Abstract: The present disclosure is directed to systems and methods that include a beacon that includes an antenna; data storage configured to store a code that is calculated according to an algorithm and based on a first variable, the first variable being defined according to a first interval of time; and a processor configured to cause the code to be emitted by the beacon.

Abstract: Herein are techniques for dynamic aggregation of results of a database request, including concurrent grouping of result items in memory based on quasi-dense keys. Each of many computational threads concurrently performs as follows. A hash code is calculated that represents a particular natural grouping key (NGK) for an aggregate result of a database request. Based on the hash code, the thread detects that a set of distinct NGKs that are already stored in the aggregate result does not contain the particular NGK. A distinct dense grouping key for the particular NGK is statefully generated. The dense grouping key is bound to the particular NGK. Based on said binding, the particular NGK is added to the set of distinct NGKs in the aggregate result.

Abstract: A processing system of a vehicle having at least one processor may obtain, from a network-based security system, at least a first security code, apply a hash operation to a firmware code of the vehicle in accordance with the at least the first security code to generate a first hash value, and transmit the first hash value to the network-based security system. The processing system may then obtain from the network-based security system at least a first verification code, the network-based security system providing the at least the first verification code in response to a confirmation of the first hash value, apply the at least the first verification code to a verification function, and generate a signal to enable the operation of the vehicle, in response to a positive verification via the verification function.

Abstract: According to one embodiment, an electronic apparatus used in a vehicle generates a first to fourth log of the vehicle for a first to fourth period, a first to fourth code used to validity of the first to fourth log, a fifth code used to collectively determine a validity of the first log and the second log, a sixth code used to collectively determine a validity of the third log and the fourth log, and a seventh code used to collectively determine a validity of the first to fourth logs, and transmits the first to seventh codes to a server, and transmits the first to fourth logs to the server after a transmission of the first to seventh codes.

Abstract: The presently disclosed method and apparatus for sharing security metadata memory space proposes a technique to allow metadata sharing two different encryption techniques. A section of memory encrypted using a first type of encryption and having first security metadata associated therewith is converted to a section of memory encrypted using a second type of encryption and having second security metadata associated therewith. At least a portion of said first security metadata shares a memory space with at least a portion of said second security metadata for a same section of memory.

Abstract: A hybrid device includes a plurality of diverse subsystems, including a first and a second subsystem. The first subsystem includes at least one first secured storage device configured to store a first software and a first CPU configured to boot and execute the first software. The second subsystem includes at least one second secured storage device configured to store a second software and a second CPU configured to boot and execute the second software. The first CPU is configured to generate the first hash of the first software and transmit the generated first hash of the first software to the second subsystem. The second CPU is configured to perform a first authenticity validation check on the first software using the received first hash of the first software, and generate an error signal on a condition that the first authenticity validation check on the first software fails.

Abstract: A communication network system, in which a transmission node for transmitting a message is connected to a reception node for receiving the message, is configured to periodically transmit a count-value notification message to notify a count value, which is used to generate and check a message authentication code for the message, to the transmission node and the reception node.

Abstract: Efficient uniques querying is disclosed, including: receiving a search query for a number of unique audience members across a plurality of groups of audience members; obtaining a plurality of sets of representations corresponding to respective ones of the plurality of groups of audience members; selecting at least a subset from each of the plurality of sets of representations; merging the selected at least subsets of the plurality of sets of representations into a merged set of representations; determining the number of unique audience members across the plurality of groups of audience members based at least in part on the merged set of representations; and outputting the number of unique audience members across the plurality of groups of audience members.

Abstract: Systems and methods with multiple different modes for bidirectional data transfer of messages encrypted with Random Cipher Pads (RCPs) are disclosed. A direct mode is from one single endpoint to another endpoint in a peer-to-peer fashion. A throughput mode may be configured as a communication between endpoints with a cryptographic data server (CDS) managing communications and additional encryption between the endpoints. The CDS further encrypts the messages such that there is a peer-to-peer encryption between the source endpoint and the CDS and a different peer-to-peer encryption between the CDS and destination endpoints. The throughput mode may also be configured as a broadcast communication between a sender and multiple destinations, each with its own different RCP encryption. A router-to-router mode may be thought of as a specific type of peer-to-peer transfer where the peers on each end are routers, servers, Virtual Private Network servers, and gateways rather than user endpoints.

