Abstract: Aspects of the present disclosure involve systems and methods computing devices to access a public network posing as a user to the network to detect one or more malware programs available for downloading through the network. More particularly, a malware detection control system utilizes a browser executed on a computing device to access a public network, such as the Internet. Through the browser, sites or nodes of the public network are accessed by the control system with the interactions with the sites of the public network designed to mimic or approximate a human user of the browser. More particularly, the control system may apply the one or more personality profiles to the browser of the computing device to access and interact with the nodes of the public network. Further, the control system may monitor the information retrieved from the network sites to detect the presence of malware within the nodes.

Abstract: A system and method for secure authentication of user entity and user entity device identity. The system and method described herein allows an identity to be continuously proven because of user entity's behavior and their biometrics. With all the fraud and risk that exists today, if someone has a user entity's driver's license they can do a lot of harm. A primary identity provider passes user contextual and behavioral information to third party secondary identity providers to allow risk based continuous authentication and step up post-authorization authentication or termination of session as required upon detection of an anomaly.

Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

Abstract: A secure indoor positioning device, system and method. A mobile electronic device is detected entering into proximity of a stationary electronic device. In response, a plurality of secure session parameters is negotiated via two-way wireless communication between the stationary electronic device and the mobile electronic device. One or more of the negotiated plurality of secure session parameters is communicated to one or more other stationary electronic devices. At one or more of the plurality of stationary electronic devices, secure messages broadcasted by the mobile electronic device are received. These messages are decrypted or authenticated using one or more of the negotiated secure session parameters and are used to determine a position of the mobile electronic device.

Abstract: Method for pairing a Wi-Fi type terminal with a Wi-Fi type access point connected to a display unit, the pairing method comprising the steps, implemented by the access point, of: detecting the presence of a terminal; detecting whether the terminal is located near the access point; if the presence of the terminal near the access point is detected, displaying a message proposing to pair the terminal to the access point on the display unit; when a pairing acceptance signal is received, displaying a pairing information message on the display unit providing assistance for pairing the terminal with the access point.

Abstract: A wireless communication network includes a plurality of first electronic devices configured for wireless communication, at least one second electronic device configured for wireless communication, and at least one access point configured to wirelessly receive client data from, and transmit network data to, the plurality of first electronic devices and the at least one second electronic device. The wireless communication network further includes a virtual private wireless communication sub-network that includes the plurality of first electronic devices and excludes the at least one second electronic device. The virtual private wireless communication sub-network is configured to enable each of the plurality of first electronic devices to automatically connect with the wireless communication network.

Abstract: Systems and methods are for securing link aggregation are provided. According to an embodiment, a network device in a secure domain discovers device information associated with a peer network device in an untrusted domain that is connected through a first link directly connecting a first interface of the network device to a first interface of the peer network device, and authenticates the peer while allowing at least some network traffic to continue to be transmitted through the first interface. The network device establishes a secure session between the network device and the peer over the first link when the peer network device is successfully authenticated. The network device then allows the first link to operate as part of a single aggregated logical link, including a second link coupling a second interface of the network device to a second interface of the peer network device.

Abstract: A method and device for pairing a terminal with an access point of a wireless communication network, the network including access points or executing access points, the executing access points coordinate in a centralised manner by an access point fulfilling the manager function, or managing access point. The method includes: —a message received from an executing access point including information that a terminal wishes to pair with the access point; —for each executing access point, information is obtained representing at least one time slot wherein the executing access point is authorised to establish a WPS pairing session with the new terminal, each time slot being separate from the other; —a message is sent to each executing access point including at least the information representing the at least one time slot wherein the executing access point is authorised to establish a WPS pairing session with the new terminal.

Abstract: The techniques described herein may provide an efficient and secure two-party distributed signing protocol for the identity-based signature scheme described in the IEEE P1363 standard. For example, in an embodiment, a method may comprise generating a distributed cryptographic key at a key generation center and a first other device and a second other device and generating a distributed cryptographic signature at the first other device using the second other device.

Abstract: Techniques for efficient messaging client communication are described. In one embodiment, an apparatus may comprise a client front-end component of a messaging server operative to receive a protocol connect packet from a messaging client, the protocol connect packet initiating a client authentication process with the messaging client; and receive a message package from the messaging client, the message package received during the client authentication process; a client authentication component operative to perform the client authentication process with the messaging client; and a client message queueing component operative to queue the message package in an authorization-holding message queue in response to the message package being received during the client authentication process. Other embodiments are described and claimed.

