Abstract: A control method of an electronic apparatus includes identifying whether an external device is located within a reference radius of the electronic apparatus; based on the external device being located within the reference radius, obtaining distance information between the identified external device and the electronic apparatus; identifying a standby time based on the distance information; and based on the standby time elapsing, performing connection with the external device.

Abstract: A method of encrypting data at an electronic device where the electronic device is associated with a key device. Each device is associated with an asymmetric cryptography pair, each pair including a first private key and a first public key. Respective second private and public keys may be determined based on the first private key, first public key and a deterministic key. A secret may be determined based on the second private and public keys. The data at the electronic device may be encrypted using the determined secret or an encryption key that is based on the secret. Information indicative of the deterministic key may be sent to the key device where the information may be stored.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: A method of exchanging data between devices is provided. The method includes a first device detecting a user's intention to transmit data, generating first identification information for the data by using biometric data obtained from the user, and transmitting the data and the first identification information to a personalized cloud storage, and a second device detecting the user's intention to receive the data, generating second identification information by using the biometric data obtained from the user, requesting the personalized cloud storage for the data by using the second identification information, and receiving and storing the data from the personalized cloud storage.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: Embodiments of this application disclose a software integrity protection method and apparatus. A first device obtains a first software package, where the first software package includes a first signature made by a first party for a second software package by using a first private key; and the first device performs a signing operation on the first software package by using a second private key, to obtain a third software package including a second signature, where the first private key is controlled by the first party, and the second private key is controlled by a second party. The first device sends the third software package to a second device. The second device verifies the first signature and the second signature in the third software package respectively based on a first public key and a second public key that are prestored, to obtain a verification result.

Abstract: A method of determining a target path according to a source electronic control unit (ECU) mounted on a vehicle is provided. The method includes obtaining state information of a plurality of paths connecting the source ECU with a destination ECU, selecting the target path for target data from among the plurality of paths based on the state information, and transmitting the target data to the destination ECU through an ECU located on the selected target path, the state information including information about at least one of power consumption of an ECU located on the paths, a temperature of the ECU located on the paths, a latency of the paths, and a transmission success rate of the paths.

Abstract: A wireless communication system includes a server supporting multi-service, multi-advertising, and multi-connection and a plurality of client devices simultaneously receiving a first advertising signal and a second advertising signal from the server through Bluetooth Low Energy (BLE) communication, wherein the first advertising signal includes a first media access control (MAC) address, and the second advertising signal includes a second MAC address different from the first MAC address.

Abstract: A method for managing a request to pair a first item of equipment with a second item of equipment is implemented by a device for managing a pairing request. The managing device is configured to communicate with the first item of equipment via an optical communication channel. The managing method includes: reception, via the optical communication channel, of a pairing request including data representative of the identity of the first item of equipment; and if the pairing request is authorized, transmission, via the optical communication channel, of a security key to the first item of equipment to be used during communications between the first item of equipment and the second item of equipment once the items of equipment have been paired.

Abstract: A cross-blockchain data migration method includes obtaining, by a first node in a first blockchain network, from a first blockchain in the first blockchain network, first service data information corresponding to a first data structure mode stored in a first block in the first blockchain and obtaining a second data structure mode associated with a second block in a second blockchain corresponding to a second blockchain network. The method further includes converting the first service data information to second service data information corresponding to the second data structure mode and establishing a hash mapping relationship between the first service data information and the second service data information in the first blockchain. The method also includes migrating the second service data information to a second node in the second blockchain network based on the hash mapping relationship.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: Systems and methods for a software development lifecycle traceability tool. In some aspects, the system may implement a traceability tool that generates a system data stream for an SDLC management platform that stitches together source data from multiple sources, trains a machine learning model to generate progress information and execution risks for a user story on the SDLC management platform, generates a graphical user interface with information for each user story and corresponding progress tracking indicia based on output from the machine learning model, and generates an event-based view of prior actions for each user story and one or more recommended actions to address execution risks.

Abstract: A control method for an information processing apparatus controlled by a computer is executed by the computer and includes performing a first input to accept an input of first authentication information, performing a second input to accept an input of another authentication information different from the first authentication information, executing first processing on condition of success of authentication with the first authentication information input in the first input and success of authentication with the another authentication information input in the second input, and executing second processing on condition of success of at least one of authentication with the first authentication information input in the first input or authentication with the another authentication information input in the second input.

