Abstract: A plurality of clustered files is received. A first tile included in the plurality is selected and loaded into a suffix array. A chunk is located in a second file that is also present in the first file. A determination is made that the located chunk is present in a threshold number of additional files included in the plurality of clustered files. A signature is generated for the plurality of clustered files at least in part by using the chunk.

Abstract: Disclosed herein are systems and methods for optimizing antivirus scanning of files on virtual machines. In one aspect, an exemplary method comprises, determining whether there is a record about a file in a verdict cache, when there is, assigning the verdict found in the verdict cache to the file, and when no record is found in the verdict cache, determining whether the file is currently being scanned in a parallel thread, when the file is currently being scanned in a parallel thread, blocking the scanning of the file until the scanning in the parallel thread is completed, and placing a result of the scanning in the parallel thread in the verdict cache, and when the file is not currently being scanned in a parallel thread, performing the scanning of the file on a current thread, and placing a result of the scanning on the current thread in the verdict cache.

Abstract: A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or m

Abstract: A vehicular electronic device hacking test apparatus includes a transmitter, a receiver, and a processor configured to classify a communication-connection procedure into a plurality of states based on a preset communication protocol, to generate a mutated packet appropriate for the plurality of states, and to transmit a vehicular electronic device through the transmitter, and to determine whether the vehicular electronic device is vulnerable to hacking based on whether a reception packet corresponding to the mutated packet is received through the receiver.

Abstract: An apparatus and method is disclosed for the secure access to field instruments. An interface device that includes a built-in firewall, is communicatively coupled between the device manager of an industrial automation process control system and a network of field instruments. The interface device includes at least one processor configured to execute instructions that provides a firewall for the one or more field instruments by blocking one or more user selected commands from being sent to the field instruments from the device manager.

Abstract: A method assigns a particular rule for a previous client to a new client for use in executing a security feature on a computer system used by the new client. One or more processors match a new client profile for the new client to a previous client profile for the previous client. The new client profile is based on types of one or more client assets of the new client and an intrusion detection alert history of the new client. The processor(s) assign the particular rule for the previous client to the new client based on the new client profile matching the previous client profile. The processor(s) receive information indicating that a violation of the particular rule has occurred, and execute a security feature of the computer system used by the new client in order to resolve the violation of the particular rule.

Abstract: Monitoring a process in a trusted execution environment (TEE) to identify a resource starvation attack. A first monitor executing outside of a first TEE determines that a first process is executing in the first TEE. The first monitor makes a determination that the first process is being denied resources necessary for execution of the first process. The first monitor sends an indication indicating that the first process is being denied resources necessary for execution of the first process.

Abstract: A method for managing portable data carriers in a system having at least one portable data carrier, an authentication server, and several service providers systems each including reading devices and a service provider unit. The reading devices may request an authentication information item of the data carrier and relay the authentication information item to the authentication server. The authentication server may authenticate the data carrier on the basis of the authentication information item and establish an application identity associated with the data carrier in the service provider system with the help of the security identity The established application identity associated with the data carrier may be transmitted from the authentication server to the reading device of the service provider system.

Abstract: Embodiments of systems and methods as disclosed herein may determine that an initiator of a communication on a distributed computer network is an automated script or the like. More particularly, in one embodiment, a web page including a hidden field may be generated in response to a request for the web page. This hidden field is a field included in the web page that is not visible to a human user when the web page is rendered by a browser and presented to the user. By comparing a received value for such a hidden field with an associated value for the hidden field as provided in the web page, the use of an automated script may be detected.

Abstract: In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.

Abstract: The present disclosure provides systems and methods to stepwise increasing the IT security of elements of a technological system. In an exemplary aspect, the method comprises gathering data on technological systems and a plurality of elements comprising the technological system by intercepting traffic between the plurality of elements using data exchange protocols, identifying vulnerable elements of the technological system by one or more of: detecting suspicious actions on the vulnerable elements and statistical data relating to the elements, analyzing the vulnerable elements to generate a classification of severity of vulnerabilities of the vulnerable elements, identifying most vulnerable portions of the vulnerable elements as compared to other elements in the vulnerable elements, operating the most vulnerable portions of the vulnerable elements in a protected environment.

