Emusb-Device User Guide & Reference Manual
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Bid Bulletin GOODS-20-47
Office of the Bids and Awards Committee Visca, Baybay City, Leyte 6521-A Philippines Phone/Fax: +63 53 565 0600 loc 1004 Email: [email protected] Website: www.vsu.edu.ph B I D B U L L E T I N 0 1 Project Title: Supply and Delivery of IT Supplies and Equipment for VSU Main and Component Colleges (GOODS-20-47) Date: 30 September 2020 Bidders are hereby informed/reminded of the following addendums/amendments/clarifications: LIST OF ELIGIBILITY REQUIREMENTS ELIGIBILITY AND TECHNICAL DOCUMENTS (1st Envelope) Eligibility Documents 1 PhilGEPS Certificate of Registration (Platinum) or a. Registration Certificate b. Mayor's/Business Permit c. Tax Clearance d. Audited Financial Statements 2 Statement of On-Going Government & Private Contracts Statement of Bidder's Single Largest Completed Contract (at 3 least 50% of the ABC or P 3,675,318.00) or Statement of at least two (2) similar completed contracts w/ total amount of at least P 3,675,318.00 and the largest of which should be at least P 1,837,659.00. 4 Net Financial Contracting Capacity (at least P7,350,636.00) Technical Documents 5 Bid Security 6 Technical Specifications SCHEDULE of Requirements/Production and delivery 7 schedule 8 Manpower Requirements After Sales service/parts (at least 1 year from acceptance of 9 delivered goods) 10 Omnibus Sworn Statement FINANCIAL DOCUMENTS (2nd Envelope) 11 Bid Form Please take note: In the Technical Specifications, bidders must state either “Comply” or “Not Comply” against each of the individual parameters of the specifications per item stating the corresponding performance parameter of the equipment offered. -
Biometriebasierte Authentifizierung Mit Webauthn
Humboldt-Universität zu Berlin Mathematisch-Naturwissenschaftliche Fakultät Institut für Informatik Biometriebasierte Authentifizierung mit WebAuthn Masterarbeit zur Erlangung des akademischen Grades Master of Science (M. Sc.) eingereicht von: Malte Kruse geboren am: geboren in: Gutachter/innen: Prof. Dr. Jens-Peter Redlich Frank Morgner eingereicht am: verteidigt am: Inhaltsverzeichnis Abbildungsverzeichnis5 Tabellenverzeichnis5 Abkürzungsverzeichnis6 1 Einleitung9 2 Hintergrund 11 2.1 Alternative Lösungsansätze . 12 2.1.1 Multi-Faktor-Authentifizierung . 13 2.1.2 Einmalpasswort . 14 2.1.3 Passwortmanager . 16 2.1.4 Single Sign-On . 17 2.2 Verwandte Arbeiten . 19 2.2.1 Universal 2nd Factor . 21 2.2.2 Universal Authentication Factor . 22 2.2.3 Sicherheitsbetrachtung . 23 2.2.4 Verbreitung . 24 2.2.5 ATKey.card . 27 3 Beitrag der Arbeit 28 4 FIDO2 29 4.1 Web Authentication . 30 4.1.1 Schnittstelle . 31 4.1.2 Authentifikatoren . 34 4.1.3 Vertrauensmodell . 36 4.1.4 Signaturen . 38 4.1.5 Sicherheitsbetrachtungen . 41 4.1.6 Privatsphäre . 43 4.2 Client to Authenticator Protocol . 44 4.2.1 CTAP2 . 45 4.2.2 CTAP1 / U2F . 49 4.2.3 Concise Binary Object Representation . 51 4.2.4 Transportprotokolle . 52 5 Zertifizierung 53 5.1 Zertifizierungsprozess . 54 5.1.1 Funktionale Zertifizierung . 55 5.1.2 Biometrische Zertifizierung . 56 5.1.3 Authentifikatorzertifizierung . 56 5.2 Zertifizierungslevel . 58 3 6 Umsetzung 60 6.1 Smartcards . 60 6.1.1 Betriebssysteme . 61 6.1.2 Kommunikation . 63 6.1.3 Sicherheitsbetrachtung . 64 6.2 Biometrie . 65 6.2.1 Fingerabdruck . 66 6.2.2 Sicherheitsbetrachtung . 67 6.3 Fingerabdruckkarte . -
Sstic-2021-Actes.Pdf
