Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: Mechanisms (which can include systems, methods, and media) for securing WiFi routers and devices connected to them are provided. In some embodiments, mechanisms for securing a WiFi router comprise: receiving a first request to form a first connection between a first device and the WiFi router; determining whether a first portal can be presented in connection with the first device; and in response to determining that the first portal cannot be presented in connection with the first device: creating a first temporary virtual access point using the WiFi router; and connecting the first device to the WiFi router using the first temporary virtual access point.

Abstract: A server includes a management module that includes a memory device and that is configured to be connected to multiple data storage devices. The management module is configured to perform an initialization procedure, in which the management module obtains multiple pieces of storage identifier information corresponding to the data storage devices, determines, for each of the pieces of storage identifier information, whether the piece of storage identifier information matches any piece of default identifier information contained in a list stored in the memory device, and generates piece(s) of log data for matched piece(s) of storage identifier information.

Abstract: Management of virtual content rights of digital assets for a virtual environment, including: receiving data indicating a request from a user for assignment of virtual content rights of a digital asset; determining whether the requested virtual content rights are available for assignment to the user and a set of terms of the assignment for the requested virtual content rights; notifying the user of the availability and the set of terms for the assignment of the virtual content rights to the user; receiving data indicating agreement by the user to the assignment, including agreement to at least one term of the set of terms; and updating the virtual content rights database to indicate the assignment of the virtual content rights to the user.

Abstract: Disclosed is a physical unclonable function generator circuit and method.

Abstract: In a wireless access network, a false base station (FBS) may imitate a legitimate base station by repeating the transmissions of the legitimate base station at a higher power level such that one or more user equipment (UEs) synchronize with the FBS instead of the legitimate base station. The present disclosure provides a UE that detects an FBS. The UE may estimate a time of arrival of different multipath components of a downlink signal corresponding to a physical cell identity. The UE may determine an existence of FBS based on a difference between the times of arrival of two of the different multipath components exceeding a threshold amount of time. The UE may perform a mitigation operation in response to determining the existence of the FBS.

Abstract: The present disclosure provides a method and an apparatus for Mesh networking, and a gateway device. The method includes: monitoring a probe request frame on a target channel, wherein the probe request frame is automatically transmitted on the target channel by a gateway device to be connected in a state of no network configuration; in response to a monitored probe request frame indicating that the gateway device to be connected meets a networking condition and receiving a networking instruction, establishing a Wi-Fi Protected Setup (WPS) connection with the gateway device to be connected; and synchronizing networking configurations with the gateway device to be connected through the WPS connection, so that the gateway device to be connected is connected to the Mesh network based on the networking configurations.

Abstract: A system and method for secure authentication of user entity and user entity device identity. The system and method described herein allows an identity to be continuously proven because of user entity's behavior and their biometrics. With all the fraud and risk that exists today, if someone has a user entity's driver's license they can do a lot of harm. A primary identity provider passes user contextual and behavioral information to third party secondary identity providers to allow risk based continuous authentication and step up post-authorization authentication or termination of session as required upon detection of an anomaly.

Abstract: A method for pairing a key fob with a control unit is provided. The key fob executes an ID authenticated key agreement protocol with a pairing device based on a key fob identification to authenticate one another and to generate a first encryption key. The pairing device encrypts a control unit identification using the first encryption key. The key fob receives the encrypted control unit identification transmitted from the pairing device. The key fob then executes an ID authenticated key agreement protocol with the control unit based on the control unit identification to authenticate one another and to generate a second encryption key. The key fob then receives an operational key transmitted from the control unit that is encrypted with the second encryption key.

Abstract: First event data, indicative of a first activity on a computer network and second event data indicative of a second activity on the computer network, is received. A first machine learning anomaly detection model is applied to the first event data, by a real-time analysis engine operated by the threat indicator detection system in real time, to detect first anomaly data. A second machine learning anomaly detection model is applied to the first anomaly data and the second event data, by a batch analysis engine operated by the threat indicator detection system in a batch mode, to detect second anomaly data. A third anomaly is detected using an anomaly detection rule. The threat indictor system processes the first anomaly data, the second anomaly data, and the third anomaly data using a threat indicator model to identify a threat indicator associated with a potential security threat to the computer network.

