Abstract: Systems and methods for providing one or more secure services are disclosed. One method can comprise authenticating and/or authorizing a user device to receive a security token. A request for information can be processed using the security token to facilitate the secure provision of services to the user device.

Abstract: The method includes creating a signed output instruction for outputting a vehicle certificate, having a data record characterising the vehicle, using the blockchain, in the case of a valid signature, receiving the vehicle certificate, outputting the vehicle certificate, wherein the output vehicle certificate includes a machine-readable code, wherein the machine-readable code includes a private cryptographic key of an asymmetric key pair, wherein a public cryptographic key of the asymmetric key pair is identified in the blockchain as a check value for checking a signature of a read request for reading vehicle data of the vehicle certificate from the blockchain.

Abstract: The disclosed technology teaches a method for revocation of user credentials for controlling user access to a private permissioned blockchain data structure or decentralized personal ledger, comprising an administrative logic configured to de-configure user private keys from keystores of respective users. The administrative logic further comprises a revocation logic configured to receive a unique identifier linked to a keystore of a particular user in response to the keystore, and the revocation logic is further configured to revoke access of the keystore based on the unique identifier.

Abstract: One example method includes providing temporary access to a computing system and to providing temporary access as a service. The features of a temporary access can be defined by an entity and a user may be able to obtain a token that includes these features, which may be embedded in the token as claims. The user's access is then controlled in accordance with the embedded claims. The temporary access as a service can be federated. The token may include trust levels and tolerance limits. Further, aspects of the temporary access can be monitored and/or changed. Adjustments to trust levels can be automated or manually performed. Further trust for specific users can be gained or lost over time based on at least previous accesses.

Abstract: Methods, systems, and computer programs for providing third-party password-less access to a secure database. A method can include receiving from a first user device, first data indicative of a request to provide password-less access to a data structure in a secure database, encoding a set of permissions into a data string, the encoded set of permissions including (a) a copy of the access key and (b) one or more filtering parameters, generating an electronic message that includes the data string, providing the electronic message to a second user device, receiving data indicative of a selection of the displayed data string, the received data includes the encoded set of permissions, decoding the received data to obtain the set of permissions, accessing the data structure in the secure database using the obtained set of permissions, and providing, to the second user device, password-less access to the real-time stream of content.

Abstract: The communication apparatus stores a condition for excluding from a target of the name resolution using the encrypted communication. The communication apparatus requests, in a case where name resolution of a host name requested from an application is to be performed, a first Domain Name System (DNS) server to perform the name resolution of the host name via an encrypted communication path established with the first DNS server at least based on a fact that use of the encrypted communication is set. On the other hand, the communication apparatus requests a second DNS server to perform the name resolution of the host name by plain text based on a fact that non-use of the encrypted communication is set.

Abstract: A plurality of different types of resource access events are identified. For example, a resource access event may be an administration event where a user is given certain access rights to view/modify a resource, such as, a database record. A plurality of blocks are generated, where each block is associated with an individual one of the plurality of different types of resource access events. The plurality of blocks are added to a first resource access blockchain. The blockchain can be used to track the various types of resource access events.

Abstract: A terminal device may, in a case where a first type of related information including a public key is obtained due to a first type of communication device outputting the first type of related information, send first connection information to the first type of communication device. The first type of communication device may be capable of executing a wireless communication complying with a predetermined rule of Wi-Fi scheme. The terminal device may, in a case where a second type of related information different from the first type of related information is obtained due to a second type of communication device outputting the second type of related information, send second connection information to the second type of communication device. The second type of communication device may be incapable of executing a wireless communication complying with the predetermined rule.

Abstract: A method for securing operations is described. In this method a user requests that a service provider device perform an operation, the service provider device transmitting to a certification device a request to validate the requested operation while indicating a key associated with the user. The certification device identifies the user associated with the key and transmits a dynamic code request to the user. A device that generates dynamic codes assigned to the user generates a first version of the dynamic code and transmits it to the certification device, which compares it with a second version of the code in order to decide whether it would or would not be appropriate to inform the service provider device that the requested operation has been validated.

