Abstract: A network traffic anomaly detection method and apparatus is provided. The method includes: acquiring network flows generated by a network monitoring node within a set period of time; for any one of attributes in the network flows, aggregating the network flows at a set time interval according to the attribute to generate N time sequences with respect to the attribute; determining N samples to be detected corresponding to the network flows according to the N time sequence, calculating respective angular dissimilarity degrees between a first time sequence and N?1 second time sequences corresponding to a first attribute in the other N?1 samples to be detected, and determining a first detection result with respect to the first time sequence; and determining whether each of the samples to be detected is an abnormal data stream according to a detection result.

Abstract: An authentication/authorization server that manages access to a resource server is provided. The server comprises a management unit that manages an expected completion time of a change to an access destination authentication/authorization server with respect to a client for which the access destination authentication/authorization server is to be changed; an issuing unit that issues an access token for accessing the resource server, the token having an expiration time; and a response unit that returns the access token to the client, wherein if an expected completion time of the change to the access destination authentication/authorization server is managed with respect to the client that is the source of the token issuance request, the issuing unit sets the expiration time of the access token that has been issued to expire no later than the expected completion time of the change.

Abstract: In accordance with one embodiment, a method of modifying data in a telecommunication system can be implemented by receiving a communication comprising voice data and non-voice data at a first processor; sending the non-voice data from the first processor to a second processor; sending the voice data from the first processor to a third processor; receiving a sensitive-data-alert-message at the second processor from a fourth processor; and, in response to the sensitive-data-alert-message from the fourth processor, producing a set of modified-non-voice data at the second processor by removing a set of sensitive data contained within the non-voice data.

Abstract: Measurements of a device's firmware are made regularly and compared with prior, derived measurements. Prior measurements are derived from a set of identical firmware measurements obtained from multiple devices having the same make, model and firmware version number. The firmware integrity status is reported on a data and device security console for a group of managed endpoints. Alerts about firmware changes, which may be potential attacks on the firmware, are given automatically.

Abstract: The present disclosure discloses a method and system for data ownership confirmation based on encryption. The method comprises following steps: determining whether data is open; and if the data can be open, encrypting, by a data owner, the data by using a private key of the data owner to complete ownership declaration, and ending a process; or if the data cannot be open, determining whether the data is shared; and if the data cannot be shared, encrypting, by the data owner, the data by using a public key of the data owner to complete data protection, and ending a process; or if the data can be shared, proceeding to ownership declaration and protection steps. The method achieves data ownership confirmation, technically ensures proprietary of data ownership, and implements unique ownership of the data owner for the data, laying a foundation for data responsibility, right, and profit allocation.

Abstract: In some embodiments, a cybersecurity data handling and governance service displays a cybersecurity artifact generation object. In some embodiments, while displaying the cybersecurity artifact generation object, the cybersecurity data handling and governance service receives a first input selecting the cybersecurity artifact generation object.

Abstract: A system configured controls access to data associated with a venue-centric event. The system may include one or more hardware processors configured by machine-readable instructions. The processor(s) may be configured to receive from a first remote server a set of first data items associated with a first authenticated event application and store the set of first data on the local appliance. Second data items are received from a second remote server, at least some of the second data items are different from the first data items and thereby form a set of third data items. A request for at least one of the second data items is received from the first authenticated event application and validated. The request may be received after the predetermined start time and before the predetermined end time. The requested at least one second data item is communicated to the first authenticated event application.

Abstract: Implementations of data security technologies are disclosed. In an implementation, a plurality of feature points of a user-selected image are determined. A first plurality of interactive operations performed on at least a portion of the plurality of feature points by a user are detected during lock screen passcode set up of a mobile computing device. The first plurality of interactive operations are stored. The user-selected image is displayed on a lock screen when the mobile computing device is in a locked state. A second plurality of interactive operations on a touchscreen of the mobile computing device are detected when the mobile computing device is in the locked state, and the mobile computing device is unlocked if the second plurality of interactive operations match the first plurality of interactive operations.

Abstract: Systems, methods, and computer media for mitigating cybersecurity vulnerabilities of systems are provided herein. A current cybersecurity maturity of a system can be determined based on maturity criteria. The maturity criteria can be ranked based on importance. Solution candidates for increasing the cybersecurity maturity of the system can be determined based on the ranking. The solution candidates specify cybersecurity levels for the maturity criteria. A present state value reflecting the current cybersecurity maturity of the system can be calculated. For the solution candidates, an implementation state value and a transition state value can be determined. The implementation state value represents implementation of the maturity levels of the solution candidate, and the transition state value represents a transition from the present state value to the implementation state value.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor and a memory; and executable instructions encoded in the memory to provide a client-only virtual private network (VPN) including a VPN client and a VPN server implementation on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services.

