Questa è la nostra ultima selezione di pubblicazioni e brevetti in inglese sulla sicurezza delle informazioni (InfoSec), tra numerose riviste scientifiche online, classificate e incentrate su sicurezza delle informazioni, infosec, ransomware, autenticazione, phishing, malware, firewall, crittografia, rilevamento delle intrusioni, prevenzione delle intrusioni, exploit zero-day, autenticazione a più fattori, chiave pubblica, chiave privata, controllo degli accessi, negazione del servizio, ingegneria sociale, consapevolezza della sicurezza, crittografia, triade CIA, antivirus e cifratura.
User data encryption based on a user subscription
Patent published on the 2026-05-21 in US under Ref US20260142814 by T MOBILE INNOVATIONS LLC [US] (Gibson Geoffrey Todd [us], Corona A Karl [us], Bouthemy Jean-luc Rene [us])
Abstract: A data communication system receives a first message from a user communication device that requests a user data session, and in response, determines that the user communication device has a user subscription for encrypted communications. In response to determining that the user communication device has the user subscription for the encrypted communications, the data communication system determines cryptography information for the user data session. The data communication system generates and tra[...]
Our summary: A data communication system processes user requests for encrypted data sessions based on user subscriptions. It determines cryptography information and facilitates user data encryption. The system also generates usage records for the encrypted sessions.
encryption, user subscription, data communication, cryptography
Patent
Method for registering a mobile device, an embedded universal integrated circuit card, euicc, and a mobile network server
Patent published on the 2026-05-21 in US under Ref US20260142837 by NXP BV [NL] (Sinnhofer Andreas Daniel [at], Orthacker Clemens [at], Caillaud Cyril Harold [de], Yang Jitang [fr], Nitsch Nils Frederik [de], Deliana Hartini [us], Raffo Didimo Jose Junior [us])
Abstract: A method for registering a mobile device including an embedded Universal Integrated Circuit Card (eUICC) at a mobile network server includes determining subscriber identification information and deriving a first key. Then a registration request is sent to the mobile network server. The eUICC signs first random data with the first key and sends it to the mobile network server. The server produces a server authentication key and authenticates the eUICC, and if successful, grants limited access. Th[...]
Our summary: The method registers a mobile device with an eUICC at a mobile network server by determining subscriber information and deriving a key. A registration request is sent, and the eUICC signs random data to authenticate itself. Upon successful authentication, the server grants limited access and verifies further signed data for regular access.
eUICC, mobile device registration, authentication, mobile network server
Patent
Digital content access authentication using a cryptographic possession factor
Patent published on the 2026-05-21 in US under Ref US20260142958 by EBAY INC [US] (Abhyankar Swanand [us], Adhikari Harshada Sunil [us], Derashri Rahul [us], Kumar Sandeep [us], Vadlaputi Prabhakara Rao [us])
Abstract: Digital content authentication using a cryptographic possession factor is described. In one or more examples, a navigation request to access a webpage is received and verified, over a plurality of iterations over a session, that an originator of the navigation request maintains a cryptographic token as bound within a browser through use of a public key associated with the cryptographic token. A log describing the verifying is stored and then a determination is made that the webpage involves addi[...]
Our summary: The method involves verifying a navigation request using a cryptographic token. A log of the verification process is maintained. Access to the webpage is controlled based on the selected authentication level associated with the token.
cryptographic authentication, digital content access, possession factor, session management
Patent
System and method for performing authentication of users connecting to entity resources via external networks
Patent published on the 2026-05-21 in US under Ref US20260142977 by BANK OF AMERICA [US] (Weisberger Andrea M [us], Ali Amer [us], Gaziani Saleem [us], Gee Aaron [us], Jenkins Aisha [us], Lozes John [us], Miller Tonya Kyra [us], Palanichamy Manonmani [us], Petapalle Naresh Kumar [gb], Singtalur Aravind [us], Thekkumpurath Asha [us])
Abstract: Embodiments of the present invention provide a system for performing authentication of users connecting to entity resources via external systems. The system is configured for determining that a user is requesting to access an entity resource associated with an entity, initiating a verification mechanism for performing verification of the user, authenticating the user based on performing the verification of the user via the verification mechanism, and allowing or denying access to the entity reso[...]
