Abstract: Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment.

Abstract: Methods, articles, and systems of computer graphics processing system validation for processing of encrypted image content are disclosed herein.

Abstract: Methods and systems for verifying a user's identity on a computing device using two-factor authentication are described. More particularly, the system utilizes a personal identification number input by a user, together with one or more of a secure browsing feature, a device fingerprint, and a token generator to authenticate the user on the computer.

Abstract: The techniques described in this disclosure provide resilient and reactive on-demand Distributed Denial-of-Service (DDoS) mitigation services using an exchange. For example, an exchange comprises a first virtual network for switching mixed traffic (including dirty (DDoS) traffic and clean (non-DDoS) traffic)) from one or more networks to one or more DDoS scrubbing centers; and a second virtual network for switching the clean traffic from the one or more DDoS scrubbing centers to the one or more networks, wherein the exchange is configured to receive the mixed traffic from the one or more networks and switch, using the first virtual network, the mixed traffic to a selected DDoS scrubbing center of the one or more DDoS scrubbing centers, and wherein the exchange is configured to receive the clean traffic from the selected DDoS scrubbing center and switch, using the second virtual network, the clean traffic to the one or more networks.

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

Abstract: Disclosed are systems and methods for securing a network including one or more network nodes connecting a plurality of network connected devices of the network. A method may include: receiving and temporarily storing a plurality of data packets in a shared buffer of a network node; receiving requests from a first processing engine and a second processing engine to access a temporarily stored data packet; generating a first pointer and a second pointer to the temporarily stored data packet, the second pointer being different from the first pointer while pointing to the same temporarily stored data packet; and enabling the first processing engine to use the generated first pointer to access the temporarily stored data packet and the second processing engine to use the generated second pointer to access the temporarily stored data packet.

Abstract: Examples described herein include systems and methods for deploying Data Loss Prevention (DLP) policies to user devices. An example method can include receiving a configuration specifying at least one DLP policy applicable to an application, along with an indication of an assignment group specifying users, or user devices, to which the DLP policy should apply. Information regarding the DLP policy and assignment group can be provided to an identity service and then synchronized with a second server that manages the application. The method can further include provisioning the application to a user device and instructing the user device to retrieve the DLP policy from the second server and implement it when executing the provisioned application.

Abstract: Systems and methods are disclosed for computing network operations. For example, methods may include receiving, at a computing device located within a private network, a message sent from a server located outside of the private network, the message including an observable; invoking, within the private network, a search of data associated with the private network to obtain a search result that includes data matching the observable; aggregating, within the private network, data from the search result that matches the observable to obtain a report that includes an indication of the observable, a count of occurrences of the observable, and identification of one or more components associated with the observable; and transmitting the report to the server.

Abstract: This relates to hierarchical pseudo-random number generation for use in computer simulations that operate across more than one computing machine.

Abstract: A system and method are disclosed for authenticating and authorizing access to and accounting for consumption of bandwidth for IPv6 connectivity to the Internet over Wireless Access Vehicular Environment (WAVE) service channels by client devices using an Authentication, Authorization and Accounting (AAA) server. The AAA server authenticates and authorizes client devices to access WAVE service channels, and accounts for bandwidth consumption by the client devices using WAVE service channels to access the Internet. The AAA server enables an RSU infrastructure operator to quantify wireless bandwidth consumption by in-vehicle devices using the WAVE Service Channels, on a per-device basis.

Abstract: Embodiments include a method for vulnerability management of a computer system. The method includes collecting vulnerability information over a network from a publishing source. The vulnerability information includes a known vulnerability of a first computer asset, where at least some of the vulnerability information is a set of cybersecurity vulnerabilities and exposures (CVEs) published online. Further, at least some of the CVEs is in a human-readable format. The method further includes collecting system information of the computer system subject to the vulnerability management, where the system information includes information about a second computer asset of the computer system. The method further includes processing the collected vulnerability information and the collected system information by interpreting the human-readable CVEs and correlating the interpreted CVEs with the collected system information.