Abstract: A terminal device, for example a 3GPP Proximity Services (ProSe)-enabled user equipment, obtains imprecise location information relating to a location of the terminal device, and transmits a proximity service discovery message, wherein the discovery message includes the imprecise location information. A second terminal device, again for example a 3GPP Proximity Services (ProSe)-enabled user equipment, receives a proximity service discovery message containing location information. The second terminal device obtains location information relating to its location, and calculates a distance from the location indicated by the location information in the received discovery message to its location. The second terminal device acts on the received discovery message only if the calculated distance is less than a predetermined distance.

Abstract: A system, method, and computer program product for collaborative online gaming, including at least one of providing a central repository master browser system; providing an experience calibrated match-making service; providing a dynamic multiplayer server component auto deployment and aggregation system; providing a lobby centric simultaneous and collaborative client game play launching feature; and providing a video game screen over-layer technology giving users access to a control interface while inside a video game being played.

Abstract: An access controller combines one or more Secure Access Modules (SAMs) or other cryptographic processors with embedded storage, individually accessible by the controller such that waiting on the reply from one of the modules does not prevent accessing the others, a host CPU, running the computer program to perform authentication and access control, and a waiting queue, possibly in system memory, to put the request in when all SAMs are used. The state of the SAMs, possibly using system memory, is tracked to be able to find a free access module or to be able to match a response to the corresponding request. One or more connections (serial, network, wireless or otherwise) are used to connect to transparent smart card readers and door controllers.

Abstract: This document discloses a solution for providing channel usage information. In an embodiment, an apparatus managing a wireless network and being in an unassociated state towards an access node managing another wireless network is provided with the channel usage information. The channel usage information is provided together with a further information element enabling the apparatus to verify that the channel usage information originates from a trusted source.

Abstract: Technologies are generally described for methods and systems effective to secure process synchronized requests after at least one secure inter-device communication link between the originating and confirming communication devices is established. A method may include forwarding, by the confirming communication device the request and receiving, by a server, a first request from the originating device and at least one second request from the confirming device. The method may also include, by the server, determining a sequence of receiving of the first and the at least one second requests and processing the requests in order to authenticate a communication device, accept or reject a financial transaction, based on the receiving sequence and receiving time difference.

Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.

Abstract: Concepts and technologies of latency sensitive tactile network security interfaces are provided herein. In an embodiment, a method can include identifying, by a tactile network interface controller, encrypted command packets that are being sent as a data stream to a tactile application. The method can include obtaining a command sequence model based on the encrypted command packets being sent to the tactile application, and decrypting at least some of the encrypted command packets based on the command sequence model, where decrypting the encrypted command packets identifies non-sequential command instructions. The method can include determining, based on the command sequence model, that at least some of the non-sequential command instructions do not conform to the command sequence model, and dropping, by the tactile network interface controller, the non-sequential command instructions that do not conform to the command sequence model from the data stream.

Abstract: A system for signaling coordinated workers in a common goal through intelligent icons transferred across networks to computer screens. The system can comprise one or more electronic data processors. The system can also include a module configured to execute on the more or more electronic data processors, where the module can be configured to display a plurality of intelligent icons, each containing authorizing information that is retained in a file associated with a authorizing entity on a computer screen. The intelligent icons can be potentially loaned to authorized individuals on a list and used to authenticate users of the system with biometric, image, machine readable codes stored surreptitiously within the intelligent icon. Also, the intelligent icon can be used for friend-foe identification in battlefield and homeland security/border control scenarios.