Abstract: A determining apparatus performs emulation of an attack code included in an attack request that is addressed to a web application (web server), based on the attack type of the attack code, and extracts a feature that appears in a response issued by the web application when the emulation results in a successful attack. The determining apparatus determines that the attack has succeeded if the feature is included in a response from the web application, and determines that the attack has failed if the feature is not included.

Abstract: An optical electromagnetic radiation (EM) emitter and receiver are located upon a printed circuit board (PCB) layer and are optically connected to an optical security pathway that is between a pair of signal traces. A predetermined reference flux is determined, the reference flux being the expected EM transmitted by the optical security pathway and received by the receiver. When the PCB is subject to an unauthorized access thereof (e.g., drilled, sawed, cut, etc.), the optical EM transferred by optical security pathway is altered. An optical monitoring device that monitors the flux of the optical EM received by the receiver detects a change in flux, in relation to the reference flux, and passes a tamper signal to one or more computer system devices to respond to the unauthorized access. For example, one or more cryptographic adapter card or computer system functions or secured crypto components may be disabled.

Abstract: An identity of a user may be verified using a computer-implemented identification. User-specific sensor data arising through use of the portable computer by the user is collected from sensors of a portable computer. A user profile is prepared based on the user-specific user data. Current sensor data is read in, from the sensors, representative of current usage of the portable computer. The current sensor data is compared with the user profile. The identity of the user is confirmed responsive to the current sensor data corresponding to the user profile.

Abstract: An information processing apparatus including at least one device, and circuitry to perform at least one process using the at least one device, which controls access to each device from each process based on access restriction information for setting an access restriction to each device from each process, acquires diagnostic information from each device, detects an abnormal access to a particular device from a particular process based on the diagnostic information, and modifies the access restriction information to prohibit access to the particular device from the particular process when the abnormal access is detected.

Abstract: Latency can be reduced within a network associated with a wireless service provider when detecting threats to the network. Instead of detecting threats before delivering data, data can be delivered to a computing device while threats to the network are detected. When data is received, as received data, at the network, a copy of the data can be provided to a threat detection component, while the received data can further be provided to the target computing device based on the current policies. The time it takes the threat detection component to examine the data and detect a possible threat to the mobile network does not impact the delivery of the data. Instead, the received data is provided to the target computing device while the threat detection component examines the data to identify any possible threats. The threat detection component signals a node within the network when a threat is detected.

Abstract: An apparatus, and a method therefore, are described, the apparatus according to one embodiment including a security manager and a plurality of clusters of processing elements. Each cluster of the plurality of clusters includes a respective plurality of processing elements. A controller of the apparatus, which may include a security manager, may be configured to control the plurality of clusters to receive a first data stream and a second data stream, control a first plurality of processing elements in a first cluster to process the first data stream using a first security protocol, and control a second plurality of processing elements in a second cluster to process the second data stream using a second security protocol.

Abstract: The present disclosure generally relates to systems and methods that provide a network environment that enables reassignment platforms to provide authentic access rights for reassignment to user devices. More specifically, the present disclosure relates to systems and methods in which a reassignment platform can execute a protocol implemented using code (e.g., an Application Programming Interface (API)) to validate the authenticity of access rights made available for reassignment, and once reassigned, reissue the access rights to a new user and transmit those access rights to user devices natively in a mobile application.

Abstract: Systems and methods are described herein for providing a telecommunications network, such as a wireless network, LTE (Long Term Evolution) network, and so on, with blockchain nodes, agents, or sub-nodes. The blockchain nodes enable network components to access and maintain a blockchain for the network, such as a distributed ledger that tracks actions, activities, or other transaction associated with the telecommunications network.

Abstract: To keep safety of a network and to facilitate connection to the network. An information processing apparatus comprises a communication unit and a control unit. The communication unit is directed for receiving a connection authentication request from a new device other than a plurality of devices configuring a network in which the plurality of devices make wireless communication on a one-to-one basis to be mutually connected. Further, the control unit is directed for transferring the connection authentication request to the plurality of devices in a case of receiving the connection authentication request, and for performing control to permit the new device to connect to the network on the basis of the responses to the connection authentication request from the plurality of devices.