Abstract: A communication device includes: a counter, a pseudo-random number generator, a symbol generator, a modulator, and a controller. The counter counts symbols transmitted to a correspondent device. The pseudo-random number generator generates a pseudo-random number corresponding to a count value of the counter. The symbol generator generates a transmission symbol from a transmission signal and the pseudo-random number. The modulator generates a modulated signal from the transmission symbol. When a disruption of a communication with the correspondent device is detected, the controller selects, from among a plurality of restoring times determined in advance, a restoring time for resuming the communication, and gives the counter a count value assigned in advance to the selected restoring time. The counter resumes a counting operation from the count value given from the controller when the communication device resumes a communication with the correspondent device.

Abstract: Disclosed herein are system, method, and computer program product embodiments for storing files in a storage location that is associated with an image object that is displayed in a real-time view on a mobile device. Examples of an image object include physical objects and augmented objects. Display of the real-time view includes the image object as well as interfaces for interacting with the image object including creating a storage location associated with the image object. Moreover, security features may be based on using information associated with the image object to securely store the file, either locally on the mobile device or over a network (e.g., at a cloud-based location) using the mobile device.

Abstract: Disclosed is an electronic device. The electronic device includes a communicator comprising communication circuitry and a processor, the processor is configured to control the communicator to perform communication with an external device based on identifying that a strength of a signal received from an external device is equal to or greater than a predetermined threshold value, and after converting an electronic device to a low power mode, based on identifying that a strength of a signal received from an external device being within a first range, to control the electronic device to perform a secure pairing operation.

Abstract: An apparatus, system, and method for maintaining a programming lineup of adaptive-bitrate content streaming is provided. The apparatus includes a timeline module configured to maintain a programming lineup of media content available over a network. The media content may comprise a plurality of streamlets. The apparatus also includes at least one data module configured to maintain multi-bitrate streamlet information. The system includes the apparatus and a client module configured to acquire content based upon the programming lineup provided by the timeline module. The method includes maintaining a programming lineup of media content available over a network, and maintaining multi-bitrate streamlet information.

Abstract: A system and method for security of Internet of things (IoT) devices are discussed. A user of a mobile device, such as a customer of a wireless communication network, may remotely lock an IoT device while concomitantly assigning an ad hoc password to the IoT device that can be subsequently used to unlock the device. Alternatively, an IoT device may self-lock and produce a password in response to detecting its motion. The produced password may be provided to the user of a mobile device and used later to unlock the IoT device.

Abstract: According to certain embodiments, a vehicle electronic device comprises a transceiver configured to communicate with a mobile device; and at least one processor configured to generate first authentication information, control the transceiver to transmit the first authentication information to a registered mobile device, control the transceiver to send a request for authentication to the mobile device via a first communication connection, and perform authentication based on whether or not the processor receives second authentication information from the mobile device that corresponds to the first authentication information, wherein the first communication connection directly communicates with the mobile device.

Abstract: Techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise are disclosed. In one example, a threat detection platform determines the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. To understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient.

Abstract: The present disclosure discloses an electronic distribution method and apparatus. The method includes: acquiring user information and first terminal information of a distribution terminal which are transmitted by a server; generating a first key and transmitting the first key to the server; acquiring second terminal information which is encrypted by the distribution terminal using the first key received from the server and is transmitted by the distribution terminal; decrypting the second terminal information encrypted by using the first key to obtain the second terminal information; matching the second terminal information with the first terminal information; and displaying the user information if the second terminal information matches the first terminal information.

Abstract: Methods and systems for identifying a network vulnerability. The system may gather data regarding a new or previously unknown network device, and compare the gathered data to one or more known devices that are scanned by a vulnerability assessment device. The vulnerability assessment device may then scan the previously unknown device upon a processor determining the previously unknown device shares at least one feature with a known device that is scanned.