Abstract: Method and apparatus for secure access control in wireless communications are disclosed. In an example, a method includes receiving a broadcast message including system information, identifying a first set of hashed identifiers (IDs) and a first random number based on the system information, and each ID of the first set of hashed IDs is individually hashed using at least the first random number. The method also includes calculating a first hash value for each ID of a second set of IDs using at least the first random number, determining whether at least a hashed ID of the second set of IDs matches a hashed ID of the first set of hashed IDs, and sending a request message based on a determination that at least a hashed ID of the second set of IDs matches a hashed ID of the first set of hashed IDs.

Abstract: Methods and systems for a device identification system may be provided. The device identification system may determine an identity of a user device associated with a transaction. The identity may be determined by network address information, hard link information, soft link information, and/or other such information. The network address information may include IPv4 information, IPv6 information, a device ID, and/or other such information. The identity of the user device may be determined and a transaction conducted from the user device may be assigned a fraudulent transaction risk score according to the information. Transactions that are determined to be at a high risk of fraud may be reviewed or otherwise flagged and/or canceled.

Abstract: An exemplary blockchain-based decentralized computing system and method are disclosed for industrial analytics applications. The exemplary system and method leverage blockchain technology to deliver and execute privacy-preserving decentralized predictive analytics, machine learning, and optimization operations for various industrial applications using a set of self-contained analytics block smart contracts that can be readily utilized and in analytics applications to deploy across multiple sites.

Abstract: Systems and methods for network security testing of target computer networks using AI neural networks. A command and control server controls a number of geographically separated processors running a number of neural networks. A central data hive is accessible to all the processors. The processors are organizable into logical hemisphere groupings for specific tasks and/or projects. For security testing, hemisphere groupings are created for the project. Based on data for the target system on the data hive, attacks are formulated by a hemisphere grouping and these potential attacks are tested against known characteristics of the target network. Validated potential attacks and, in some cases, random attacks, are executed and data generated by the executed attacks are stored in the data hive for use in formulating and executing other further attacks. Potential attacks may involve mining social media networks for data on users of the target system.

Abstract: A software defined (SD) process control system (SDCS) includes a control container having contents which are executable during run-time of the process plant to control at least a portion of an industrial process. The SDCS also includes a security service associated with the control container and including contents which define one or more security conditions. The security service executes via a container on a compute node of the SDCS to control access to and/or data flow from the control container based on the contents of the security container.

Abstract: A method including configuring, by an infrastructure device, a virtual private network (VPN) server to install an initial operating system on a volatile memory associated with the VPN server; configuring, by the infrastructure device, the VPN server to execute the initial operating system from the volatile memory to receive a VPN operating system; configuring, by the infrastructure device, the VPN server to install the VPN operating system on the volatile memory; and configuring, by the infrastructure device, the VPN server to execute the VPN operating system from the volatile memory to provide VPN services. Various other aspects are contemplated.

Abstract: Embodiments of system and methods for providing centralized management of a software defined automation (“SDA”) system are disclosed. The SDA system comprises of a collection of controller nodes and logically centralized and yet physically distributed collection of compute nodes by monitoring activities of the compute nodes. In accordance with some embodiments, one or more components of the system monitor execution, network and security environments of the system to detect an event in a first environment. In response to the detected event, at least one component in the first environment is remediated, the remediation of the first environment creating a trigger to cause remediation of at least one component in each of a second and third environments.

Abstract: The application discloses methods and corresponding systems and network devices and/or nodes for enabling user equipment belonging to a home network to access data communication services in a visited network of a wireless communication system. By way of example, there is provided a method that comprises the step of obtaining at least one cryptographic token originating from a network node of the home network of the user equipment and cryptographically signed by a private key associated with the home network, wherein the at least one cryptographic token represents means for accessing data communication services via user data transport functions of the visited network.

Abstract: A method for generating digital certificates for anonymous users in blockchain transactions includes: storing a blockchain comprised of a plurality of blocks, each block including a block header and transaction values, where each transaction value includes data related to a blockchain transaction including a sending address, recipient address, and transaction amount; receiving a certificate request from a computing device, the request including a user public key of a cryptographic key pair; identifying a subset of transaction values in the blockchain where the sending address or recipient address was generated using the user public key; determining a confidence level based on the data included in each transaction value included in the subset; generating a digital certificate based on the determined confidence level; and transmitting the generated digital certificate to the computing device.