Abstract: Novel tools and techniques are provided for utilizing blockchain to implement named data networking. In various embodiments, a computing system might determine whether a cache that is communicatively coupled to the computing system contains data that is responsive to a first request received from a user. If so, the computing system might retrieve and send (to the client device) data that is responsive to the received first request. If not, the computing system might send, to a blockchain system, a second request for identifying a blockchain containing a block containing data responsive to the received first request. In response to identifying such a blockchain, the computing system might receive a copy of the identified blockchain; might abstract, from the identified blockchain, the block containing the data responsive to the received first request; might abstract the data from the identified block; and might send the data to the client device.

Abstract: A processor includes an execution unit for executing a message padding instruction including an operand field indicating a register buffering a message block segment of a message block to be padded and a mode field indicating which hash functions is to be applied to the message block. The execution unit includes a padding circuit configured to receive a message block segment from a register indicated by the operand field, where the message block spans multiple registers in a register file. Based on which hash function is indicated by the mode field, the padding circuit selects a byte location in the message block segment at which to insert at least one padding byte and inserts the at least one padding byte at the byte location within the message block segment. The message block segment as padded by the at least one padding byte is written back to the register file.

Abstract: A platform identifier for a first node may be determined based on hardware characteristics of the first node. The platform identifier may be sent to a certification service via non-network communication. Certificate information associated with the platform identifier may be received from the certification service via non-network communication. A key pair may be generated at a first node application enclave of the first node. The key pair may include a public key of the first node and an associated private key of the first node. A request to generate a signed digital certificate may be sent to a digital certificate manager, the request including the public key of the first node and the certificate information. A signed digital certificate including the public key and the certificate information may be received from the digital certificate manager, and the signed digital certificate may be stored at the first node application enclave.

Abstract: A communication device may be configured to receive a sending request by executing communication at a network layer or above of an Open System Interconnection reference model. The communication device may be configured to, in a case where the sending request is received, send a public key by executing communication at the network layer or above. The communication device may be configured to, after the public key has been sent, receive an authentication request. The communication device may be configured to, in a case where the authentication request is received, send an authentication response. The communication device may be configured to, after the authentication response has been sent, receive first connection information. The communication device may be configured to, in a case where the first connection information is received, establish a second wireless connection with an external device by using the first connection information.

Abstract: Key derivation for account management is disclosed, including: generating an account private key associated with a new account; generating a compute key associated with the new account based at least in part on the account private key, wherein the compute key is usable to verify a new transaction to be confirmed on a blockchain, and wherein the new transaction is initiated by the new account; and generating a view key associated with the new account based at least in part on the account private key, wherein the view key is usable to decrypt a portion of a confirmed transaction on the blockchain that belongs to the new account.

Abstract: Systems and methods for connecting devices via a virtual global network are disclosed. In one embodiment the network system may comprise a first device in communication with a first endpoint device and a second device in communication with a second endpoint device. The first and second devices may be connected with a communication path. The communication path may comprise one or more intermediate tunnels connecting each endpoint device to one or more intermediate access point servers and one or more control servers.

Abstract: An apparatus for managing delegation consensus of a blockchain network, obtains state information including trust of each delegated node in the current epoch of the blockchain network, determines an action including a delegation rate by performing a neural network operation on the state information, creates, according to the determined action, a local trust opinion (hereinafter, LTO) matrix representing a mutual subjective evaluation of each delegated node, and selects, based on the trust calculated using the LTO matrix, K delegated nodes according to the determined delegation rate among N nodes.

Abstract: A method includes receiving, by a computing device, a message from a host device. In response to receiving the message, the computing device generates an identifier, a certificate, and a key. The identifier is associated with an identity of the computing device, and the certificate is generated using the message. The computing device sends the identifier, the certificate, and the key to the host device. The host device verifies the identity of the computing device using the identifier, the certificate, and the key.

Abstract: A network interface controller includes processing circuitry configured to pair with a local root of trust of a host device connected to the network interface controller and provide a key to an encryption device of the host device that enables the encryption device to encrypt data of one or more host device applications using the key. The encrypted data are stored in host device memory. The processing circuitry is configured to share the key with a remote endpoint and forward the encrypted data from the host device memory to the remote endpoint.

