Abstract: Architectures and techniques for in-app behavior detection. A behavior detection agent within an application running on a hardware computing device captures events within the application. The events are inputs received from one or more sources external to the application. The behavior detection agent generates an event stream from the captured events. The behavior detection agent analyzes the event stream for significant feature frequencies and associations corresponding to one or more attack profiles. The behavior detection agent initiates an attack response in response to finding one or more significant feature frequencies and associations. The attack response comprises at least changing an operational configuration of the application.

Abstract: Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a directly connected upstream node of the NSD within the CSF through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged between the upstream node and the NSD. A CSF protocol is enforced by a forward daemon of the NSD that limits issuance of query messages to those originated by a source NSD representing an upstream node and directed to a destination NSD representing a downstream node.

Abstract: The present invention relates to a communication apparatus including a receiving unit and a restricting unit. The receiving unit is configured to receive a signal from another communication apparatus after code information is displayed by a display control unit. The signal includes identification information indicated by the code information. The code information is information in which information necessary for performing a sharing process for sharing a communication parameter for radio communication among apparatuses is coded. The restricting unit is configured to restrict execution of the sharing process when the communication apparatus has received the signal including the identification information from a plurality of other communication apparatuses with the receiving unit.

Abstract: Systems and methods for encoded communications are disclosed. In some embodiments, a server system may be configured to receive a communication from a user interface at an encoded communication module that includes an artificial intelligence based natural language processing module, determine whether the received communication is an encoded communication, decode the encoded communication to generate a financial query when it is determined that the received communication is an encoded communication, retrieve financial data associated with the user, determine an answer to the financial query based on the retrieved financial data, encode the determined answer to generate an encoded responsive communication, and transmit the generated encoded responsive communication to the user interface for providing to a user of the user interface.

Abstract: Embodiments described include systems and methods for securely managing browser plugins via embedded browser. The solution enables a client application or embedded browser to dynamically load the browser components into the embedded browser based on a risk or security profile and one or more policies. The policies can be centrally managed to enable only allowed browser components to be loaded within the embedded browser for a given risk profile. Based on the risk profile, a session established by the embedded browser can be transferred from the client application to a hosted browser at a secure sever. When the session is transferred to the hosted browser, the present system can also redirect the browser component configurations to the hosted browser such that the same browser components are enabled, disabled, or modified at the hosted browser.

Abstract: Examples of the present disclosure describe systems and methods for identifying anomalous network behavior. In aspects, a network event may be observed network sensors. One or more characteristics may be extracted from the network event and used to construct an evidence vector. The evidence vector may be compared to a mapping of previously-identified events and/or event characteristics. The mapping may be represented as one or more clusters of expected behaviors and anomalous behaviors. The mapping may be modeled using analytic models for direction detection and magnitude detection. One or more centroids may be identified for each of the clusters. A “best fit” may be determined and scored for each of the analytic models. The scores may be fused into single binocular score and used to determine whether the evidence vector is likely to represent an anomaly.

Abstract: Examples of creating a device identifier that are based upon hardware components of a client device are discussed. An inaudible or high frequency reference audio sample is played. Audio capture is initiated using the microphone system. A sensor-based device identifier can be generated from the captured audio due the manufacturing variances in the hardware components used for the speaker and microphone systems.

Abstract: The disclosed embodiments relate to a system that camouflages electromagnetic interference (EMI) fingerprints in EMI emissions from a computing system to enhance system security. During operation, the system monitors the EMI emissions from the computer system while the computer system is operating to produce corresponding EMI signals. Next, the system performs a Fast Fourier Transform (FFT) operation on the EMI signals. The system then converts an output of the FFT operation into a frequency-domain representation of the EMI signals. Next, the system generates a camouflaging signal based on the frequency-domain representation of the EMI signals. Finally, the system outputs the camouflaging signal through a transmitter to camouflage EMI fingerprints in the EMI emissions from the computer system.

Abstract: Provided are a computer program product, system, and method for determining a frequency at which to execute trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code. Trap code is executed in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code. A determination is whether to modify a frequency of executing the trap code in response to processing a specified type of command. The frequency of executing the trap code is modified in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code.

Abstract: The present disclosure describes systems and methods directed towards a highly secure and intelligent, end to end provisioning, authentication, and transaction system which creates and/or consolidates user data for a unified profile for the user (e.g., a person, place, organization, object, etc.) to allow for the safe, secure, and verifiable exchange of information.

Abstract: A computing system may include a EMM server having a metadata anonymization policy associated therewith, and a client computing device configured to generate metadata and combine the metadata with respective user content data, with the client computing device having a metadata permission policy associated therewith. The client computing device may be further configured to enroll with the server, determine user content data having metadata combined therewith in violation of the metadata anonymization policy, and when the metadata permission policy permits separation of the metadata from the user content data, strip the metadata from the user content data so that the metadata is inaccessible when the user content data is accessed.

