential such as last updated time. An entity receiving such additional credential-related information can implement access control policies based on the credential-related information. For instance, a user's access rights may be gradually restricted after an initial expiration time and towards a final expiration time. In an example, such access control may be implemented by a client application or client website of the authentication service. Alternatively or additionally, such access control may be implemented by an authorization service used by the client application or client website.

Abstract: Two unmanned vehicles come within communication range of one another. The unmanned vehicles exchange logs of messages each has received. Each of the unmanned vehicles analyzes the messages that it received from the other unmanned vehicle to determine whether any of the received messages warrants changing a set of tasks it was planning to perform. When a message indicates that a task should be changed, the task is updated accordingly.

Abstract: An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a confidence score may be calculated, based at least in part on the response. The access control application may then determine, based at least in part on the score and one or more attributes of the environment, whether to unlock the mobile device or prompt the user to provide an additional response to another security task.

Abstract: Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that identifies a limited set of privileges that the PC application is authorized to perform in connection with the CAR resource. The PC application provides the permitted action token to an access service. The access service limits access, by the PC application, to the CAR resource based on the permitted action token.

Abstract: A service receives a request from a user of a group of users to perform one or more operations requiring group authentication in order for the operations to be performed. In response, the service provides a first user of the group with an image seed and an ordering of the group of users. Each user of the group applies a transformation algorithm to the seed to create an authentication claim. The service receives this claim and determines, based at least in part on the ordering of the group of users, an ordered set of transformations, which are used to create a reference image file. If the received claim matches the reference image file, the service enables performance of the requested one or more operations.

Abstract: A manufacturer of computing equipment may generate a signature for computing equipment by measuring various attributes of the computing equipment, such as the impedance across circuits included in the computing equipment. Verification equipment may be provided to a recipient of the computing equipment. The verification equipment may be configured to generate a signature of the computing equipment over a physical connection between the verification equipment and the computing equipment. A determination may be made whether the computing equipment has been tamper with based at least in part on the signature generated by the manufacturer and the signature generated by the recipient.

Abstract: A system and method for generating a signature for a document using an identity verification token. The identity verification token receives a request that includes a set of credential data from a signatory, obtains a document identifier that identifies the document to a service provider, and obtains a token identifier that identifies the identity verification token to the service provider. The identity verification token generates the signature based at least in part on the obtained document identifier, the received set of credential data, and obtained the token identifier, and provides the signature.

Abstract: A method and apparatus for path detection are disclosed. In the method and apparatus, a data path may link two path-end nodes in a network. Event data for the network may be received and may be used to determine, for each node resident on the path, proximity measures to each path-end node. The proximity measure of network nodes may be evaluated to determine whether a path exists between the two path-end nodes.

Abstract: Techniques for providing secure erase of data stored on a storage device may be provided. For example, a storage device comprising a first layer of firmware that is configured to receive access requests for data stored on a storage device may be in communication with a second layer of firmware. The second layer of firmware may be configured to receive, from the first layer of firmware, a request to erase a portion of the data stored on the storage device and verify the first layer of firmware before processing the erase request. In an embodiment, upon verifying the first layer of firmware, the second layer of firmware may block subsequent read requests for one or more physical blocks of the storage device that correspond to the portion of the data indicated in the erase request.

Abstract: Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that identifies a limited set of privileges that the PC application is authorized to perform in connection with the CAR resource. The PC application provides the permitted action token to an access service. The access service limits access, by the PC application, to the CAR resource based on the permitted action token.

Abstract: An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and a security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a confidence score may be calculated, based at least in part on the response. The access control application may then determine, based at least in part on the score and one or more attributes of the environment, whether to unlock the mobile device or prompt the user to provide an additional response to another security task.

Abstract: Disclosed are various embodiments for identifying characteristics of developers of problematic software. Report data generated by a security analysis tool is received, which is based at least in part on a security analysis of a program or an operational configuration. The report data indicates one or more security issues identified in the program or the operational configuration. A user is identified who is responsible for at least a threshold impact of the security issue(s). Coding or configuration characteristics associated with the user are then determined.

Abstract: A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping value and returned to a requesting client or service.

Abstract: A service receives a request from a user of a group of users to perform one or more operations requiring group authentication in order for the operations to be performed. In response, the service provides a first user of the group with a musical seed and an ordering of the group of users. Each user of the group applies a transformation algorithm to the seed to create an authentication claim. The service receives this claim and determines, based at least in part on the ordering of the group of users, an ordered set of transformations, which are used to create a reference audio signal. If the received claim matches the reference audio signal, the service enables performance of the requested one or more operations.

Abstract: A method and apparatus for device authentication are provided. In the method and apparatus, authentication data for a first device is received. The first device is then authenticated based at least in part on demonstrated access to authentication data prior to broadcast of the authentication data. One or more actions may be taken in response to the authentication of the first device based at least in part on the demonstrated access to the authentication data.

Abstract: Devices such as vehicles, remote sensors, and so forth consume energy during operation. Described herein are systems, devices, and methods for transferring energy from an uncrewed autonomous vehicle to a vehicle such as a car. The uncrewed autonomous vehicle may locate the vehicle at a rendezvous location, and connect with the vehicle while the vehicle moves. Once the uncrewed autonomous vehicle connects to the vehicle, the uncrewed autonomous vehicle may transfer the energy to the vehicle.

Abstract: Disclosed are various embodiments for active data that tracks usage. The active data includes instructions that are executable by a computing device. The computing device is scanned to identify characteristics of the computing device. The characteristics of the computing device are utilized to determine whether the usage of the active data is authorized. Data is transmitted to a network service, including identifying information for the particular computing device and data that identifies a deployment of the active data.

Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.