Abstract: A system and method model activities in the production environment as sequences of microservices, and identify unusual activities by analyzing these sequences. In particular, a directed graph of usual activity is formed as a basis for determining unusual activities. Next, activities that were actually performed are determined by statistically analyzing records of microservice invocation in application diagnostic files. These activity sequences are overlaid on the directed graph to determine relative fit by using a trace coverage percentage score. Application instances or activities with low relative fit are deemed suspicious. If the low fit persists for an extended duration, then the instances or activities are deemed unusual and an individual is alerted to begin a manual review.

Abstract: A method comprises detecting a plurality of floating code instances associated with one or more endpoint devices of a computer network, obtaining metadata of each of the floating code instances, and generating floating code signatures for respective ones of the floating code instances based at least in part on their respective metadata. The floating code signatures are utilized to categorize one or more of the floating code instances as at least potentially malicious floating code instances. A given one of the floating code instances illustratively comprises an executable code block dynamically allocated in a memory of a corresponding one of the endpoint devices and does not include any file structure counterpart. The metadata utilized to generate the floating code signature of a given one of the floating code instances illustratively comprises at least one of image hook metadata and thread metadata of the given floating code instance.

Abstract: A method may include monitoring calls and/or traffic on a network and identifying behavior associated with each of a plurality of user devices with respect to activity on the network. The method may also include aggregating information about the behavior associated with the user devices, determining whether the aggregated information corresponds to an anomaly with respect to usage of the network and determining, when the aggregated information corresponds to the anomaly, whether the anomaly meets a threshold based on a type of anomaly and a number of user devices affected by the anomaly. The method may further include identifying, when the aggregated information corresponds to the anomaly, user devices in an area corresponding to the anomaly, generating a notification in response to determining that the aggregated information corresponds to the anomaly and transmitting the notification to the identified user devices in the area corresponding to the anomaly.

Abstract: A method for re-keying an encrypted data file, the data file being stored chunkwise on a storage entity (SE), data file chunks being encrypted with a global secret, and the method being performed by one or more computing devices, includes updating the global secret for encryption data for a data chunk to be re-keyed such that an output of a non-interactive oblivious key exchange is used to identify the private key of the data chunk to be re-keyed with a new private key, wherein the non-interactive oblivious key exchange uses an oblivious protocol; and reencrypting the data chunk to be re-keyed with the updated global secret.

Abstract: A cellular terminal detects any capability reporting trigger and responsively to such determination produces a cellular network authentication capabilities message indicative of cellular network authentication capabilities available for the terminal; and transmits the cellular network authentication capabilities message to the cellular network. The cellular network receives the network authentication capabilities message from a cellular terminal, selects a cellular authentication algorithm based on capabilities indicated by the network authentication capabilities message; and performs cellular authentication with the cellular terminal using the selected cellular authentication algorithm.

Abstract: Example implementations described herein are directed to systems and methods to accelerating the time to identify the latest snapshot that is not infected by malware and swap the snapshot for an underlying volume for a host computer without needing to communicate with the storage administrator of the storage system. In example implementations described herein, an iterative process is utilized to traverse snapshots through a storage plug-in application until such a snapshot is identified. Through the example implementations described herein, such snapshots can be identified quickly in comparison to manual selection.

Abstract: Systems and methods for multi-dimensional attestation are provided. One method for multi-dimensional attestation includes upon occurrence of a triggering event, taking triggered measurements of a platform, the platform including a security co-processor and a volatile memory; extending a platform configuration register of the volatile memory to include the triggered measurements; taking snapshots of the platform configuration register over time; storing the snapshots in a snapshot memory; and upon request, sending the triggered measurements and the snapshots to a verifier for detection of potential attacks.

Abstract: A blockchain-based infringement detection method includes: receiving a registration transaction initiated by a user, wherein the registration transaction includes key data of a work to be deposited and a contract address of a smart contract; invoking, in response to the registration transaction, a first detection logic declared in the smart contract corresponding to the contract address, extracting a feature value from work content of the work to be deposited, and matching the extracted feature value with a feature value of a deposited work in the blockchain; if the matching succeeds, further invoking a second detection logic declared in the smart contract corresponding to the contract address, matching the key data of the work to be deposited with key data of the deposited work in the blockchain, and when the matching succeeds, determining that the work to be deposited has an infringement risk.

Abstract: A cryptographic device (100) arranged to compute a target block cipher (Bt) on an input message (110), the device comprising a first and second block cipher unit (121, 122) arranged to compute the target block cipher (Bt) on the input message, and a first control unit (130) arranged to take the first block cipher result and the second block cipher result as input, and to produces the first block cipher result only if the block cipher results are equal.

Abstract: A workflow orchestration system obtains a plurality of documents for execution of a workflow on a plurality of different sub-systems. A document from the plurality of documents indicates an action to be executed by a corresponding sub-system and comprises an authorization for execution of the action by the corresponding sub-system. The authorization specified in the document can be verified by the corresponding sub-system. Based on the obtained plurality of documents, the workflow orchestration system determines whether these documents provide sufficient authorizations for execution of the workflow. If so, the workflow orchestration system executes the workflow by transmitting the documents to the corresponding sub-systems for execution of the actions specified therein.