Abstract: A bin syncing technique ensures continuous data protection, such as replication and erasure coding, for content driven distribution of data served by storage nodes of a cluster in the event of failure to one or more block services configured to process the data. The cluster maintains information about the block services assigned to host a bin with a copy of the data in a bin assignment table associated with a state. The copies of the data are named, e.g., replica 0 (R0), replica 1 (R1) or replica 2 (R2). In response to failure of one or more block services assigned to host a bin with a replica of the data, an alternate or replacement block service may access the assignments maintained in the bin assignment table, which specify names of the replicas associated with the state.

Abstract: Aspects discussed herein relate to providing alerts to a community of devices located in or near a geographic are such as a building or property. The alerts override any alert-inhibiting state of the mobile device to deliver audio, visual, and/or haptic alerts in emergency situations. The communication and emergency alert system may be used to communicate with many different communities of people. Moreover, certain individuals may be members of more than one community at the same time, and the communities themselves may change over time based both on the user's preferences and on their physical locations. A variety of application programming interfaces can be provided to allow third-party applications to generate, transmit, and display alerts that override any alert-inhibiting state of a mobile device.

Abstract: A pause command is sent to a Subscriber Identity Module (SIM) card of a cellular device in response to detecting a cyberattack against the cellular device on the cellular network. To mitigate the cyberattack, the SIM card temporarily disconnects the cellular device from the cellular network for a pause time. The SIM card prohibits the cellular device from connecting to the cellular network during the pause time and automatically allows the cellular device to reconnect to the cellular network after the pause time.

Abstract: Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.

Abstract: Apparatuses, systems, methods, and computer program products are presented for an aggregation platform portal. A hardware computing device is configured to aggregate a user's data from a first plurality of third-party service providers over a data network for the user to access through a second plurality of third-party service providers. A portal module is configured to monitor electronic credentials of a user used by a hardware computing device to download the user's data and to detect similar electronic credentials for the same third-party service provider from a first plurality being used for multiple third-party service providers from a second plurality. A graphical user interface is configured to display a listing of multiple third-party service providers with user interface elements allowing a user to revoke authorization of aggregation of data from one or more third-party service providers and/or to update electronic credentials for one or more of multiple third-party service providers.

Abstract: An endoscope system includes a processor that performs image processing on endoscope image data acquired by an endoscope, which is inserted in a subject and observes an inside of the subject. The processor communicate with a terminal device including a transceiver configured to transmit identification information identifying the terminal device, and a controller configured to: determine whether the processor is a connection destination configured to perform two-way communication, based on the received processor identification information, authenticate whether a user of the terminal device is a predetermined registered user by analyzing data obtained by the terminal device from the user, and allow two-way communication between the processor and the terminal device in response to the processor being determined as the connection designation to perform two-way communication and in response to authenticating the user of the terminal device.

Abstract: One or more computing devices employs a method that includes requesting a transient credential (e.g., a one-time PKI certificate) as a first identity credential for an application component instance based on a unique identifier associated with the application component instance. The method includes requesting a dynamically-created second identity credential for the application component instance of the application using a request signed (e.g., using the public key of the first identity PKI certificate) based on the transient credential. The method includes receiving the dynamically-created second identity credential and using the dynamically-created second identity credential in a cryptographic function by the application component instance; and managing the replacement of this credential in environments without persistent archival storage accessible by the device/application.

Abstract: A program generation method includes extracting a control flow that represents a call/return relationship between functions as well as extracting the functions themselves from a program code, determining an importance of the extracted functions; and inserting an instruction into the program code, to properly perform the control flow based on the importance of the extracted functions. Overhead that occurs during an execution of the program execution is reducible by using control flow integrity (CFI) technique that does not depend on domains.

Abstract: Disclosed is a data communication method of a V2X communication device. The data communication method of a V2X communication device comprises the steps of: transmitting a device discovery message; receiving, from an external V2X communication device, a discovery response message for the device discovery message; and performing a security authentication authenticating a second authentication token included in the discovery response message.

Abstract: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.