Abstract: System and methods are disclosed for organizations to run a test against an active directory list to see if any user-provided passwords have been part of an existing data breach. Utilizing information from such a test identifies users that have weak passwords, reused passwords or shared passwords that have been associated with an earlier breach. With this information, the organization can seek to reduce risk by training staff for this specific issue in a timely and appropriate manner to significantly reduce the risk of a future breach by those identified users. Training can be customized and targeted at those users who attempt to use passwords that have been associated with a breach (either of their own account or of another account on the same or related domain.

Abstract: GTP firewall service to block or allow GTP-C v1 messages from specific SGSN/GGSN and GTP-C v2 messages from specific SGW/PGW to prevent fraudulent activity occurring from any specific serving node or home node. GTP Traffic from specific SGSN (3G) or SGW (4G) can be blocked going to specific home operator, including 3G GSM to 4G LTE and 4G LTE to 3G GSM protocol interoperability provided by GTP Firewall. Individual Information Elements within GTP-C v1 and GTP-C v2 messages will be monitored based on home and serve operator configuration as well as GTP messages and Information Elements mapped from GTP-C v1 to GTP-C v2 for 3G GSM to 4G LTE interoperability and GTP-C v2 to GTP-C v1 for 4G LTE to 3G GSM interoperability.

Abstract: The disclosed technology is generally directed to security technology. In one example of the technology, it is determined that an attempted function associated with an application has at least one requirement including at least particular security credentials for a user of the application. A transaction is caused to be sent to each node in a permissioned blockchain that stores an access level block corresponding to the user. The transaction is associated with a real-time determination as to whether the at least one requirement for the attempted function is met. A transaction result is received from the permissioned blockchain. The attempted function is selectively allowed based on the transaction result.

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.

Abstract: There is provided a method for privacy protection including: identifying an API request being related to a tracking service; generating and sending a predetermined number of initial requests to the tracking service when processing the API requests to the tracking service; storing the initial requests and respective responses related to the initial requests from the API in a database; analysing body objects of the stored initial requests and respective responses and generating a dynamic response recipe on the basis of the analysis; and generating a response including a response body acceptable by the tracking process on the basis of the generated dynamic response recipe.

Abstract: A base key that is stored at a device may be received. A network identification may further be received. A device identification key may be generated based on a combination of the network identification and the base key. Furthermore, the device identification key may be used to authenticate the device with a network that corresponds to the network identification.

Abstract: An always-listening-capable computing device is disclosed, comprising: a first electronic sensor configured to receive user input, a second electronic sensor configured to receive a signal indicating that a user depressed a physical button, a gate-keeping module implemented by a processor, wherein data from the first electronic sensor passes through the gate-keeping module while a gatekeeping function is disabled, no data from the first electronic sensor passes through the communications module while the gatekeeping function is enabled, all data input to the gate-keeping module is received via an exclusive input lead from the first electronic sensor, and all data output from the gate-keeping module is transmitted via an exclusive output lead to a component other than the first electronic sensor. The device receives the signal indicating that the user has depressed the physical button; and enables or disables a functionality of a second computing device.

Abstract: A digital identity management method based on a blockchain-based technology is provided. In some exemplary embodiments, the method comprises: performing a first process for storing identity identification information of a subscription request in a first block of a blockchain in response to the subscription request from a service request device and then obtaining a block hash value of the first block as a result of performing the first process, performing a second process for storing the block hash value of the first block and data of authentication information of the subscription request in a second block of the blockchain and then obtaining a block hash value of the second block as a result of performing the second process, and inserting the block hash value of the second block into a digital identity data structure as a result of processing the subscription request.

Abstract: Methods and systems are provided for configurable and non-invasive protection of private information in a user input to a software application that handles real-time information. A method includes detecting, by a filter in real-time, private information in the user input. The method further includes forming, by the filter, a filtered user input from the user input, by maintaining non-private information from the user input in the filtered user input, extracting and encrypting the private information in the user input and attaching the encrypted private information to the filtered user input, and replacing the private information in the user input with unique identifiers in the filtered user input. The unique identifiers are configured to be exploitable by the software application to achieve an intended function of the software application for the user. The method also includes transmitting, by a communications redirector, the filtered user input over a communication channel.

Abstract: Examples associated with printer encryption are described. One example printer includes a data store to store a one-time pad. An encryption module may encrypt a message using the one-time pad. The encryption module also transmits the encrypted message to a trusted device that stores a copy of the one-time pad. A decryption module uses the one-time pad to decrypt a received message form the trusted device. The decryption module also controls the printer to perform an action based on the received message. A refresh module replaces the one-time pad during a service event.