Abstract: Systems, methods, articles of manufacture for authentication of payment cards. A server may assign, in a database, an expected card identifier to a contactless card, the contactless card associated with an account. The server may receive, from a client device, a request comprising a uniform resource locator (URL), a parameter of the URL comprising a card identifier, wherein the URL is transmitted by the contactless card to the client device. The server may extract the card identifier from the URL and compare the extracted card identifier to the expected card identifier in the database. The server may determine, based on the comparison, that the extracted card identifier matches the expected card identifier. The server may authenticate the request based on the extracted card identifier matching the expected card identifier, and transmit, to the client device, an indication specifying that the request was authenticated.

Abstract: A system and method for privacy policy enforcement to ensure reconciliation between users communicating via an open system interconnection (OSI) communication architecture, with receiving of a privacy policy for at least one user's device and a usage policy for at least one user, receiving encryption codes, receiving private data from a first user to be sent to a second user, encrypting by a first server the received data, receiving a privacy policy enforcement vector, and performing selective decryption, by a second server, for each data segment, wherein data segments that correspond to a match between the privacy policy and usage policy are decrypted, and wherein at least one of the first server and the second server is external to the first user and second user.

Abstract: The present description relates to systems and techniques for allowing a third party verifier to verify aspects of secured data, or successful communication thereof. For example, a message or other data may be associated with a shared manifest that describes aspects of some data but does not reveal or expose the data. As a result, the data may be kept private while selective privacy and verification with respect to the data is achieved by the inclusion of only selected aspects of said data in the shared manifest.

Abstract: Systems, devices, and techniques are disclosed for security configuration evaluation. A binary representation of a reference security configuration for an application may be generated. The binary representation of the reference security configuration for the application may be hashed to generate a reference hash for the application. Data for an instance security configuration for an instance of the application may be received. A binary representation of the instance security configuration may be generated from the received data for the instance security configuration. The binary representation of the instance security configuration may be hashed to generate an instance hash. The computing device may determine the distance between the reference hash and the instance hash. The instance security configuration may be determined to be secure if the distance is not greater than a threshold.

Abstract: Methods, devices, and systems for changing a layer 2 (L2) identifier (ID) during an ongoing vehicle-to-everything (V2X) session between a source wireless transmit/receive unit (WTRU) and a peer WTRU include communicating between the source and a peer WTRUs based on an existing layer 2 (L2) identifier (ID). On a condition that a trigger event occurs, the source WTRU generates a new source L2 ID, communicates the new source L2 ID to the peer WTRU, receives from the peer WTRU a message that responds to the new source L2 ID, and communicates between the source WTRU and the peer WTRU based on the new source L2 ID.

Abstract: Techniques are described for controlling a first device that operates in a first mode. In an example, the first device receives, while it is operating in a first mode, a secret from a second device. The first device is capable of wireless data reception and incapable of wireless data transmission in the first mode. The first device determines that the secret is valid. Based at least in part on the secret being valid, the first device performs at least one of: switching an operational mode of the first device from the first mode to a second mode, or performing, while operating in the first mode, a command indicated by the second device. The first device is capable of the wireless data transmission in the second mode.

Abstract: A processor, a system, a machine readable medium, and a method.

Abstract: An input device for inputting a user operation includes a data-for-authentication holding unit that holds data for authentication regarding one or more registered users, a fingerprint sensor that accepts fingerprint information of a user, and a fingerprint authentication unit that checks the accepted fingerprint information against the data for authentication regarding the one or more registered users. When the fingerprint authentication unit 84 succeeds in biometric authentication, a communication unit transmits a network account of the user to an information processing device. The information processing device includes a user authentication unit that checks the received network account against network accounts of registered users held in a registered user information holding unit.

Abstract: A scalable configurable universal complete spectrum identity authentication process that utilizes all or part of at least one computer, and necessary resources for making identity authentication determinations as to whether or not one specific sensor-observed tested person is the same person as the one specific known person he or she claims to be. The identity authentication process makes one-time, intermittently performed, or constantly performed identity authentication determinations regarding any one specific tested person, and it is configurable for doing so at any attainable level of accuracy including 100% accuracy.

Abstract: Systems and methods are disclosed herein for managing group membership. To remove a user from a group, a group management system ensures that the device associated with the user is no longer able to decrypt messages that are sent by other devices in the group, in spite of having a copy of the binary tree associated with the group. Accordingly, the group management system may update private and public keys that the device may access while ensuring that other devices get the updated private and public keys. The group management system may manipulate the binary tree to move the root node and the sibling node of the node associated with the user being removed such that the update to the binary tree ensures the remaining group members are able to properly participate in future group update operation for which the binary tree may be necessary.