Préface Mercredi 2 juin 2021, 8 heures du matin. Sous perfusion de café, les yeux à peine entrouverts, je suis avec le reste du comité d’organisation (CO), qui est sur les rangs et veille aux derniers détails, vérifiant que la guicheteuse et les lecteurs de badge fonctionnent. Pendant ce temps, certains irréductibles sont déjà dehors, malgré le crachin breton, prêts à se ruer pour pouvoir découvrir en premier les goodies et s’installer confortablement dans l’amphi, à leur place favorite, pour feuilleter les actes et lire la préface. On ouvre les portes, c’est parti pour le 19e SSTIC ! Fondu. Huit cents personnes dans l’amphi face à nous, je vérifie avec l’orateur invité qui fait l’ouverture que tout est prêt. Avec le trac, les spots qui m’éblouissent, je m’avance pour prononcer quelques mots et lancer la conférence... Et dire qu’il y a environ un tiers de nouveaux ! Fondu. Petit tour en régie, pour discuter avec les techniciens du Couvent et s’assurer que le streaming se passe bien. Oups, on me dit sèchement de m’éloigner de la caméra ; apparemment, les talkies-walkies qui assurent la liaison avec le reste du CO, éparpillé entre le premier rang et l’accueil, font trembler les aimants du stabilisateur... Fondu. Après la présentation des résultats du challenge, une session de rumps réussie où il a fallu courir dans l’amphi pour apporter le micro, nous voilà dans le magnifique cloître du Couvent, sous un soleil bienvenu. Les petits fours sont excellents et je vois, à l’attroupement qui se forme rapidement, que le stand foie gras vient d’ouvrir. -
USB 3.0 Promoter Group Defines Authentication Protocol for USB Type-C™
PRESS RELEASE CONTACTS: Brad Saunders Liz Nardozza USB 3.0 Promoter Group USB-IF PR +1 503-264-0817 +1 503-619-5224 [email protected] [email protected] USB 3.0 Promoter Group Defines Authentication Protocol for USB Type-C™ Specification defines policy for product OEMs to mitigate risks from non-compliant devices Shenzhen, China and Beaverton, OR, USA – April 13, 2016 – The USB 3.0 Promoter Group today announced the USB Type-C™ Authentication specification, defining cryptographic-based authentication for USB Type-C™ chargers and devices. Using this protocol, host systems can confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors/capabilities and certification status. All of this happens right at the moment a wired connection is made – before inappropriate power or data can be transferred. USB Type-C™ Authentication empowers host systems to protect against non-compliant USB Chargers and to mitigate risks from maliciously embedded hardware or software in USB devices attempting to exploit a USB connection. For a traveler concerned about charging their phone at a public terminal, their phone can implement a policy only allowing charge from certified USB chargers. A company, tasked with protecting corporate assets, can set a policy in its PCs granting access only to verified USB storage devices. “USB is well-established as the favored choice for connecting and charging devices,” said Brad Saunders, USB 3.0 Promoter Group Chairman. “In support of the growing USB Type-C ecosystem, we anticipated the need for a solution extending the integrity of the USB interface. -
INTEGRIKEY: Integrity Protection of User Input for Remote Configuration of Safety-Critical Devices
INTEGRIKEY: Integrity Protection of User Input for Remote Configuration of Safety-Critical Devices Aritra Dhar Der-Yeuan Yu Kari Kostiainen ETH Zurich¨ ABB Corporate Research ETH Zurich¨ [email protected] [email protected] [email protected] Srdjan Capkunˇ ETH Zurich¨ [email protected] Abstract Various safety-critical devices, such as industrial control systems, medical devices, and home automation systems, are configured through web interfaces from remote hosts that are standard PCs. The communication link from the host to the safety-critical device is typically easy to protect, but if the host gets compromised, the adversary can manipulate any user-provided configuration settings with severe consequences including safety violations. In this paper, we propose INTEGRIKEY, a novel system for user input integrity protection in compromised host. The user installs a simple plug-and-play device between the input peripheral and the host. This device Figure 1: Example configuration page. Screenshot from the observes user input events and sends a trace of them ControlByWeb x600m [10] I/O server configuration page. to the server that compares the trace to the application payload received from the untrusted host. To prevent programmer device) is easy to protect through standard subtle attacks where the adversary exchanges values means such as a TLS connection [12]. However, if from interchangeable input fields, we propose a labeling the host platform gets compromised—as standard PC scheme where the user annotates input values. We built platforms so often do—the adversary can manipulate any a prototype of INTEGRIKEY, using an embedded USB user-provided configuration settings. -