Abstract: This application discloses a service flow control method and apparatus, to resolve an existing problem of relatively low security. The method includes: generating, by a terminal device, a service flow policy; and sending, by the terminal device, the service flow policy to a routing device, where the service flow policy is used to instruct the routing device to perform data packet filtering on a downlink data packet according to the service flow policy.

Abstract: A radio frequency (RF) communications system may include an RF transmitter having multicarrier transmitter circuitry that transmits frequency bands over a frequency range. A controller may selectively transmit real information over at least one of the frequency bands and selectively transmits fake information within the frequency range. The controller's operation is based on embedded machine learning model and real-time effectiveness feedback from built-in spectral analyzer. An RF receiver receives the real information from the RF transmitter.

Abstract: A method for secure communication with a field measuring device of process measuring technology is described and shown. Upon contact by an external communication means with a web server via a communication interface, a first authenticity check of an external communication means is carried out by the field measuring device and a second authenticity check of the external communication means is carried out. After successful completion of the first authenticity check and the second authenticity check, further communication of the external communication means with the web server is authorized by the field measuring device.

Abstract: Embodiments have a master eNB with a control plane and optional data plane to user equipment and a secondary eNB with a data plane to the user equipment. The user equipment thus uses both the master eNB and the secondary eNB for data communications while receiving control information from only the master eNB. The master eNB and secondary eNB are connected with an X2 interface. When the secondary eNB desires to refresh its security key, it informs the master eNB using the X2 interface. The master eNB then uses its control plane with the user equipment to initiate a security key refresh for the secondary eNB.

Abstract: A system and method is provided that facilitates threat impact characterization. The system may include a replica programmable logic controller (PLC) that corresponds to a production PLC in a production system and that may be configured to operate at an accelerated processing speed that is at least two times faster than a processing speed of the production PLC. The system may also include a data processing system configured to communicate with the replica PLC when executing malware infected PLC firmware and generate a simulation of the production system based on a virtual model of the production system operating at an accelerated processing speed that is at least two times faster than a processing speed of the physical production system. The simulation may include accelerated simulation of the production PLC based on communication with the replica PLC using the malware infected PLC firmware.

Abstract: The invention provides a method and system for establishing a connection between a client device of a plurality of client devices and a Wi-Fi access point of a plurality of Wi-Fi access points using a cloud platform. One or more cellular devices and one or more non-Subscriber Identity Module (non-SIM) devices of a user are registered at the cloud platform. The one or more non-SIM devices are then associated to the one or more cellular devices. Further, each Wi-Fi access point of the plurality of Wi-Fi access points is also registered at the cloud platform. A location of the client device is identified and one or more Wi-Fi access points that are closest to the client device is identified. The one or more Wi-Fi access points then authorize the client device to access the one or more Wi-Fi access points based on the information provided by the cloud platform.

Abstract: Exemplary embodiments relate to techniques for transmitting ephemeral content messages. A sending client may establish an end-to-end encrypted session with possible recipients of the message, using a first decryption key during initial session setup. The client may send an ephemeral content message, including encrypted content and a second key, to the recipients through a server. The server may be unable to retrieve the encrypted content due to a lack of the second key. The server may filter a list of intended recipients, and may forward the ephemeral content message to the recipients on the filtered list. The recipients may retrieve the second key from the message, and use the first and second keys to decrypt the encrypted content. The sending client may change the second key each time the recipient list changes from the perspective of the sending client, as determined at the time the ephemeral content message is transmitted.

Abstract: Instrumentation codes are inserted into predetermined portions of a bytecode. Every transaction referenced in the bytecode is virtually combined and arranged hierarchically to describe a virtual transaction stack describing the computer-based resources accessed during the transaction. Based at least on the origin of the transaction, the characteristics of the transaction and the computer-based resources accessed during the transaction, the sensitivity of the transaction, and the security context of each of the computer-based resources accessed during the transaction are determined. A policy store is searched for at least one access control policy referencing the transaction, or the computer-based resources requested accessed by the transaction. If such an access control policy is found, it is selectively modified to refer exclusively to the transaction and the corresponding sensitive computer-based resources.

Abstract: A method of establishing security monitoring functionality on a device on retail display includes obtaining, by a processor of a server computer, a mobile device management (MDM) startup message from the device, determining, by the processor, whether the device is enrolled for MDM supervision, and if the device is enrolled for the MDM supervision, downloading, by the processor to the device, configuration data to support the MDM supervision and implementation of the security monitoring functionality.

Abstract: Embodiments of the present invention provide a system for rapid bandwidth access deployment across multiple entities for secure, expedited bandwidth provisioning for entity connectivity. In this way, the invention provides a private, secure 5G connectivity network to generate specific remote points of connectivity for entity to entity connections. The 5G network may allow any user within the entity with authentication to connect from any random point-to-point faster, with much more time to transmit using an existing wave length within the 5G technology. Furthermore, in some embodiments, the system may provide a dedicated bandwidth pipeline that provides trades or communications within milliseconds for the entity users. This may be provided via a geographical location or the like and allow for 5G provisioning and presentment for faster than a traditional fiber based connectivity desired for entity communications.