Abstract: A method includes: obtaining at least one real-time console log from a compute instance; tagging the at least one real-time console log with at least one log category based on at least one entry within the at least one real-time console log; generating at least one categorized console log; generating at least one encrypted categorized console log based on a public encryption key; publishing the at least one encrypted categorized console log to a log bus; communicating the at least one encrypted categorized console log over at least one multi-port secure tunnel to a user terminal device of a subscribed user; and publishing a private encryption key to the user terminal device of the subscribed user wherein the private encryption key facilitates decrypting the at least one encrypted categorized console log.

Abstract: An authentication system includes an authentication module maintaining a store of credentials for a set of users. In response to an identity specified by credentials provided from a requestor address not being found in the store of credentials, the authentication module transmits an authentication failure response. In response to the provided credentials matching selected credentials, the authentication module transmits an authentication success response. The authentication system includes an analyzer module configured to determine a number of identity-not-found failures corresponding to a first address, identify a triggering event in response to the number exceeding a predetermined threshold, and, in response to the triggering event, add the first address to a block list.

Abstract: Systems and methods are described for Uniform Resource Locator (“URL”) pattern-based high-risk browsing and anomaly detection. In an example, a user device can compare URLs in a browser's history to URL patterns in a provided list to identify matches. The user device can calculate a browsing risk score based on the percentage of entries in the browsing history that match each URL pattern and a risk score associated with the URL pattern. Security policies can be enforced at the user device if the browsing risk score exceeds a threshold. The user device can also detect potentially dangerous anomalous browsing behavior. The user device can calculate a deviance score based on variations between recent browsing history and historical browsing behavior at the user device. Security policies can be enforced at the user device if the deviance score exceeds a threshold.

Abstract: A method for supporting authentication of a User Equipment, UE, in an Internet Protocol, IP, Multimedia Subsystem, IMS, telecommunication network, by interfacing a Service Based Architecture, SBA, telecommunication network, the method including receiving, by a Unified Data Management, UDM, in the SBA telecommunication network, from a Session Management Function, SMF, in the SBA telecommunication network, binding information, wherein the binding information is used to identify the UE in the IMS telecommunication network; receiving, by the UDM in the SBA telecommunication network, from a Home Subscriber Server, in the IMS telecommunication network, a request for providing the binding information, and providing, by the UDM in the SBA telecommunication network, to the HSS in the IMS telecommunication network the binding information, thereby supporting authentication of the UE. Complementary methods and corresponding nodes are also presented herein.

Abstract: In certain aspects, methods include, responsive to receiving verification that credentials associated with an organization device (OD) is authenticated, requesting the OD to create a token comprising a private and public key. The method includes receiving, subsequent to the OD initiating creation of the token, the public key from the OD. The method includes associating the public key with an UPN of the OD, and includes requesting the organization credentials from a secondary device (SD), responsive to detecting a request therefrom. The method includes requesting, responsive to authentication of the organization credentials, a challenge response from the SD. The method includes receiving the challenge response from the SD, which signed the challenge response with the private key that was transferred via the OD. The method includes determining, with the public key, whether the challenge response is valid, and includes validating enrollment of the SD when the challenge response is validated.

Abstract: Method, systems, and computer-readable media for securely executing a script on a computer appliance are disclosed. A script payload is obtained from a requesting entity via an interface of the computer appliance, the script payload comprising the script and script security data. Multiple authentication factors for the script are obtained from the script security data, the multiple authentication factors comprising at least some nested authentication factors, wherein a first one of the authentication factors is encapsulated within a second one of the authentication factors. A first validation is performed to authenticate the script and the first authentication factor based on the second authentication factor and to generate a validated first authentication factor. A second validation is performed to authenticate the script based on the validated first authentication factor. Responsive to the script being authenticated by the first and second validations, the script is executed on the computer appliance.