Abstract: Methods, systems, and computer programs for providing third-party password-less access to a secure database. A method can include receiving from a first user device, first data indicative of a request to provide password-less access to a data structure in a secure database, encoding a set of permissions into a data string, the encoded set of permissions including (a) a copy of the access key and (b) one or more filtering parameters, generating an electronic message that includes the data string, providing the electronic message to a second user device, receiving data indicative of a selection of the displayed data string, the received data includes the encoded set of permissions, decoding the received data to obtain the set of permissions, accessing the data structure in the secure database using the obtained set of permissions, and providing, to the second user device, password-less access to the real-time stream of content.

Abstract: A plurality of different types of resource access events are identified. For example, a resource access event may be an administration event where a user is given certain access rights to view/modify a resource, such as, a database record. A plurality of blocks are generated, where each block is associated with an individual one of the plurality of different types of resource access events. The plurality of blocks are added to a first resource access blockchain. The blockchain can be used to track the various types of resource access events.

Abstract: The disclosed technology teaches a method for revocation of user credentials for controlling user access to a private permissioned blockchain data structure or decentralized personal ledger, comprising an administrative logic configured to de-configure user private keys from keystores of respective users. The administrative logic further comprises a revocation logic configured to receive a unique identifier linked to a keystore of a particular user in response to the keystore, and the revocation logic is further configured to revoke access of the keystore based on the unique identifier.

Abstract: Systems and methods for providing one or more secure services are disclosed. One method can comprise authenticating and/or authorizing a user device to receive a security token. A request for information can be processed using the security token to facilitate the secure provision of services to the user device.

Abstract: The method includes creating a signed output instruction for outputting a vehicle certificate, having a data record characterising the vehicle, using the blockchain, in the case of a valid signature, receiving the vehicle certificate, outputting the vehicle certificate, wherein the output vehicle certificate includes a machine-readable code, wherein the machine-readable code includes a private cryptographic key of an asymmetric key pair, wherein a public cryptographic key of the asymmetric key pair is identified in the blockchain as a check value for checking a signature of a read request for reading vehicle data of the vehicle certificate from the blockchain.

Abstract: The communication apparatus stores a condition for excluding from a target of the name resolution using the encrypted communication. The communication apparatus requests, in a case where name resolution of a host name requested from an application is to be performed, a first Domain Name System (DNS) server to perform the name resolution of the host name via an encrypted communication path established with the first DNS server at least based on a fact that use of the encrypted communication is set. On the other hand, the communication apparatus requests a second DNS server to perform the name resolution of the host name by plain text based on a fact that non-use of the encrypted communication is set.

Abstract: One example method includes providing temporary access to a computing system and to providing temporary access as a service. The features of a temporary access can be defined by an entity and a user may be able to obtain a token that includes these features, which may be embedded in the token as claims. The user's access is then controlled in accordance with the embedded claims. The temporary access as a service can be federated. The token may include trust levels and tolerance limits. Further, aspects of the temporary access can be monitored and/or changed. Adjustments to trust levels can be automated or manually performed. Further trust for specific users can be gained or lost over time based on at least previous accesses.

Abstract: A method for supporting authentication of a User Equipment, UE, in an Internet Protocol, IP, Multimedia Subsystem, IMS, telecommunication network, by interfacing a Service Based Architecture, SBA, telecommunication network, the method including receiving, by a Unified Data Management, UDM, in the SBA telecommunication network, from a Session Management Function, SMF, in the SBA telecommunication network, binding information, wherein the binding information is used to identify the UE in the IMS telecommunication network; receiving, by the UDM in the SBA telecommunication network, from a Home Subscriber Server, in the IMS telecommunication network, a request for providing the binding information, and providing, by the UDM in the SBA telecommunication network, to the HSS in the IMS telecommunication network the binding information, thereby supporting authentication of the UE. Complementary methods and corresponding nodes are also presented herein.

