Abstract: A system and a method are disclosed for authenticating a user of a mobile device using Unstructured Supplementary Service Data (“USSD”) protocol. The mobile device generates a One-Time Password (“OTP”) code and sends that OTP code to a telecommunications server that forwards the content of the USSD message to the application server using an included short code. The OTP code is also sent out to the application server outside of the USSD protocol. When the application server receives both transmissions, the application server compares the OTP codes of these transmissions and determines whether the codes match. If the OTP codes match, the application server determines that authentication is successful and transmits an authentication token to the mobile device that is used to secure communications between the mobile device and the application server.

Abstract: The present embodiments relate generally to systems and methods for securing operation of an ultrasound scanner for use with a multi-use electronic display device. In some embodiments, the multi-use electronic display device can control whether the ultrasound scanner is permitted to generate ultrasound image data for display based on an institution affiliation status of the ultrasound scanner retrieved from a server. In some embodiments, the multi-use electronic display device can control whether the ultrasound scanner is permitted to generate ultrasound image data for display based on whether a digital certificate provided by a server is successfully validated.

Abstract: A method includes applying, by a computer, supervised machine learning to classify a network device that is associated with a security event occurring in a computer system based on data representing features of the network device. The security event is associated with a potential security threat to the computer system, and the classification of the network device by the supervised machine learning is associated with a confidence. The technique includes, in response to the confidence being below a threshold, applying an active machine learning classifier to the data to learn a classification for the data and using the classification learned by the active machine learning classifier to adapt the supervised machine learning to recognize the classification.

Abstract: The present disclosure provides a communication apparatus comprising a cryptographic circuitry which, in operation, uses a shared cryptographic secret Key and a cryptographic salt to generate a cryptographically encoded Message Integrity Code (MIC) that is computed over the address field of a Wake Up Radio (WUR) frame; and a transmission signal generator which, in operation, generates a secure WUR signal by replacing the address field of the WUR frame with the MIC; and a transmitter which, in operation, transmits the secure WUR signal.

Abstract: A computer-implemented method, in which an access request in relation to data is received. There is Error Correcting Code (ECC) data relating to the data, and the ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. The ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. A first integrity verification verifies the integrity of at least the data. If the first integrity verification procedure fails, an error analysis procedure is performed based on the data and the ECC data. Responsive to generation of corrected data by the error analysis procedure, a second integrity verification verifies the integrity of the corrected data. If the second integrity verification is successful, the access request is allowed using the corrected data.

Abstract: In order to improve the safety and reliability of services provided by a computer, an authentication device (1) equipped with a transmission unit (15) and a determination unit (16) is provided. The transmission unit (15) transmits a challenge to a terminal device (7) where the challenge is presented to a user (8) to be authenticated, the challenge being information serving as the basis on which the user inputs information to be used for authentication processing. At this time, the transmission unit (15) transmits a plurality of different challenges to the terminal device (7). The determination unit (16) determines not only whether or not a response input to the terminal device (7) by the user (8) in response to each challenge is correct, but also whether or not time information regarding the challenge and the response thereto satisfies a condition regarding the response.

Abstract: Techniques for monitoring for fraudulent login attempts to remote services through an application. The method generally includes receiving a request to connect an application to a remote service. A login attempt counter tracking a number of attempts by a user to connect the application to one or more remote services is incremented. Based on determining that the login attempt counter is less than a maximum number of login attempts predicted to correspond to legitimate login activity in the application, the first username is compared to a second username included in a previous request. A distance is calculated between the first username and the second username, and one or more actions are taken to process the request based on determining whether the calculated distance exceeds a maximum predicted distance between usernames in successive requests that corresponds to legitimate login activity.

Abstract: A method includes establishing a multi-link security association between a transmitter upper Media Access Control (MAC) logic entity of a transmitter and a receiver upper MAC logic entity of a receiver. The transmitter includes one or more transmitter links. The receiver includes one or more receiver links.

Abstract: An apparatus includes a packet encryption circuit that uses an encryption keys to encrypt each of two or more portions of a data packet. Each portion is encrypted with a different encryption key and includes one or more layers of the data packet. A first portion includes a layer of the data packet with MAC information. The apparatus includes a packet transmitter that transmits, from a source router, an encrypted data packet to an intermediate router between the source router and a destination router. The encrypted data packet includes an encrypted version of the data packet encrypted using the encryption keys. The intermediate router has encryption keys sufficient for a service level agreement of the intermediate router and lacks a portion of the encryption keys. The source and destination routers use a MAC security standard for encryption and decryption of the data packet using the encryption keys.

Abstract: A method for establishing a fully private, information secure interconnection between a source and a destination over a data network with at least a portion of a public infrastructure. The method comprising at the source creating n shares of a source data according to a predetermined secret sharing scheme, and encrypting the n shares using (n, k) secret sharing. Further, defining for at least one node vi a directed edge (Vi1, Vi2) that has a k?1 capacity. All outgoing links of vi are connected to vi2. Additionally, using a maximum flow algorithm to define the maximum number of shares outgoing from vi2, and therefore from vi, on each outgoing link. The number of shares forwarded by node vi does not exceed the number of maximum shares that were defined by the maximum flow algorithm.