Universal Serial Bus Type-C Cable and Connector Specification
Release 1.3 - 1 - USB Type-C Cable and July 14, 2017 Connector Specification Universal Serial Bus Type-C Cable and Connector Specification Release 1.3 July 14, 2017 Copyright © 2017 USB 3.0 Promoter Group. All rights reserved. Release 1.3 - 2 - USB Type-C Cable and July 14, 2017 Connector Specification Copyright © 2014-2017, USB 3.0 Promoter Group: Apple Inc., Hewlett-Packard Inc., Intel Corporation, Microsoft Corporation, Renesas, STMicroelectronics, and Texas Instruments All rights reserved. NOTE: Adopters may only use the USB Type-C™ cable and connector to implement USB or third party functionality as expressly described in this Specification; all other uses are prohibited. LIMITED COPYRIGHT LICENSE: The USB 3.0 Promoters grant a conditional copyright license under the copyrights embodied in the USB Type-C Cable and Connector Specification to use and reproduce the Specification for the sole purpose of, and solely to the extent necessary for, evaluating whether to implement the Specification in products that would comply with the specification. Without limiting the foregoing, use of the Specification for the purpose of filing or modifying any patent application to target the Specification or USB compliant products is not authorized. Except for this express copyright license, no other rights or licenses are granted, including without limitation any patent licenses. In order to obtain any additional intellectual property licenses or licensing commitments associated with the Specification a party must execute the USB 3.0 Adopters Agreement. NOTE: By using the Specification, you accept these license terms on your own behalf and, in the case where you are doing this as an employee, on behalf of your employer. -
USB Technical Overview Brad Saunders – USB-IF/USB PG Chair (Sponsored by Intel Corporation)
USB Technical Overview Brad Saunders – USB-IF/USB PG Chair (Sponsored by Intel Corporation) USB Developer Days 2017 Taipei, Taiwan October 24 – 25, 2017 USB Developer Days – October 24 – 25, 2017 USB Implementers Forum © 2017 1 • System Level Overview • USB 3.2 Topic Agenda • USB Type-C™ • The Rest of the Story USB Developer Days – October 24 – 25, 2017 USB Implementers Forum © 2017 2 Some Words of Caution … • Only design to official released versions of USB specifications • Developer presentations are intended to help familiarize you with the general characteristics of these specifications and provide design guidance • These presentations are not technically complete and should not be used as the sole basis for product designs • USB technology has evolved into highly complex and challenging designs • Always make use of certified product suppliers – silicon, connectors, etc. • Proper materials and manufacturing processes are increasingly more critical to making successful products • Submit your products for USB certification USB Developer Days – October 24 – 25, 2017 USB Implementers Forum © 2017 3 Performance Power Delivers up to 10 Gbps x 2 – Delivers up to 100W – supporting all of your SuperSpeed USB Power power and charging for data transfer needs all your devices USB Delivery USB Type-C™ Cable & Connector Convenience Robust, slim connector with reversible plug orientation and cable direction USB Developer Days – October 24 – 25, 2017 USB Implementers Forum © 2017 4 Major Components of USB Devices USB 2.0 USB 2.0 USB 2.0 xHCI USB -