Abstract: A mobile device securely communicates with an electronic device within an automobile. The mobile device transmits encrypted spatial state information and the electronic device provides commands to the automobile in response. Spatial state information may include location, motion, or the like. Commands to the automobile may include door unlock commands, remote start commands, horn honk commands, or the like.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: Provided are a method and system for estimating a time of occurrence of a security event. The method includes: transmitting an actual time to a gateway of a vehicle; obtaining, from the gateway, time history data storing an actual time flag data element; obtaining, from the gateway, logging data prepared during security event detection; and estimating a time of occurrence of a security event, based on the logging data and the time history data, wherein the time history data and the logging data are prepared based on a vehicle reference time including a timestamp value and reset counter value of the vehicle.

Abstract: An automated server-based scheme allows a hosted service such as an individual computer system, computer application, or network service, to infer root certificate authorities present in client trust stores. Presenting a random selection of one or more digital certificates to a given client seeking a favorite icon URL, in response to a Transport Layer Security (TLS) connection request from the client, allows the service operator's trained machine learning system to define a customized set of potentially-trusted root certificate authorities based on learned successes and failures of connections with the given client, as well as other parties. The hosted service operator may employ a certificate manager and/or client-specific rules for presenting the certificates.

Abstract: A cloud-based network security system that includes a packet tap and exposes a synthetic packet stream representing the bidirectional data between enterprise client devices and cloud hosted services is disclosed. The security system intercepts packets of communication sessions and uploads a copy of the packets to cloud storage. A proxy of the security system derives session keys for the communication session and uploads the session keys to the cloud storage. An enterprise stitcher obtains the packets from the cloud storage, stitches the packets together in sequential order, and modifies the Layer 3 and Layer 4 headers to generate synthetic packet streams representing the communication sessions. The stitcher may decrypt the packets or provide the session key with the synthetic packet stream. The stitcher provides the synthetic packet streams to enterprise packet analysis systems for storage, auditing, analysis, and the like.

Abstract: The present technology relates to an electronic device. Based on the present technology, a storage device providing an improved security function may include a memory device including a protected memory block that is configured to store information for authenticating data to be read from or written to the memory device and is protected by a security protocol and a memory controller configured to receive a command protocol unit associated with the security protocol in a command including a host side protection message requesting data from a host be written in the protected memory block and perform a computation of a device message authentication code to be used in an authentication operation of the protected memory block, wherein the computation is performed concurrently with receiving a plurality of data units including the data from the host that is to be written in the protected memory block.

Abstract: Systems and methods are provided for authenticating an identity of a user requesting a resource or service from an entity. In some embodiments, a system may include at least one processor; and a non-transitory medium containing instructions that cause the system to perform operations. The operations may include receiving credential information associated with the remote user, and receiving, from the server associated with the entity, first hash information. The operations may also include generating second hash information based on information associated with the user, comparing the first hash information with the second hash information, and transmitting an indication based on the comparison to the server associated with the entity.

Abstract: An encryption retransmission device for providing resiliency against attacks. The encryption retransmission device includes an encryption unit, a communication unit, and a galvanic isolator. The encryption unit encrypts an egressing native packet and adds a connectionless header forms an egressing connectionless datagram, and decrypts an encrypted ingressing native packet of an ingressing connectionless datagram. The communication unit communicatively couples with the encryption unit, adds a complex header to the egressing connectionless datagram for forming an egressing packet for delivery to the first encryption retransmission device, receives an ingressing packet comprising the encrypted ingressing native packet and a complex header from the first encryption retransmission device, removes the complex header and adds a connectionless header for forming the ingressing connectionless datagram.

Abstract: A method of cryptographically secured decentralized testing includes receiving, by a computing device and from a secure test apparatus, an output of a cryptographic function of a secret test result identifier, authenticating the output, and recording, in a data repository, an indication of a test result as a function of the output.

Abstract: A control system includes plural units. The plural units include a master unit connected to a bus and a slave unit connected to the bus, the slave unit communicating with the master unit via the bus. The master unit includes a nonvolatile memory that stores first security information as information to be concealed, and the slave unit includes a volatile memory. The slave unit receives the first security information from the master unit at a predetermined timing and stores the first security information in the volatile memory.