Abstract: Various embodiments are generally directed to techniques for dynamic resource allocation among cryptographic domains, such as with memory pages in a platform that implements a plurality of cryptographically isolated domains, for instance. Some embodiments are particularly directed to a platform that includes a resource allocation manager (RMGR) that allows for page reassignment among cryptographically isolated virtual machines (VMs) while ensuring functional correctness with respect to integrity. In many embodiments, the RMGR may include hardware and/or software support for a new instruction that enables efficient key reassignment for memory pages.

Abstract: Systems, methods, and apparatuses for defending against cross-privilege linear access are described. For example, an implementation of an apparatus comprising privilege level storage to store a current privilege level and address check circuitry coupled to the privilege level storage, wherein the address check circuitry is to determine whether a linear address associated with an instruction is allowed to access a partition of a linear address space of the apparatus based upon a comparison of the current privilege level and a most significant bit of the linear address is described.

Abstract: Mobile collection and vetting of user supplied information is described. The systems, techniques, devices, methods, and approaches described herein can be used to obtain, validate, and vet information, such as customs information, in a mobile environment. In embodiments, methods comprise receiving information input via a mobile device. The information is encapsulated by an intermediate to escort the information through a firewall to the database. In response to vetting the information to determine if it meets one or more criteria, the method involves creating a record associated with a unique identifier, information that bio-identifies a user, or an indication of a determination that results from the vetting. In this embodiment, the method includes generating an electronic receipt for communication to the mobile device, the electronic receipt including the unique identifier.

Abstract: Output is obtained from a remote computer function on a first set of arguments. Responsive to determining that the output exhibits an error, a fixer routine, other than a retry, is applied to the arguments to produce new arguments. Output is obtained from the remote computer function on the new arguments. In a case where the output from the remote computer function on the new arguments is acceptable, the output from the remote computer function on the new arguments is used as a corresponding output from the remote computer function on the first set of arguments. These steps can advantageously be carried out without modifying program code of the remote computer function and without access to the program code of the remote computer function; for example, by a wrapper which black-box wraps the remote computer function.

Abstract: An evaluation apparatus that is connected to a bus used by a plurality of electronic control units that constitute an electronic control system for communication and that evaluates security of the electronic control system. The evaluation apparatus includes a transmitter that sends, to the bus, at least one attack frame including an invalidation frame for invalidating a frame on the bus, a monitor that monitors at least one of the plurality of electronic control units, and an evaluator that evaluates the electronic control system in terms of security on the basis of the result of monitoring performed by the monitor when the attack frame is sent from the transmitter to the bus.

Abstract: A method for saving the information security of data transmitted by a databus, in which the data to be transmitted via the databus from a transmitter (ECUs) to at least one receiver (ECUR) are divided into data blocks (M0 . . . Mn) before being sent off, wherein the data blocks (M0 . . . Mn) are encrypted and/or signed block by block by means of a sponge construction for forming a cryptological hash function, utilizing a key, and cipher blocks (C0 . . . Cn) generated in this way are transmitted via the databus to the at least one receiver. The invention also relates to a corresponding databus system.

Abstract: A method is provided for authenticating a log message in a distributed network having a plurality of nodes coupled to a serial bus. In the method, a log session is started by a first device at a first node of the plurality of nodes. A first counter value is provided by the first device to the serial bus. A log message is generated by a second device at a second node of the plurality of nodes. A second counter value is generated by the second device. A log message payload is generated for the log message, wherein the log message payload includes a log message authentication code. A computation of the log message authentication code includes the first counter value and the second counter value. The second device does not store the first counter value in a non-volatile memory on the second device.

Abstract: The embodiments herein relate to a method performed by a mobility node for handling network connections for a UE. The UE is simultaneously connected to a first gateway via a connection to a 3GPP network and a connection to a non-3GPP network. The mobility node detects that the UE has moved to another location. The mobility node selects a second gateway that the UE should be relocated to. The second gateway is closer to the UE at the other location. The mobility node transmits relocation information to the first gateway. The relocation information indicates that a gateway relocation to the second gateway is required for the UE. The gateway relocation involves deactivation of both the connection to the 3GPP and the non-3GPP network.