Abstract: Systems and methods are described for Uniform Resource Locator (“URL”) pattern-based high-risk browsing and anomaly detection. In an example, a user device can compare URLs in a browser's history to URL patterns in a provided list to identify matches. The user device can calculate a browsing risk score based on the percentage of entries in the browsing history that match each URL pattern and a risk score associated with the URL pattern. Security policies can be enforced at the user device if the browsing risk score exceeds a threshold. The user device can also detect potentially dangerous anomalous browsing behavior. The user device can calculate a deviance score based on variations between recent browsing history and historical browsing behavior at the user device. Security policies can be enforced at the user device if the deviance score exceeds a threshold.

Abstract: In certain aspects, methods include, responsive to receiving verification that credentials associated with an organization device (OD) is authenticated, requesting the OD to create a token comprising a private and public key. The method includes receiving, subsequent to the OD initiating creation of the token, the public key from the OD. The method includes associating the public key with an UPN of the OD, and includes requesting the organization credentials from a secondary device (SD), responsive to detecting a request therefrom. The method includes requesting, responsive to authentication of the organization credentials, a challenge response from the SD. The method includes receiving the challenge response from the SD, which signed the challenge response with the private key that was transferred via the OD. The method includes determining, with the public key, whether the challenge response is valid, and includes validating enrollment of the SD when the challenge response is validated.

Abstract: An authentication system includes an authentication module maintaining a store of credentials for a set of users. In response to an identity specified by credentials provided from a requestor address not being found in the store of credentials, the authentication module transmits an authentication failure response. In response to the provided credentials matching selected credentials, the authentication module transmits an authentication success response. The authentication system includes an analyzer module configured to determine a number of identity-not-found failures corresponding to a first address, identify a triggering event in response to the number exceeding a predetermined threshold, and, in response to the triggering event, add the first address to a block list.

Abstract: A method for securing operations is described. In this method a user requests that a service provider device perform an operation, the service provider device transmitting to a certification device a request to validate the requested operation while indicating a key associated with the user. The certification device identifies the user associated with the key and transmits a dynamic code request to the user. A device that generates dynamic codes assigned to the user generates a first version of the dynamic code and transmits it to the certification device, which compares it with a second version of the code in order to decide whether it would or would not be appropriate to inform the service provider device that the requested operation has been validated.

Abstract: A method includes: obtaining at least one real-time console log from a compute instance; tagging the at least one real-time console log with at least one log category based on at least one entry within the at least one real-time console log; generating at least one categorized console log; generating at least one encrypted categorized console log based on a public encryption key; publishing the at least one encrypted categorized console log to a log bus; communicating the at least one encrypted categorized console log over at least one multi-port secure tunnel to a user terminal device of a subscribed user; and publishing a private encryption key to the user terminal device of the subscribed user wherein the private encryption key facilitates decrypting the at least one encrypted categorized console log.

Abstract: A terminal device may, in a case where a first type of related information including a public key is obtained due to a first type of communication device outputting the first type of related information, send first connection information to the first type of communication device. The first type of communication device may be capable of executing a wireless communication complying with a predetermined rule of Wi-Fi scheme. The terminal device may, in a case where a second type of related information different from the first type of related information is obtained due to a second type of communication device outputting the second type of related information, send second connection information to the second type of communication device. The second type of communication device may be incapable of executing a wireless communication complying with the predetermined rule.

Abstract: Provided are a method and system for estimating a time of occurrence of a security event. The method includes: transmitting an actual time to a gateway of a vehicle; obtaining, from the gateway, time history data storing an actual time flag data element; obtaining, from the gateway, logging data prepared during security event detection; and estimating a time of occurrence of a security event, based on the logging data and the time history data, wherein the time history data and the logging data are prepared based on a vehicle reference time including a timestamp value and reset counter value of the vehicle.

Abstract: An automated server-based scheme allows a hosted service such as an individual computer system, computer application, or network service, to infer root certificate authorities present in client trust stores. Presenting a random selection of one or more digital certificates to a given client seeking a favorite icon URL, in response to a Transport Layer Security (TLS) connection request from the client, allows the service operator's trained machine learning system to define a customized set of potentially-trusted root certificate authorities based on learned successes and failures of connections with the given client, as well as other parties. The hosted service operator may employ a certificate manager and/or client-specific rules for presenting the certificates.

Abstract: A mobile device securely communicates with an electronic device within an automobile. The mobile device transmits encrypted spatial state information and the electronic device provides commands to the automobile in response. Spatial state information may include location, motion, or the like. Commands to the automobile may include door unlock commands, remote start commands, horn honk commands, or the like.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.