Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive data in a data flow, extract a data visa from the data flow, wherein the data visa is related to the data, and determine a reputation of the data from the data visa. The data visa can include reputation determination information obtained by previous network elements in the data flow. In addition, the electronic device can update the data visa, and communicate the updated data visa and data to a next network element in the data flow.

Abstract: In a messaging server, processing circuitry receives a network packet that encapsulates a user message from a wireless User Equipment (UE) over a wireless communication network. In response to the network packet, the processing circuitry transfers the user message to ledger circuitry in the messaging server. The ledger circuitry executes a distributed ledger transaction based on a source domain and a destination domain in the user message. The ledger circuitry transfers the user message to the processing circuitry after the distributed ledger transaction. The processing circuitry receives the user message from the ledger circuitry and generates a new network packet for delivery to the destination domain that encapsulates the user message. The ledger circuitry transfers the new network packet that encapsulates the user message for delivery to the destination domain.

Abstract: Described are methods and systems to identify unauthorized attempts to access an account in a computer system, the account having an authorized user. The methods and systems include determining that a count of failed attempts to access the account exceeds a maximum. Based on the count exceeding the maximum, one or more peer contacts associated with the authorized user are retrieved from stored user data. A failure attribution request is transmitted to the one or more peer contacts and a response is received from at least one of the one or more peer contacts. If the response denies that the authorized user caused the failed attempts, then a security action is taken with respect to the account. The method may include first confirming that the number of failure attributions requests sent has not exceeded an abuse threshold to prevent denial-of-service attacks.

Abstract: Embodiments are directed to techniques for secure network connectivity. The techniques including a system having a credential server storing a Personal-Public (PP) Service Set Identifier (SSID) profile configured according to registration information provided from a personal computing device. The system further including a Wireless Access Point (WAP) communicatively coupled to the credential server and configured to implement a PP SSID connection using the PP SSID profile to create a single-device, single-use, password-protected, unadvertised, and encrypted networking channel between the personal computing device and the Internet.

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Abstract: The present disclosure is directed to systems and methods for clientless virtual private network (VPN) roaming with 802.1x authentication and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more components to perform operations including, receiving, at a local proxy, an 802.1x communication including authentication information from a remote device wirelessly connected to a visited network, wherein the remote device requests access to an enterprise network; authenticating the remote device with the enterprise network using the authentication information; establishing an encrypted tunnel between the visited network and the enterprise network; and transmitting data between the remote device and the enterprise network through the encrypted tunnel.

Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.

Abstract: Systems, methods, and media for detecting the presence of return-oriented programming (ROP) payloads are provided, comprising: identifying a potential gadget address space; determining if a piece of the data corresponds to an address of the potential gadget address space; and in response to determining that the piece of the data corresponds to an address of the potential gadget address space: determining whether a plurality of operations, each associated one of a plurality instructions beginning at the address, indicates that an ROP payload is present in the data, and indicating that an ROP payload is present in the data in response to making a determination that a plurality of operations indicates that an ROP payload is present in the data a given number of times.

Abstract: A device for detecting nefarious communication signals in a vehicle includes a detection support logic, a nefarious logic, a filtering circuit, and a microcontroller. The device receives a measurement signal from the detection support logic. The device determines a characteristic of an alternating current (AC) signal during communication at a first time on a wiring harness of the vehicle based on the measurement signal. The device determines the characteristic of the AC signal at a second time based on the measurement signal. The device determines that the characteristic measured during the first time differs from the characteristic measured during the second time. The device transmits a blocking signal to the nefarious logic to filter a frequency band of a communication conductor of the wiring harness in response to the determination that the characteristic measured during the first time differs from the characteristic measured during the second time.

Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

Abstract: Apparatuses, systems, methods, and computer program products are presented for aggregation platform permissions. A hardware computing device is configured to aggregate a user's data from a first plurality of third-party service providers over a data network for the user to access through a second plurality of third-party service providers, the hardware computing device comprising a trusted intermediary between the first plurality of third-party service providers and the second plurality of third-party service providers. A permissions module is configured to monitor which of a second plurality of third-party service providers have access to which portions of data from which of a first plurality of third-party service providers. A graphical user interface is configured to display one or more user interface elements allowing a user to grant and/or revoke access to portions of data from a first plurality of third-party service providers individually to a second plurality of third-party service providers.