Abstract: Systems and methods are disclosed for utilizing sender-recipient pair data to establish sender-level trust in future communication. One method comprises receiving raw communication data over a network and testing the received raw communication data against trained machine learning data to predict whether the raw communication data is associated with expected communication data. The raw communication data is sorted for expected communication data, which is further analyzed for sender-recipient pair data and assigned an expected communication pair data score. Senders associated with an expected communication pair data score that meets or exceeds a threshold are labeled and stored in a database as trusted. As a result of the sender-recipient pair analysis, recipients at-risk for being scammed can be identified, senders misidentified as spammers can be properly classified, and machine learning techniques utilized for analyzing raw communication data can be fine-tuned.

Abstract: System and method using distance bounding to provide security in fine timing measurement (FTM) communications including authenticating a prover device at a verifier device, including: transmitting from a verifier device, through the wireless interface, a sequence of challenge bits for a prover device, each challenge bit being transmitted in a respective FTM frame; receiving, at the verifier device, FTM acknowledgment frames; determining, for at least some of the received FTM acknowledgement frames, respective round trip time (RTT) measurements; determining, for at least some of the received FTM acknowledgement frames, whether the included response bit matches a predicted response bit; and authenticating the prover device based on the determined RTT measurements and the determined response bit matches.

Abstract: Phishing enhancement and phishing detection enhancement technologies. The technologies can include determinations of an effectiveness rate of one or more phishing threat actors. The technologies can also include selection of effective URLs from at least one effective phishing threat actor. The technologies can also include generation or adjustment of a phishing system using a machine learning process to identify patterns in the selected effective URLs that enable the selected effective URLs to avoid detection by the phishing detection system. The technologies can also include generation of synthetic phishing URLs using the phishing system and the identified patterns. The technologies can also include adjustments or training of the phishing system or the phishing detection system according to the synthetic phishing URLs to enhance the systems.

Abstract: A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. The physical card may include disposed thereon a single address operable to receive digital bearer assets in one or more transactions on a decentralized computing platform, like a blockchain-based decentralized computing platform. Other decentralized computing platforms utilize different address generation protocols, thus preventing use of a single address on those other platforms. A set of addresses is generated, each address corresponding to a given decentralized computing platform. Each address is based on a same underlying key-pair, and a primary address is selected from the set for a given card. The remaining addresses in the set are stored, without storage of the public key or private key, and returned in a response to a request for additional addresses of the currency card.

Abstract: An information processing system includes a first apparatus, a second apparatus, and a management apparatus, in which the first apparatus includes a unit that notifies the management apparatus of a first state of the first apparatus regarding information security requirements, the second apparatus includes a unit that notifies the management apparatus of a second state of the second apparatus regarding the information security requirements, and the management apparatus includes an issue unit that issues transmission permission for transmission of an encrypted document from the first apparatus to the second apparatus related to a request for transmission permission in a case where both of a first state sent from the first apparatus which is the transmission source and a second state sent from the second apparatus which is the transmission destination satisfy the information security requirements in response to the request for transmission permission from the first apparatus.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for processing of data in an intermediary server. Data is received from an Internet of Things (IoT) enabled device. The data includes a readable header and an encrypted payload. An opaque algorithm is selected to process the payload, based on information contained in the header of the data. The selected opaque algorithm processes the encrypted payload of the data, wherein the opaque algorithm is invisible to the intermediary server. The processing includes: decrypting the encrypted payload, applying the opaque algorithm to the decrypted payload, and encrypting the results from processing the decrypted payload by the opaque algorithm. A new readable header is added to the encrypted results. The data, including the new readable header and the encrypted results, is forwarded to a different server, based on the information in the new readable header.

Abstract: A system includes mode division multiplexing (MDM) processing circuitry for applying an orbital angular momentum (OAM) to each of a first group of a plurality of input signals and multiplexing the OAM processed signals together. Second processing circuitry performs wavelength distribution multiplexing (WDM) on a second group of the plurality of input signals, wherein the WDM processed signals and the MDM processed signals are orthogonal to one another. Combining circuitry combines the WDM processed signals and the MDM processed signals. Polarization processing circuitry adds polarization to at least one of the WDM processed signals, and the MDM processed signals and a transmitter transmits the combine and polarized processed signal over a link.

Abstract: A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. The physical card may include disposed thereon a single address operable to receive digital bearer assets in one or more transactions on a decentralized computing platform, like a blockchain-based decentralized computing platform. Other decentralized computing platforms utilize different address generation protocols, thus preventing use of a single address on those other platforms. A set of addresses is generated, each address corresponding to a given decentralized computing platform. Each address is based on a same underlying key-pair, and a primary address is selected from the set for a given card. The remaining addresses in the set are stored, without storage of the public key or private key, and returned in a response to a request for additional addresses of the currency card.

Abstract: Described is an approach for an improved method, system, and computer program product that performs zero-knowledge proof of knowledge of user identification and/or authentication for a decentralized, trustless storage and management of user identification and/or authentication using one or more distributed ledger systems.