Abstract: Embodiments include methods, systems and computer program products for minimizing face-to-face interaction for law enforcement officers during traffic stops. Aspects include broadcasting, by a law enforcement device, a request to initiate a secure communication channel with a driver device and receiving by the law enforcement device, a notification that the driver device has accepted the request. Aspects also include initiating a video conference between the law enforcement device and the driver device over the secure communication channel and transferring, between the driver device and the law enforcement device, one or more documents over the secure communication channel.

Abstract: An anomaly detection electronic controller performs anomaly detection processing and is connected to a bus, which a plurality of electronic controllers use for communication to communicate following a Controller Area Network (CAN) protocol. The anomaly detection electronic controller includes an anomaly detection processor that performs anomaly detection processing regarding a data frame. The anomaly detection controller also includes an anomaly detection processing requester that decides an anomaly detection processing timing in accordance with a state of a vehicle in which the bus is installed when receiving the data frame, the anomaly detection processing timing being a reception timing of one or multiple fields in the data frame. The anomaly detection processor further performs the anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.

Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.

Abstract: In an embodiment, a computer-implemented method comprises: in response to receiving a first authentication request from one or more first computing devices, authenticating the first computing devices on behalf of a first client device using a first set of identity information; in response to authenticating the first computing devices, generating and queuing a first set of one or more transactions corresponding to at least one of the one or more first computing devices; in response to receiving a second authentication request from the first client device configured to access the first set of one or more transactions, authenticating the first client device on behalf of a second computing device using a second set of identity information that is associated with the first client device; in response to performing the second authentication service, encrypting and sending the first set of one or more transactions to the first client device.

Abstract: A configurable sponge function engine. The configurable engine includes a register having bitrate and capacity sections, each having a variable size, where a sum of the bitrate and capacity sizes is fixed. A controller generates a bitrate size indication. A configurable message processor receives an input message from an input bus, receives the size indication, fragments the input message into fragmented blocks of a size specified by the size indication, and converts the blocks to a bus width of the bitrate and capacity sizes. An iterative calculator receives the blocks, performs iterative processing operations on the blocks, and stores a result of each operation in the register overwriting a previous register value. An output adaptor receives a value stored in the register after the block corresponding to the end of the input message is processed and outputs the register value converted to have an output bus width.

Abstract: A method for providing a security environment. The method includes detecting user information from an accessory in response to detection of the accessory, performing security authentication with input security information if the user information is detected; and providing the security environment when the security authentication is successful.

Abstract: A method for determining malicious attachments on messages is described. A computing device may receive an electronic message, including one or more unopened attachments, and identify one or more characteristic values of the message header, message body, or attachments of the message. The computing device may analyze the identified characteristics and in some instances compare at least a portion of the characteristics, individually or in combination, with one or more configured thresholds of the computing device. The computing device may determine an attachment is embedded with a macro. The macro may be associated with a visual basic application (VBA) and contain malicious code. Based on the determination, the computing device may initiate a security protocol, including notification via a user interface of the device.

Abstract: An anomaly detection electronic control unit, that performs anomaly detection processing and that is connected to a bus which a plurality of electronic control units use for communication to communicate following a Controller Area Network (CAN) protocol, includes an anomaly detection processing requester that decides an anomaly detection processing timing based on an ID of a data frame acquired from the bus, and an anomaly detection processor that performs anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.

Abstract: A privacy management system that is adapted for, in the course of processing a particular data subject access request, automatically determining a type of the data subject access request, such as: (1) a request to delete personal data of the requestor that is being stored by a particular organization; (2) a request to provide, to the requestor, personal data of the requestor that is being stored by the particular organization; (3) a request to update personal data of the requestor that is being stored by the particular organization; and (4) a request to opt out of having the particular organization use the requestor's personal information in one or more particular ways. After making this determination, the system may determine, based on the determined type of data subject access request, a particular workflow to follow in processing the data subject access request, and then execute the determined workflow.