Abstract: A system can correct or avoid an unexpected result caused by executing a smart contract. The system can detect a potential/actual result generated based on a primary smart contract, which is stored in association with a block of a blockchain and is configured to execute when a predetermined condition is satisfied. The system can determine that the potential/actual result deviates from an expected result and, in response, retrieve a secondary smart contract from a repository. The secondary smart contract is selected to prevent the unexpected result in the future. The system can store the secondary smart contract retrieved from the repository in association with a subsequent block of the blockchain. The primary smart contract and the secondary smart contract are then configured to execute in concert when the predetermined condition is satisfied such that the expected result is produced instead of the unexpected result.

Abstract: A method of performing a cryptographic process in a secured manner, wherein the cryptographic process generates output data based on input data, the generating of the output data involving generating a value y based on an amount of data x, the value y representing a combination, according to a linear transformation L, of respective outputs from a plurality of S-boxes Sn (n=0, . . . , N?1) for integer N>1, wherein each S-box Sn (n=0, . . .

Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

Abstract: A network node stores connection data required for remote devices to connect with it and to share content data with it. The network node shares the connection data with other network nodes that are capable of communicating with the remote device, and retrieves connection data for a remote device from another network node if the connection data is not stored in the first node. The network node also communicates with a remote server to retrieve the connection data if it is not present in one of the other network nodes. The network node securely communicates content data received from the remote devices to a remote data store.

Abstract: In one embodiment, a system and method for controlling mobile gaming on a vessel may have a plurality of mobile gaming devices, a location server operable to track a device position of each of the plurality of mobile gaming devices and track a vessel position of the vessel, and a mobile gaming management server configured to communicate with the location server and a gaming server, the mobile gaming management server operable to individually control whether each of the plurality of mobile gaming devices is permitted to play a game of chance based on the device position and the vessel position.

Abstract: A banking processing method according is performed by a processing logic including an application for banking processing implemented on a user terminal and a computer-readable storage medium. The method comprises the steps of: when the application for banking processing is run, searching a hardware security area of the user terminal and confirming the existence of a certificate for confirming an execution history of the application for banking processing; when the existence of the certificate is confirmed, searching the security area and confirming the existence of a token key for identifying whether login information of the user has been set; when the existence of the token key is not confirmed, setting the login information of the user by providing a membership page for setting the login information of the user; and opening an account according to a request of the user whose login information has been set.

Abstract: An apparatus including memory access circuitry for controlling access to data stored in the non-trusted memory, and memory security circuitry to verify integrity of data stored in the non-trusted memory. The memory security circuitry has authentication code generation circuitry for generating authentication codes to be associated with the data stored in the non-trusted memory, for use when verifying the integrity of the data. The apparatus also has a trusted storage, and the authentication code generation circuitry is arranged to generate different authentication codes, dependent on whether the authentication code is to be stored in the non-trusted memory or the trusted storage.

Abstract: A method includes storing a value in data storage so that a third party is prevented from accessing the value, retrieving the value and applying a first transform to the value to form a transformed value having a uniform distribution. Noise is added to the transformed value to form a sum and a second transform is applied to the sum to form a transformed sum having a uniform distribution. An inverse of the first transform is applied to the transformed sum to form a privatized value and the privatized value is provided to the third party.

Abstract: In an example embodiment, a protocol for private set intersection is introduced that provides for two-party computation. Each party has a private data set and both parties want to securely compute the intersection of their sets, such that only the result is revealed and nothing else. Construction rules are provided that rely on the evaluation of a branching program (BP) using a fully homomorphic encryption (FHE) scheme. Using the properties of an FHE scheme, a non-interactive protocol is built with extendable functionalities. Thus, not only can the intersection be securely computed but the result can be used for further secure computations. Furthermore, the communication overhead for practical applications is independent of the server's set size, allowing for easy scalability.