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

Abstract: Techniques are provided for secure data management in a network computing environment. A security management system receives data from a device which operates in a device network that is managed by the security management system. The security management system performs a data classification process to determine a data sensitivity level of the received data. The security management system determines a type of encryption to apply to the received data based on the determined data sensitivity level. The type of encryption is determined from a plurality of different types of encryption that are supported by a cloud system. The security management system sends the received data to the cloud system to at least one of store the data and perform secured data analytic processing of the data, in a format according to the determined type of encryption.

Abstract: The invention relates to a method and a system for computer-assisted maintenance of a device to be maintained, comprising a storage in a first system, which storage is implemented progressively when in use an operating system comprising the device to be maintained, of operational data associated with the said operating system. For a maintenance processing method, which is to be implemented by the second system (8) by applying a processing algorithm (38) to a set of operational data, the maintenance system uses a homomorphic or partially homomorphic cryptosystem (28) to obtain a modified maintenance processing algorithm (40) which makes it possible to obtain an item of predictive or corrective maintenance information in encrypted form, from a set of protected operational data comprising a first subset of encrypted operational data ((D1)H) by a means of a cryptosystem encryption method (28), and a second subset of plain data (D2) from the said set of operational data.

Abstract: Systems and methods for multi-factor authentication are based on validation of an inherence factor and a possession factor obtained in a “frictionless” or almost frictionless manner. A method conducted at a software application executing on a user device associated with a user and connected to a server computer, includes obtaining signing or encryption of a set of data elements using a cryptographic key securely stored for exclusive use by the software application and transmitting the signed or encrypted data elements to the server computer. The method includes transmitting, to the server computer, a payload including contextual data which includes behavioural data collected via one or more contextual data sources. The signed data elements represent a possession factor and the payload including contextual data represents an inherence factor for validation and multi-factor authentication by the server computer.

Abstract: A method and an electronic device for training a classifier to identify a user of the electronic device are provided. The method comprises: receiving training key stroke data associated with the user, a given portion of the training key stroke data having been generated in response to the user inputting a respective symbol of a predetermined text into the electronic device, by interacting with a given key of the plurality of keys; determining, based on the given portion of the training key stroke data, a plurality of time intervals associated with the user; determining most stable ones of the plurality of time intervals for inclusion thereof in a training set of data; training, based on the training set of data, the classifier to determine if the predetermined text inputted into the electronic device in future has been inputted by the user.

Abstract: A method that is performed to access data nodes of a data cluster. The method includes obtaining, by a data access gateway (DAG), a first request from a host; and in response to the first request, obtaining first bidding counters from the data nodes; identifying, based on the first bidding counters, a first data node of the data nodes associated with a highest bidding counter of the first bidding counters; sending the first request to the first data node; and making a first determination that the first data node is able to service the first request.

Abstract: Systems and methods that update configuration parameters on a UE using control plane functionalities. In one embodiment, an AMF element of a mobile network receives a control plane message from a UDM element that includes a UE configuration parameter update for the UE. The UE configuration parameter update is security protected via a secured packet, integrity protection, etc. The AMF element is configured to transparently send the UE configuration parameter update to the UE. Thus, AMF element inserts the UE configuration parameter update (that is security protected) in a container of a Non-Access Stratum (NAS) message, and sends the NAS message to the UE. The UE may then update its configuration parameters based on the update when security checks are complete.

Abstract: The present disclosure relates to a 5th (5G) generation) or pre-5G communication system for supporting a higher data transmission rate beyond a 4th (4G) generation communication system such as long term evolution (LTE). According to various embodiments of the present disclosure, an apparatus of a user data management (UDM) for a first cellular network in a wireless communication system may include at least one transceiver, and at least one processor operatively coupled with the at least one transceiver, the at least one processor may be configured to receive a request message for security of a second cellular network from an access and mobility management function (AMF) for the first cellular network, and transmit to the AMF a response message for transmitting a security key for an eNB of the second cellular network to the eNB, and the security key may be obtained from the base security key of the second cellular network.

Abstract: The present invention describes an architecture for increasing the performance of blockchain using a virtual actor model to provide stateful services that are highly scalable and responsive to events as they support publishing and/or subscribing to streaming messages and/or events. The architecture as described leverages established distributed design practices to achieve what would otherwise require costly resource intensive hardware.

Abstract: User equipment performing communication with a core network node by using network slices obtained by logically dividing a network includes: means for sending information related to security of one network slice; and means for sending identity information of the one network slice in a secure method, based on a request to send information in the secure method sent from the core network node based on the sent information.

Abstract: Methods and network devices implement a lawful interception (LI) trigger control function as an LI target handler and a modified trigger control function. A generic LI triggering interface enables the modified trigger control function to query the LI target handler regarding whether entities using a network function instance are in a target list. The LI target handler has to meet the LI security requirements, but the modified trigger control function does not have to meet such requirements.