Our summary: The system authenticates users accessing entity resources through external networks. It initiates a verification mechanism to confirm user identity. Access is granted or denied based on the authentication outcome.
Authentication, User Verification, Access Control, Network Security
Patent
Digital signal processor (dsp) integration of layer 2/3 protocols and crossbar control in network switching
Patent published on the 2026-05-21 in US under Ref US20260142935 by MAXLINEAR INC [US] (Ling Curtis [us], Koochakzadeh Masoud [us], Ye Sheng [us], Guckenberger John Andrew [us], Ramesh Sridhar [us])
Abstract: [0000] A device may include a processor operable to process one or more of layer 2(L2) or layer 3 (L3) protocols in which the processor includes handling of one or more of frame headers, frame boundaries, media access control (MAC) addresses, or internet protocol (IP) addresses. The device may have a MAC address and an IP address associated with the device. The device may be operable to receive and process data packets addressed to the MAC or the IP address of the device. The device may be opera[...]
Our summary: A device integrates a digital signal processor for processing layer 2 and layer 3 protocols. It handles frame headers, MAC addresses, and IP addresses. The device interfaces with layer 1 systems and physical transceivers.
Digital Signal Processor, Layer 2 Protocols, Layer 3 Protocols, Network Switching
Patent
Identity exposure surface reduction
Patent published on the 2026-05-21 in US under Ref US20260142968 by MICROSOFT TECHNOLOGY LICENSING LLC [US] (Tzadok Roi [il], Hart Hershcovich Ori [il], Awad Khaled [il], Yannai Shai [il])
Abstract: [0000] Existing security methods fail to dynamically account for inactive users, creating a persistent security vulnerability. The disclosed embodiments automatically protect credentials that are cached on a computing device. This improves the security of the computing device by limiting the number of credentials that are exposed when the device is compromised. In some configurations, historical usage data is analyzed to determine which credentials to protect, such as the credentials of users de[...]
Our summary: This method enhances device security by limiting credential exposure for inactive users. It analyzes historical usage data to determine which credentials to protect. Sensitive information can also be removed or encrypted to further safeguard the device.
credential protection, security vulnerability, inactive users, historical usage data
Patent
End-to-end encryption, chat control, and the future of the right to encryption in digital services
Published on 2026-05-13 by @OXFORD
Abstract: AbstractOne of the pressing issues in the regulation of digital communications services is how to ensure effective cryptographic protection of user communications. This issue is analysed in relation to the so-called “right to encryption” and the risks associated with using encrypted messengers to disseminate illegal content, including CSAM and extremist content. The response to this threat is various countries’ adoption of a new category of regulations, which deliberately weaken certain tr[...]
Our summary: The article discusses the challenges of regulating end-to-end encryption (E2EE) in digital communications. It examines the balance between user privacy and the need to combat illegal content dissemination. Proposed regulatory strategies aim to weaken E2EE while ensuring effective protection of user communications across the EU digital market.
encryption, regulation, digital communications, E2EE
Publication
a cybersecurity perspective
Published on 2026-03-17 by @OXFORD
Abstract: AbstractAccess control readers are the first line of defence for organizations to restrict access to their facilities to the people who are supposed to be there. Such readers represent a major investment for organizations and are replaced every 7–10 years. The choice of reader and credential made at the time the system was designed and installed may be vulnerable to an array of attacks, such as credential cloning and data transmission exploits, which would allow a threat actor to pass through[...]
Our summary: Access control readers are critical for restricting facility access and represent significant organizational investments. They are vulnerable to various attacks, including credential cloning and data transmission exploits. This paper presents a model of contemporary access control readers while considering the cybersecurity implications of their technologies and proposing a risk assessment framework.
Access Control, Cybersecurity, Credential Cloning, Risk Assessment
Publication