Abstract: A pre-processing and fulfillment system and method are described. In some implementations, the method may include receiving an order containing a retail component and a pharmacy component, processing the order for the pharmacy component and the retail component, and generating a tracking token identifying the order and authorizing a party to receive a component of the order. The method may include transmitting fulfillment instructions to a fulfillment system based on processed information for the order, and transmitting the tracking token to a computing device of the authorized party. Some implementations may also include receiving a signal indicating receipt of the tracking token and an authorized transfer of the component, and updating a status of the order based on the received signal.

Abstract: The exemplary embodiments disclose a method, a computer program product, and a computer system for managing environment change. The exemplary embodiments may include determining a plurality of change and risk models for a plurality of computing environments, generating a plurality of association rules based on the plurality of change and risk models, and generating a joint association rule by combining at least two of the plurality of association rules, wherein the joint association rule indicates, from the three dimensions, an association relationship between changes and risk events over at least a part of the time series.

Abstract: Lightweight mechanisms provide a way to assert provenance when live streaming media content and establish provenance upon playback. For example, a provenance claim generator generates a key pair including a live-stream private key and live-stream public key. The claim generator signs, with a long-term private key reliably associated with a sender, manifest metadata including the live-stream public key, thereby producing a manifest signature. During live streaming, the claim generator signs respective portions of media content with the live-stream private key, producing portion signatures for the respective portions. A provenance claim validator receives the manifest signature and manifest metadata. The claim validator verifies the manifest metadata using a long-term public key (reliably associated with the sender) and the manifest signature.

Abstract: Examples described herein relate to accessing an initiator as a Non-Volatile Memory Express (NMVe) device. In some examples, the initiator is configured with an address space, configured in kernel or user space, for access by a virtualized execution environment. In some examples, the initiator to copy one or more storage access commands from the virtualized execution environment into a queue for access by a remote direct memory access (RDMA) compatible network interface. In some examples, the network interface to provide Non-Volatile Memory Express over Fabrics (NVMe-oF) compatible commands based on the one or more storage access commands to a target storage device. In some examples, the initiator is created as a mediated device in kernel space or user space of a host system. In some examples, configuration of a physical storage pool address of the target storage device for access by the virtualized execution environment occurs by receipt of the physical storage pool address in a configuration command.

Abstract: In some implementations, a system may receive a first credential associated with a first account and a second credential associated with a second account and may instruct a cloud service, using the first credential, to generate a first snapshot of structured source data associated with the first account. The system may authorize the first account and the second account to use a master encryption key and instruct the cloud service to encrypt the first snapshot using the master encryption key. The system may instruct the cloud service, using the second credential, to copy the first snapshot to a second snapshot associated with the second account and to decrypt the second snapshot into structured target data using the master encryption key. The system may deauthorize the first account and the second account from using the master encryption key and output an indicator of completion to a user device.

Abstract: The present disclosure provides systems and methods for secure identification retrieval. The method includes retrieving a value of a periodic variable and calculating a plurality of query tokens from a corresponding plurality of client device identifiers and the value of the periodic variable. Each query token is associated with a corresponding client device identifier in a first database. The method further includes receiving a first query token calculated from a client device identifier of the first client device and the value of the periodic variable and identifying a second query token of the calculated plurality of query tokens in the first database matching the first query token. The method further includes, responsive to the identification, retrieving the associated client device identifier and retrieving one or more characteristics of the first client device according to the associated client device identifier. The method further includes transmitting the retrieved one or more characteristics.

Abstract: Techniques are provided for a computer-implemented security method implemented on one or more blockchains. The method comprises the steps of: applying a one-way function to a first secret value accessible to a first user to create a first veiled secret value; communicating the first veiled secret value from the first user to a second user; receiving a second veiled secret value from the second user, wherein the second veiled secret value is created by applying a one-way function to a second secret value accessible to the second user; and constructing a first blockchain transaction comprising the first veiled secret value and the second veiled secret value, the first blockchain transaction arranged to be unlockable to transfer control of a first resource upon provision of both the first secret value and the second secret value to the first transaction.