Abstract: Technology can be used for sending and receiving messages on a CAN bus with a plurality of ECUs. The technology can include identifying a first message to send to a receiving ECU from a sending ECU; incrementing a sender-version message counter for the message type; determining to create a second session for the message type in the sending ECU; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter. The technology further includes processing the first message using the second sender-version session key, including performing an operation to combine the sender-version message counter with the first message to create a combined message and encoding the combined message using the second sender-version session key to create an encoded message. The technology further includes sending the encoded message to the receiving ECU on the CAN bus.

Abstract: According to embodiments of the present invention, machines, systems, methods and computer program products as part of a data replication process are provided. One or more complex transformations are identified from source code files of installed software products on a target system. A subscription is created for each complex transformation, the subscription containing instructions for transforming data within the source system into a form compatible with the target system. The instructions are executed within the target system to transform source data of the source system into a form compatible with the target system.

Abstract: According to embodiments of the present invention, machines, systems, methods and computer program products as part of a data replication process are provided. One or more complex transformations are identified from source code files of installed software products on a target system. A subscription is created for each complex transformation, the subscription containing instructions for transforming data within the source system into a form compatible with the target system. The instructions are executed within the target system to transform source data of the source system into a form compatible with the target system.

Abstract: Methods and systems for processing web pages by a server system (e.g., a proxy server) are disclosed. The proxy server is coupled to a user device and a plurality of web servers. The proxy server receives a first request for a first web page provided by a first web server from the user device. The first web page is zero-rated. In response to receiving the first request, the proxy server retrieves the requested first web page from the first web server. The proxy server then processes the retrieved first web page. The proxy server identifies one or more resource identifiers contained within the retrieved first web page and appends one or more signatures to the identified one or more resource identifiers respectively. Each identified resource identifier is associated with a content item that is zero-rated. The proxy server further forwards the processed first web page to the user device.

Abstract: A method of real-time data security of a communications bus, the method comprising the steps of: reading at least an early portion of a message being transmitted over a communications bus, determining whether the message is suspicious, according to at least one rule applied on the read early portion of the message, and upon determining that the message is suspicious, corrupting at least a part of the message.

Abstract: In an embodiment, a computer-implemented method comprises receiving a first authentication request from one or more first computing devices; in response to receiving the first authentication request, performing a first authentication service for the one or more first computing devices on behalf of a second computing device using a first set of identity information; in response to performing the first authentication service, generating and queuing a first set of one or more transactions corresponding to at least one of the one or more first computing devices; receiving a second authentication request from the second computing device configured to access the first set of one or more transactions; in response to receiving the second authentication request, performing a second authentication service for the second computing device on behalf of a third computing device using a second set of identity information; in response to performing the second authentication service, encrypting and sending the first set of on

Abstract: Systems, methods, and computer program products for transmitting data between devices are disclosed. A device may utilize a standardized communication system (“SCS”) to transmit data directly between devices including an SCS. The SCS may discover available devices. The SCS may determine available transmission paths between a first device and a second device. The SCS may select a transmission path between the first device and the second device, and the SCS may transmit data from the first device to the second device using a standardized communication protocol (“SCP”).

Abstract: A networking database containing a plurality of records for different identities in which identities are connected to one another by defined or interpreted Inter-Personal and Intra-Personal relationships. Individuals using the system may define, group and categorize specific identities and relationships; the system may also define, categorize and group both identities and relationships belonging to individuals registered with the system and unregistered users through computational analysis. Identities and relationships may be discovered by the system via an opt-in user-provided mechanism, via a third-party providing information, or through the system's own discovery. Identity and Relationship data can then be used to customize content.

Abstract: A method and device for avoiding manipulation of a data transmission. A message containing a message authentication code is received at a processing unit, the message from the processing unit is transferred to a hardware module, a check value as a function of the received message is computed in the hardware module, the received message authentication code and the check value are compared in the hardware module, a result of the comparison is transferred from the hardware module to the processing unit as an output variable, the message authentication code received in the message from the processing unit is checked in the processing unit based on the output variable.

