The described techniques facilitate the secure transmission of sensor measurement data to an ECU by implementing an authentication procedure. The authentication procedure includes an integrated circuit (IC) generating authentication tags by encrypting portions of sensor measurement data. These authentication tags are then transmitted together with the sensor measurement data as authenticated sensor measurement data. The ECU may then use the authentication tags to authenticate the sensor measurement data based upon a comparison of the portions of the sensor measurement data sensor measurement data to the authentication tag that is expected to be generated for those portions of sensor measurement data.

This application relates to a synchronization circuit for synchronizing signals used in a threshold implementation operation process performing in an S-box of an encryption circuit. In one aspect, the synchronization circuit includes an enable signal generator configured to generate an enable signal. The synchronization circuit may also include a synchronization unit included in an encryption circuit and located inside an S-box that performs a threshold implementation operation that calculates by dividing bits of an input signal into bits equal to or greater than the number of bits of the input signal. The synchronization unit may be configured to synchronize signals used in a threshold implementation operation process based on the generated enable signal.

The present invention disclose a key distribution method. The method includes obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element. According to present invention, data can be protected against an eavesdropping attack in a sending process.

A computer processing device for determining whether to allow or deny access to a database associated with the device is provided. The device is configured to determine the origin of data signed with a first key by comparing the key to one or more keys stored in a further database to identify the source of the data; search the database to determine one or more access rules associated with the source of the data, wherein the access rules define whether write access to the database is allowed or denied for the data; and allow or deny write access to the database based on the determined rule or rules.

A computer processing device for determining whether to allow or deny access to a database associated with the device is provided. The device is configured to determine the origin of data signed with a first key by comparing the key to one or more keys stored in a further database to identify the source of the data; search the database to determine one or more access rules associated with the source of the data, wherein the access rules define whether write access to the database is allowed or denied for the data; and allow or deny write access to the database based on the determined rule or rules.

Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.

Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.

The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.

A threat actor identification system that obtains domain data for a set of domains, generates domain clusters, determines whether the domain clusters are associated with threat actors, and presents domain data for the clusters that are associated with threat actors to brand owners that are associated with the threat actors. The clusters may be generated based on similarities in web page content, domain registration information, and/or domain infrastructure information. For each cluster, a clustering engine determines whether the cluster is associated with a threat actor, and for clusters that are associated with threat actors, corresponding domain information is stored for presentation to brand owners to whom the threat actor poses a threat.

A computer implemented system for controlling access to data associated with an entity includes a data storage device having a protected memory region, and one or more processors, at least one of which is operable in the protected memory region. The one or more processors are configured for: storing a secret key associated with the entity in a portion of the protected memory region associated with the entity; upon receiving entity data, storing the entity data in the portion of the protected memory region associated with the entity; and upon receiving an access grant signal, generating a smart contract, the smart contract defining the entity data to be accessed and a recipient of the entity data to be accessed.