Abstract: A process includes accessing a first message that is sent from an access point device. The first message includes data representing a second message that is sent by a client device. The second message is part of an exchange of messages between the client device and the access point device associated with authentication of the client device and a derivation of a first key used to encrypt and decrypt data communicated between the client device and the access point device. The second message includes a first message integrity check value. The process includes identifying, based on the second message, a pre-shared key corresponding to the client device.

Abstract: Systems and methods for generating immutable keys for client relationships are disclosed.

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly lmv bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: A wireless communication system includes an external provider subsystem and an electronic network subsystem in operable communication with the external provider subsystem. The electronic network subsystem is configured to provide a first microservice and a second microservice different from the first microservice. The wireless communication system further includes an in-home subsystem (i) separate from the external provider subsystem, (ii) in operable communication with the electronic network subsystem, and (iii) including a first micronet and a second micronet different from the first micronet. The first micronet is configured to operably interact with the first microservice, and the second micronet is configured to operably interact with the second microservice. The wireless communication system further includes at least one electronic device configured to operably connect with one of the first micronet and the second micronet.

Abstract: Systems and methods are provided for sending a combined read and reaction message. The systems and methods perform operations comprising: accessing, by a messaging application, a conversation session comprising a plurality of messages exchanged between a plurality of client devices, the messaging application being associated with a first client device of the plurality of client devices; generating, by the messaging application, metadata associated with one or more of the plurality of messages; encrypting, by the messaging application, the metadata in accordance with an end-to-end encryption process to enable a second client device of the plurality of client devices to read the metadata and prevent the second client device from modifying the metadata; and transmitting, to a server, a packet comprising an encrypted message slot and a first metadata slot, the first metadata slot comprising the encrypted metadata.

Abstract: A clientless security system to secure cellular devices across a network in a cloud-based environment. The clientless security system includes a tenant with multiple cellular devices, tunnels for transmitting traffic, and a traffic steering module for directing traffic toward a gateway. The clientless security system further includes gateways to apply policies based on a device profile and an alert generator. The traffic steering module provides a SIM with network identifiers, configures the SIM with a custom network identifier, creates a device-to-IP mapping, and distributes the device-to-IP mapping to gateways in real-time. The gateways apply multiple policies based on a device profile, receive traffic from the traffic steering module, and perform a reverse lookup. The gateways further determine a device identity, apply policies, and forward traffic to a destination. The alert generator is also used to notify the tenant of further remediation in case of policy violations.

Abstract: The present application discloses a method, an apparatus, and a device for updating a feature vector database, and a medium. The method includes: acquiring a first biological feature in a service request; obtaining, according to the first biological feature, a first feature vector and a second feature vector respectively through a first algorithm model and a second algorithm model, in which a first feature vector database include sample feature vectors obtained based on the first algorithm model; performing validity verification on the second feature vector according to an associated feature vector for a first user corresponding to a first sample feature vector; and obtaining, under a condition that the validity verification on the second feature vector passes, a second sample feature vector for the first user based on the second feature vector, and storing the second sample feature vector in a second feature vector database.

Abstract: A data processing system and a method of automatically initiating a process. The data processing system includes a local server and a cloud server. The cloud server includes a storage apparatus and a processor. The processor is coupled to the storage apparatus, and configured to executed a file identification-parsing device and a detection system. The local server outputs a file to the cloud server, such that the file identification-parsing device performs an identification-parsing operation to generate a file content. The cloud server stores the file content in a database. The detection system performs a detection operation on the database to generate a file change content. The detection system generates business process information according to the file change content, and outputs the business process information to a process system. The process system executes the business process information, and displays manual operation information and an execution result on a display screen.

Abstract: A network based hyperlocal authentication system and method is described. A wireless client device requests a key from a remote network component. The remote network component generates and transmits the key to the gateway. The gateway then transmits the key to the client device application with a gateway short-range transceiver. The wireless client device receives the key from the gateway and then requests and receives a cryptographic material from the remote network component. The wireless client device communicates with the remote network component with the key, received from the gateway, and the cryptographic material, received from the network component.