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: The present disclosure relates to a method and apparatus for reporting information, user equipment, and a computer readable storage medium. In the present disclosure, the method of reporting information includes: receiving downlink data of a data radio bearer (DRB) enabled with an integrity protection function and performing an integrity verification on the downlink data of the DRB; and triggering an integrity-verification-failure-related-information reporting in response to that the integrity verification fails, where the integrity-verification-failure-related-information includes one or more of parameters: location information of the UE, a failure indication type of IntegrityVerificationFailure, indication information of a triggering way to trigger the integrity-verification-failure-related-information reporting, and a number of integrity verification failures.

Abstract: This disclosure provides methods, devices and systems that facilitate mobility of wireless communication devices configured for multi-link operation (MLO). Particular aspects more specifically relate to facilitating fast basic service set (BSS) transitions by wireless communication devices that support MLO. For example, some aspects provide support for station (STA) multi-link device (MLD) roaming between access point (AP) MLDs, from an AP MLD to a non-MLO AP, or from a non-MLO AP to an AP MLD. In some aspects, a STA MLD may be configured to use a medium access control (MAC) service access point address (MAC-SAP address) of the AP MLD when re-associating or communicating with a legacy AP or with an AP MLD. In such aspects, the MAC-SAP address may be used by all STAs of the non-AP MLD for fast BSS transitions.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: There is provided a method that comprises receiving one or more unique passwords for identifying respective one or more user devices of the wireless local area network; associating the one or more unique passwords with the respective one or more user devices and storing the one or more unique passwords to a database; in response to receiving, at an access point of the wireless local area network, a connection request from a user device, requesting, from the user device, a unique password of the user device; and identifying the user device based on the unique password.

Abstract: A non-transitory computer-readable storage medium storing a program that causes a processor included in an authorization server to execute a process, the process includes storing an association relationship between a plurality of users who are owners of data, and a consent portal with which each of the plurality of users performs user registration, when consent of a user to access to data of a first condition is asked for by a client, detecting a target user who is an owner of data that matches the first condition, extracting a consent portal with which the target user performs user registration, from the association relationship, and obtaining an intention of consent or non-consent to access to the data, from the target user by using the extracted consent portal, and controlling an access by the client to data in the resource server, in accordance with the obtained intention.

Abstract: A detection device runs a first sample file in a first virtual operating environment, when the first sample file sends a first Hypertext Transfer Protocol (HTTP) request to a server, the detection device obtains an identifier of the first sample file and a first data flow identifier correspondingly from the first HTTP request. The detection device obtains a second data flow identifier and a second sample file carried in subsequently transmitted data flow. If the second data flow identifier is the same as the first data flow identifier in the correspondence, the detection device determines that the second sample file is a subsample file of the first sample file, detects the second sample file to obtain a detection result of the second sample file, and determines, based on the detection result of the second sample file, that the first sample file is a malicious file.

Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.

Abstract: Modeling techniques to classify data sets containing personal identifiable information (PII) comprising identifiers are provided. In one technique, multiple data sets are identified, each data set containing identifiers that were generated by a computer system and that qualify as PII of a known identifier (ID) type. For each of the multiple data sets, a model is generated based on that data set and added to a set of models. A target data set that contains identifiers that were generated by the computer system and that qualify as PII of an unknown ID type is identified. A target model is generated based on the target data set. For at least one model in the set of models, a similarity operation of that model and the target model is performed. Based on the similarity operation, it is determined whether to associate the ID type of that model with the target data set.

Abstract: Disclosed is user authentication. A user authentication method includes receiving a plurality of images including at least one object, extracting biological information from the plurality of images, performing user authentication based on a difference between the extracted biological information and biological information of a user stored in a memory, and updating a parameter of a learning model for the user authentication when a result of the execution of the user authentication satisfies a preset condition. The mobile terminal and the AI system of the present disclosure may be associated with an artificial intelligence module, a drone (or unmanned aerial vehicle (UAV)), a robot, an augmented reality (AR) device, a virtual reality (VR) device, a device related to 5G service, etc.