Abstract: Apparatuses, systems, methods, and computer program products are presented for aggregation platform permissions. A hardware computing device is configured to aggregate a user's data from a first plurality of third-party service providers for the user to access through a second plurality of third-party service providers. A permissions module is configured to monitor which of a second plurality of third-party service providers have access to which portions of data from which of a first plurality of third-party service providers. A graphical user interface is configured to prompt a user with one or more user interface elements allowing the user to grant and revoke access to portions of data from a first plurality of third-party service providers individually to a second plurality of third-party service providers in response to an individual third-party service provider from the second plurality of third-party service providers requesting access to portions of the data.

Abstract: Method and system for issuing public key infrastructure (PKI) certificates in a peer-to-peer wireless communication network, comprising generating, at a first certificate authority (CA) node in the peer-to-peer communication network, a PKI certificate based on public key information received from an applicant node in the peer-to-peer wireless communication network; and transmitting the PKI certificate generated by the first CA node to the applicant node using the peer-to-peer wireless communication network.

Abstract: Systems and method are provided for mitigating hacking of restricted access telecommunication services. In response to an authentication response from a user device, an authentication failure type and authentication failure frequency may be determined. Based on the authentication failure type and authentication failure frequency, the user device is blocked from accessing the telecommunication service for a predetermined period of time, preventing the service from being congested by recurring unauthorized users.

Abstract: Methods and devices are provided for uploading driving data to a blockchain network. The method is executed at a vehicle node in the blockchain network and includes: packing driving data of the vehicle node within a predetermined time interval every predetermined time interval to obtain a vehicle data packet of the vehicle, and storing the vehicle data packet locally in the vehicle node; broadcasting the vehicle data packet to other vehicle nodes located nearby and in the blockchain network for the other vehicle nodes to receive and store; receiving and storing other vehicle data packets broadcast by the other vehicle nodes located nearby and in the blockchain network; and when connecting to a fixed node that belongs to the blockchain network, synchronizing the vehicle data packet and the other vehicle data packets as stored to the fixed node, wherein the fixed node participates in the consensus of the blockchain network.

Abstract: A method for remote access includes obtaining, by a virtual private network (VPN) server, trust data of a user accessing a first network; determining, by the VPN server, a first trust level corresponding to the trust data according to a first correspondence, wherein the first correspondence comprises the trust data and the first trust level; determining, by the VPN server, a first access zone of the first network corresponding to the first trust level according to a second correspondence, wherein the second correspondence comprises the first trust level and the first access zone; and establishing, by the VPN server, a first VPN connection between a device used by the user and the first access zone.

Abstract: Some embodiments of the invention provide a method for a first security controller that performs security operations on the packets that are transmitted within a network. The method of some embodiments receives a packet from a forwarding element in the network based on a decision made by a security agent that operates along with the forwarding element. When the first security controller stores a security rule for the packet, the method processes the packet according to the stored security rule. When the first security controller does not store a security rule for the packet, the method (i) determines that a second security controller stores a security rule for the packet based on a set of header values of the packet, and (ii) sends the packet to the second security controller for security processing according to the security rule for the packet stored on the second security controller.

Abstract: Apparatuses, systems, methods, and computer program products are presented for aggregation platform permissions. A hardware computing device is configured to aggregate a user's data from a first plurality of third-party service providers for the user to access through a second plurality of third-party service providers. A permissions module is configured to monitor which of a second plurality of third-party service providers have access to which portions of data from which of a first plurality of third-party service providers. A graphical user interface is configured to display one or more user interface elements allowing a user to grant and/or revoke access to portions of data from a first plurality of third-party service providers individually to a second plurality of third-party service providers and an interface to update a password that the second plurality of third-party service providers uses to access the user's data from the first plurality of third-party service providers.

Abstract: Apparatuses, systems, methods, and computer program products are presented for aggregation platform permissions. A hardware computing device is configured to aggregate a user's data from a first plurality of third-party service providers over a data network for the user to access through a second plurality of third-party service providers. A permissions module is configured to monitor which of a second plurality of third-party service providers have access to which portions of data from which of a first plurality of third-party service providers. A graphical user interface is configured to display one or more user interface elements allowing a user to grant and/or revoke access to portions of data from a first plurality of third-party service providers individually to a second plurality of third-party service providers and indications of whether the second plurality of third-party service providers have valid electronic credentials for the first plurality of third-party service providers.

Abstract: In accordance with one or more embodiments described herein, a method is provided. The method includes receiving a request to assume control of a vehicle generated by a candidate operator via a first communication pathway. The method obtains a key from an onboard controller of the vehicle and communicates the key to the candidate operator via a second communication pathway that is different from the first communication pathway. The method determines the candidate operator to be a confirmed operator based at least in part on obtaining the key from the candidate operator via the first communication pathway.