Abstract: A system to identify and counter computer malware. The system comprises a processor, a memory, a data store comprising information about known computer malware, wherein the information about known computer malware is partitioned into a plurality of malware families, and comprising a plurality of mappings, wherein each mapping associates one malware family with at least one countermeasure for mitigating a risk to an information technology asset posed by the known computer malware associated with the malware family, and an application stored in the memory. The application analyzes a software artifact, determines characteristics of the software artifact, and determines a plurality of metrics, each metric representing a degree of match between the software artifact and one of the plurality of malware families. Based on the plurality of metrics, the application further determines a malware family that best matches the software artifact.

Abstract: Watermark data is converted to watermark coefficients, which may be embedded in an image by converting the image to a frequency domain, embedding the watermark in image coefficients corresponding to medium-frequency components, and converting the modified coefficients to the spatial domain. The watermark data is extracted from the modified image by converting the modified image to a frequency domain, extracting the watermark coefficients from the image coefficients, and determining the watermark data from the watermark coefficients. The watermark data may be truncated image data bits such as truncated least significant data bits. After extraction from the watermark, the truncated image data bits may be combined with data bits representing the original image to increase the bit depth of the image. Watermark data may include audio data portions corresponding to a video frame, reference frames temporally proximate to a video frame, high-frequency content, sensor calibration information, or other image data.

Abstract: For enabling improvement in throughput for generating a hash value, a hash value generation apparatus comprises: a ? operation unit configured to execute a ? operation included in a round process of a SHA-3 algorithm; a ? operation unit configured to execute a ? operation included in the round process; a ? operation unit configured to execute a ? operation included in the round process; a ? operation unit configured to execute a ? operation included in the round process; and an ? operation unit configured to execute an ? operation included in the round process, wherein the ? operation unit receives data for each sheet structure, and starts to execute the ? operation upon receiving data of three sheet structures.

Abstract: Disclosed is a communication apparatus for executing processing for sharing an encryption key between itself and another party's communication apparatus, wherein the communication apparatus executes the processing, respectively at least one time, as an authenticating apparatus and an authenticated apparatus. The communication apparatus determines which encryption key of an encryption key provided by this communication apparatus and an encryption key provided by the other party's communication apparatus is the encryption key used in common by this communication apparatus and the other party's communication apparatus, and decides, in accordance with result of the determination, which of this communication apparatus and the other party's communication apparatus is to be made the authenticating apparatus first.

Abstract: A system, method and computer-readable storage devices for providing protection mechanisms to a server motherboard prior to its booting. A system configured according to this would, upon receiving power at a motherboard, and prior to booting the motherboard: generate a nonce, send the nonce to a first component on the motherboard, and send the nonce to a second component on the motherboard. The system then receives a response from at least one of the first component on the motherboard and the second component on the motherboard, wherein the response is based on a communication protocol between the first component and the second component, the communication protocol utilizing the nonce. When the response indicates a correct hardware configuration, the system performs the booting of the motherboard.

Abstract: A system and method for passively validating network game users is provided. Data indicative of game behavior and actions at one or more nodes interacting with a network game in a network game community are monitored. The data is evaluated to determine whether the one or more nodes are adhering to one or more rules associated with the network game. Data indicative of illicit game behavior may trigger various responses including invalidation of the node engaged in the illicit behavior. Alternatively, a query may be generated to further identify the nature and/or actual existence of illicit behavior at the node. Monitoring of game data may occur at a server, a peer, as part of a peer group or combinations thereof, which may be based on routine schedule or part of constant game behavior monitoring.

Abstract: Provided is a signature verification system including a communication device and a verification device. The communication device and the verification device are connected to each other through a network. The communication device derives a first hash value from a first random number, derives a second hash value from data including electronic data and a certificate of the communication device which includes the first hash value and a public key of the communication device, using a unidirectional function, generates a signature using a secret key of the communication device with respect to the second hash value, and transmits the electronic data, the certificate, and the signature to the verification device.