Mobile Platforms and Middleware Sasu Tarkoma
Mobile Middleware Course Mobile Platforms and Middleware Sasu Tarkoma Push Services iOS APNS Source: http://www.raywenderlich.com/3443/apple- push-notification-services-tutorial-for-ios-part-12/ push-overview Apple Push Notification Service ■ APNS usage involves the following steps: ◆ Service or application developer connects to the APNS system using a unique SSL certificate. The certificate is obtained from Apple with the developer identifier and application identifier. ◆ Applications obtain deviceTokens that are then given to services ◆ The APNS is used to send one or more messages to mobile devices. The push operation is application and device specific and a unique deviceToken is needed for each destination device. ◆ The service or application disconnects from APNS. Android: Google Cloud Messaging Source: http://blogs.msdn.com/b/hanuk/archive/2013/04/18/introducing-windows-8-for-android-developers-part-2.aspx Windows 8 Push Messaging Source: http://blogs.msdn.com/b/hanuk/archive/2013/04/18/introducing-windows-8-for-android-developers-part-2.aspx Summary of Push Services ■ Very similar in design for Android, iOS and WP 1. Client-initiated connection with push servers: TCP and TLS, fallback to HTTP/HTTPS 2. Registration phase to obtain URI and token rd 3. Delegation of URI and token to 3 party services rd 4. 3 party servers push content to mobiles through push servers (URI and token needed) Discussion ■ The current state is fragmented ■ Difficult to achieve portability ■ Certain patterns are pervasive (MVC and others) ■ Solutions? Web -
USB-IF Announces Publication of USB4™ Specification Specification Now Available for Download on USB-IF Website; Doubles Bandwidth to Extend USB Type-C® Performance
DEVELOPER UPDATE CONTACT: Joe Balich USB-IF PR +1 503-619-4113 [email protected] USB-IF Announces Publication of USB4™ Specification Specification now available for download on USB-IF website; doubles bandwidth to extend USB Type-C® performance Beaverton, OR, USA – September 3, 2019 – USB Implementers Forum (USB-IF), the support organization for the advancement and adoption of USB technology, today announced the publication of the USB4™ specification, a major update to deliver the next-generation USB architecture that complements and builds upon the existing USB 3.2 and USB 2.0 architectures. The USB4 architecture is based on the Thunderbolt™ protocol specification recently contributed by Intel Corporation to the USB Promoter Group. It doubles the maximum aggregate bandwidth of USB and enables multiple simultaneous data and display protocols. The development of the USB4 specification was first announced in March 2019 by the USB Promoter Group. It is now officially published by USB-IF and available for download at www.usb.org. Key characteristics of the USB4 solution include: • Two-lane operation using existing USB Type-C® cables and up to 40Gbps operation over 40Gbps certified cables • Multiple data and display protocols that efficiently share the maximum aggregate bandwidth • Backward compatibility with USB 3.2, USB 2.0 and Thunderbolt 3 As the USB Type-C connector has evolved into the role as the external display port of many host products, the USB4 specification provides the host the ability to optimally scale allocations for display data flow. Even as the USB4 specification introduces a new underlying protocol, compatibility with existing USB 3.2, USB 2.0 and Thunderbolt 3 hosts and devices is supported; the resulting connection scales to the best mutual capability of the devices being connected. -
International Standard