Abstract: Implementations are provided herein for systems, methods, and a non-transitory computer product configured to use predictive analysis of quantifiable parameters associated with individual files stored on a distributed file storage system. In some embodiments, parameters are analyzed by machine learning so that scheduled antivirus scanning can be intelligently conducted. We teach creating a sequential order for scheduled antivirus scanning such that the files most likely to be accessed or needed by users in the future will be scanned for viruses before those files less likely to be accessed. Our teachings encompass the use of heuristic data compiled and analyzed on a per-file basis. We enable system administrators to determine which parameters to prioritize and to set thresholds for antivirus scanning such as time limits.

Abstract: A method and apparatus for enforcing privacy within one or more memories of a data storage system are disclosed. In one embodiment, sensor data containing personally identifiable information (PII) is provided to a memory. In some embodiments, the memory of disclosed systems and methods may be volatile, non-volatile, or a combination. Within the memory, PII is detected in some embodiments by AI-based computer vision, voice recognition, or natural language processing methods. Detected PII is obfuscated within the memory prior to making the sensor data available to other systems or memories. In some embodiments, once PII has been obfuscated, the original sensor data is overwritten, deleted, or otherwise made unavailable.

Abstract: A method for securely receiving a multimedia content by a client device operated by one or more operator(s) involving a dedicated provisioning server of a security provider managing symmetric secrets used by the client devices and operators license servers. The provisioning server provides to the client device one or more generations of operator specific unique device secrets, which are then exploited by the various operators' license servers to deliver licenses such that authorized client devices can consume protected multimedia contents.

Abstract: In one example of federated mobile device management, a first management service federates with a second management service based on an exchange of one or more identity authentication certificates. After the management services have federated or affiliated, the first service can enroll a client device for management based on federated management data, where the federated management data includes first device management data of the first management service and second device management data of the second management service. The first service can also identify a change in affiliation associated with at least one of the client device or the second management service and cause the client device to check in for a device management update based on the change in affiliation.

Abstract: An embedded processing system includes processing circuitry, a memory system, and a reprogramming control. The reprogramming control is configured to authenticate a user associated with a reprogramming operation of the embedded processing system and receive an encrypted configuration item. The reprogramming control is further configured to decrypt and authenticate the encrypted configuration item either for storage of the configuration item in the embedded processing system or for transmission externally as an encrypted and signed entity. These operations are performed only after the user requesting such an operation has been authenticated to have the permission to perform the requested operation.

Abstract: Embodiments of the application provide information processing systems, methods and devices based on Internet of Things. An information processing system comprises a server device, a first device and a second device. The first device and second device are both an Internet of Things device. The first device is configured to: in response to detecting that a first acquisition instruction is triggered, acquire biometric feature information, and send the acquired biometric feature information to the server device. The server device is configured to identify a user corresponding to the biometric feature information. The second device is configured to: in response to detecting that a second acquisition instruction is triggered, acquire body movement information associated with the user, and send the acquired body movement information to the server device. The server device is further configured to perform an operation for the user according to the body movement information.

Abstract: A system that uses a client's behavioral biometrics—mouse dynamics, keystrokes, and mouse click patterns—to create a Machine Learning (ML) based customized security model for each client/user to secure website log-ins. The ML model can differentiate the user of interest from an impersonator—human or non-human (robot). The model collects relevant behavioral biometric data from the client when a new account is created by the client/user on a website or when the client initially logs-in to the website. The collected biometric data are used to train an ensemble of ML-based classifiers—a Multilayer Perceptron (MLP) classifier, a Support Vector Machine (SVM) classifier, and an Adaptive Boosting (AdaBoost) classifier—in the model. The trained versions of these classifiers are polled to give an optimal prediction in real-time (while the user is logging in). As a result, real-time fraud detection can be accomplished without impacting the log-in performance of the website.

Abstract: An authentication feature is provided to improve the safety and reliability of services provided by an electronic device. The electronic device includes a processor that outputs multiple challenges in a sequence, receives responses corresponding to the multiple challenges from a user and outputs a result based on whether the responses satisfy conditions of the multiple challenges.

Abstract: Systems and methods for verifying an identity of a user include a method that includes receiving, by a computing system, a biometric electronic signature token (BEST), the BEST comprising a first biometric sample captured from a signing party and a record, receiving, by the computing system, a second biometric sample captured from the user, generating, by the computing system, a biometric reference template based on biometric data extracted from the second biometric sample, comparing, by the computing system, the biometric reference template to the first biometric sample, and responsive to the biometric reference template matching the first biometric sample, determining, by the computing system, that the user matches the signing party.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.