Abstract: A method of generating wireless communications from a transmit-only device, the method comprising: generating, at the transmit-only device, a first current session key; generating, at the transmit-only device, operational data; generating, at the transmit-only device, crypto-data by performing a cryptographic operation on the operational data using the first current session key; transmitting, from the transmit-only device, a first identifier to enable a resource derive the first current session key; transmitting, from the transmit-only device, the crypto-data.

Abstract: The monitoring device includes a receiver and a processor. The receiver receives a frame from a communication network. The processor performs a first determination that determines whether the frame is illegal based on a result of message authentication for the frame and a second determination that determines whether the frame is illegal based on a state of the frame and a predetermined rule. In addition, the processor executes, in accordance with a combination of a result of the first determination and a result of the second determination, at least one of processing for the frame, processing for a transmission source device of the frame, change of contents to be notified to an external device, and change of priority of notification to the external device.

Abstract: After a heuristic event counter in a processor has triggered a performance monitoring interrupt (PMI) when the processor was executing a target program in user mode, and after the processor has switched to kernel mode in response to the PMI, a heuristic event handler automatically performs preliminary analysis in kernel mode, without switching back to user mode, to determine whether heavyweight code analysis is warranted. The preliminary analysis comprises (a) obtaining an instruction pointer (IP) for the target program from a last branch record (LBR) buffer in the processor, (b) using transaction hardware in the processor to determine whether the IP from LBR buffer points to a readable page in memory, and (c) determining that heavyweight code analysis is not warranted in response to a determination that the page pointed to by the IP from LBR buffer is not readable. Other embodiments are described and claimed.

Abstract: Provided are an electronic device and a method for processing data in the electronic device. The electronic device may receive server registration time-related information—that is, information related to a time when at least one beacon device becomes registered in a server, and decrypt at least one beacon signal received from the at least one beacon device based on the received server registration time-related information.

Abstract: A virtual enigma cipher system is described herein that allows for symmetric encryption and decryption of data. During encryption, a plurality of wheels representing sequences of data are used to encrypt a message. The plurality of wheels includes at least one dynamic wheel, which is generated based on a password, and a plurality of static wheels. During encryption, the unencrypted message is iterated from beginning to end. During each step of iteration, the encrypted payload value for a particular position is determined by performing an exclusive or (XOR) operation between the value of the unencrypted message at the position, and the values of the wheels at their respective wheel pointer positions. The particular position is then incremented, as are the wheel pointer positions, and iteration continues until the entire unencrypted message has been encrypted as part of the encrypted payload. Padding data and the message length are appended to the encrypted payload. During decryption, the steps are reversed.

Abstract: In one example embodiment, a server that is in communication with a network that includes a plurality of network elements obtains, from the network, a service request record that includes sensitive information related to at least one of the plurality of network elements. The server parses the service request record to determine that the service request record includes a sequence of characters that is repeated in the service request record, and tags the sequence of characters as a particular sensitive information type. Based on the tagging, the server identically replaces the sequence of characters so as to preserve an internal consistency of the service request record. After identically replacing the sequence of characters, the server publishes the service request record for analysis without revealing the sequence of characters.

Abstract: A method for sharing a configuration file is applicable to a first host and a second host that are connected to a network, wherein the first host is electrically connected to the first peripheral device, and the second host is electrically connected to the second peripheral device. The method for sharing a configuration file includes: the first host starts the embedded program, and after obtaining the first public key of the first peripheral device, the embedded program is communicatively connected to a server, and the device requests a private key according to the first public key. After obtaining the private key, the embedded program uploads a configuration file, and the second host starts the embedded program.

Abstract: This application discloses a data processing method, system, and apparatus, a storage medium, and a device, and belongs to the field of database technologies. The method includes receiving, a trigger request; triggering, according to the trigger request, the first cloud encryptor to store a root key seed, an operating policy, a data key seed, and a data key identifier, and triggering the database proxy to store an encryption data dictionary, the operating policy indicating an operation policy of the first cloud encryptor. The method further includes receiving a data processing request from the client; sending first data that the data processing request requests to process and the data key identifier in the encryption data dictionary to the first cloud encryptor. The method further includes implementing the operating policy, processing the first data, and responding to the data processing request by using the second data.

Abstract: The invention provides a method of providing a nomadic service, the method including: i. sending, by a user, a nomadic service request to an Authentication, Authorization and Accounting (AAA) server to determine whether the nomadic service request is allowed; ii. if the nomadic service request is allowed, then instantiating a service module for the nomadic service in a corresponding virtual Residential Gateway (vRG) platform, or selecting a corresponding service module in a residential gateway of the user, based upon the nomadic service, by a Software Defined Network (SDN) controller; and iii. determining and configuring, by the SDN controller, a network delivery path between the user and the service module based upon the path establishment request and a position of the service module. With the technical solution according to the invention, even a user who is not at home can be provided rapidly with a service subscribed through a residential gateway.