This preview is downloaded from www.sis.se. Buy the entire standard via https://www.sis.se/std-8023417 IEC 62680-1-2 ® Edition 1.0 2016-11 INTERNATIONAL STANDARD colour inside Universal serial bus interfaces for data and power – Part 1-2: Common components – USB Power Delivery specification ) en ( 11 - 6 :201 2 - 1 - 62680 IEC Copyright © IEC, 2016, Geneva, Switzerland. All rights reserved. Sold by SIS under license from IEC and SEK. No part of this document may be copied, reproduced or distributed in any form without the prior written consent of the IEC. This preview is downloaded from www.sis.se. Buy the entire standard via https://www.sis.se/std-8023417 THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright © 2016 IEC, Geneva, Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. IEC Central Office Tel.: +41 22 919 02 11 3, rue de Varembé Fax: +41 22 919 03 00 CH-1211 Geneva 20 [email protected] Switzerland www.iec.ch About the IEC The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies. -
High-Performance Web-Based Visualizations for Streaming Data
High-performance Web-based Visualizations for Streaming Data Eric Whitmire [email protected] 1 INTRODUCTION library that supports web-based visualization, suitable for Researchers and engineers who design sensor systems of- use with high-speed data. While this is a promising option ten need to visualize real-time signals that update in mi- for Python users, this work targets does not restrict use to a croseconds. Many times, these visualizations tasks support particular language. exploratory signal processing. An engineer might tweak a In the web space, tools like Vega [8] and Vega-lite [7] filter to remove noise in a signal or change a threshold to support declarative specification of visualizations, which is support event detection. In these scenarios, ideal for the "fire-and-forget" type of functionality desired. Developers of such sensing systems often work in C/C++, These tools, while they support dynamic datasets, are not MATLAB, and Python to facilitate signal processing. De- optimized for high-speed data and rendering. Plotly.js [5] veloping real-time visualizations in these platforms is time- is another commonly used web-visualization framework, consuming, tedious, and often results in poorly optimized but it is also struggles with high-speed data. Cubism.js [3] rendering that is tightly coupled to a particular use case. As is a D3 plugin for time series visualization that supports a result, it can be difficult rapidly explore different signals incremental render. Though it uses a similar implementation, and intermediate processing steps. In contrast, web-based it is designed for slowly (several hertz) updating horizon visualization frameworks have seen significant attention and plots and does not scale for high-speed signal processing advancement in recent years. -
X41 D-SEC Gmbh Dennewartstr
Browser Security White PAPER Final PAPER 2017-09-19 Markus VERVIER, Michele Orrù, Berend-Jan WEVER, Eric Sesterhenn X41 D-SEC GmbH Dennewartstr. 25-27 D-52068 Aachen Amtsgericht Aachen: HRB19989 Browser Security White PAPER Revision History Revision Date Change Editor 1 2017-04-18 Initial Document E. Sesterhenn 2 2017-04-28 Phase 1 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 3 2017-05-19 Phase 2 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 4 2017-05-25 Phase 3 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 5 2017-06-05 First DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 6 2017-06-26 Second DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 7 2017-07-24 Final DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 8 2017-08-25 Final PAPER M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 9 2017-09-19 Public Release M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER X41 D-SEC GmbH PAGE 1 OF 196 Contents 1 ExECUTIVE Summary 7 2 Methodology 10 3 Introduction 12 3.1 Google Chrome . 13 3.2 Microsoft Edge . 14 3.3 Microsoft Internet Explorer (IE) . 16 4 Attack Surface 18 4.1 Supported Standards . 18 4.1.1 WEB TECHNOLOGIES . 18 5 Organizational Security Aspects 21 5.1 Bug Bounties . 21 5.1.1 Google Chrome . 21 5.1.2 Microsoft Edge . 22 5.1.3 Internet Explorer . 22 5.2 Exploit Pricing . 22 5.2.1 ZERODIUM . 23 5.2.2 Pwn2Own .