Abstract: A stopped vehicle information remote retrieval method includes an emergency personnel or first responder vehicle (FRV) establishing a vehicle connection between an infotainment system of a stopped vehicle and the FRV. The FRV sends a vehicle information request to the infotainment system of the stopped vehicle, via the vehicle connection, seeking release of vehicle information. The FRV obtains authentication of the vehicle information received in response to the vehicle information request. The FRV determines occupant status based on the vehicle information. The FRV communicates the passenger status to a first responder.

Abstract: Systems and methods for anonymous collection of malware-related data from client devices. The system comprising a network node configured to (i) receive a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device and/or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independent certification authority, (ii) transform the received first data structure by replacing the identifier of the client device with an anonymized identifier, and (iii) transmit the transformed first data structure containing the anonymized identifier and the encrypted data to a server.

Abstract: Systems and methods for anonymously transmitting data in a network are provided, in which a request data structure is received by a network node from a client device. A first substructure containing personal data (PD) and a second substructure not containing PD are identified in the request data structure, by the network node. The first substructure is encrypted, by the network node, and is transmitted along with the second substructure to a server. A response data structure is received, by the network node, from the server. The first encrypted substructure and a third encrypted substructure are identified, by the network node, in the response data structure. The first encrypted substructure is decrypted, by the network node, and is transmitted along with the third encrypted substructure to the client device. The third encrypted substructure can be decrypted and viewed by the client device.

Abstract: An authentication device management device includes a generating unit, a registration unit, a transmission unit, and a responding unit. The generating unit generates a pair of a first key to attach a signature with respect to an authentication result obtained by an authentication device that performs personal authentication of a user, and a second key to verify the signature attached to the first key. The registration unit registers, in association with each other, the key identifier that identifies the generated key pair and user identification information. The transmission unit transmits the first key generated by the generating unit to the authentication device used by the user. When the responding unit accepts a transmission request for the second key related to the authentication device in which the first key transmitted by the transmission unit has been set, the responding unit responds by instructing the authentication server to transmit the second key.

Abstract: The present invention provides a secure technique that allows two communication apparatus that perform encrypted communication to have a common initial solution. A large number of user apparatuses all have a function of generating the same solution under the same condition as far as the user apparatuses have the same initial solution, and can perform encrypted communication using solutions successively generated in synchronization from the same initial solution. All the user apparatuses and a server share the same initial solution and have a function of generating the same solution under the same condition and thus can generate synchronized solutions. The server generates synchronization information, which is information required to generate the initial solution but is not the initial solution itself (S2002), and transmits the synchronization information to at least one of two user apparatuses performing encrypted communication (S2003).

Abstract: A first wireless access device, associated with a wireless service provider, establishes a wireless local area network connection with a second wireless access device and receives a certificate including a unique identifier associated with the second wireless access device. The first wireless access device determines whether the second wireless access device is authorized to connect to the first wireless access device. For example, if the certificate is signed by a certificate authority associated with the wireless service provider and the unique identifier appears in a whitelist stored at the first wireless access device, the first wireless access device and the second wireless access device perform a mutual authentication procedure based on one or more ephemeral keys. The first wireless access device provides the second wireless access device with access to a wide area network based on successful completion of the mutual authentication procedure.

Abstract: An identity verification method and a verifying device, where the verifying device receives an account for requesting password reset. When the account is invalid, the verifying device sends a fake identification and a first verification request to a requesting device. The verification request mentioned requests a user to determine whether to send verification information to a first communication address. The fake identification and the first communication address are associated with the first account.

Abstract: Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported.

Abstract: Analyzing and mitigating website privacy issues by automatically classifying cookies.

Abstract: Techniques and apparatuses are described to enable a strategically coordinated fictitious ecosystem of disinformation for cyber threat intelligence collection in a computing network. The ecosystem comprises fictitious profiles and supporting fictitious infrastructure information to portray in-depth, apparent authenticity of the ecosystem. Malicious communications from an adversary directed at the ecosystem are monitored, and threat intelligence about the adversary is collected to prevent future attacks.