Abstract: A method of detecting patterns in network traffic is provided. The method includes receiving a plurality of packets of network traffic, each packet having a payload populated with payload data and selecting payload lengths that occurred most frequently. For each of the selected payload lengths, a pattern template is generated using characters per position of the payload that satisfy a frequency criterion. A bit encoding scheme is assigned for each of the selected payload lengths and its associated pattern template. Each packet of the plurality of packets that has a payload length equal to any of the selected payload lengths and payload content that matches a pattern template generated for the payload is encoded into a single value. The single value uses the bit encoding scheme for the payload length and the pattern template matched.

Abstract: Existing search methods/systems are often generic and sometimes offer no user specific information. Disclosed herein are methods and systems for providing personalized, interactive, and intelligent search information. In particular, a search query is provided to a remote server and the remote server uses intelligent analysis for better interpreting and understanding user input and interactive user feedback concerning both search query quality and search result quality are provided to improve search quality and user experience, especially for accurate and intelligent searches in an interactive system (e.g., in an AR system). Using a remote server for query processing is advantageous because of its superior capability, including superior computing capacity.

Abstract: A security method that includes determining a sensitivity value for content to be projected onto a holographic surface, and determining identity for people that are within visual range of the holographic surface. The method further includes determining which of the people is authorized to view the content being projected onto the holographic surface according to the sensitivity level. The holographic surface is shaped to provide a reshaped holographic surface that obstructs people that are not authorized to view the sensitivity level of the content. The content is then projected onto the reshaped holographic surface within vision of people authorized to view the sensitivity level of the content.

Abstract: The present disclosure relates a system, method, and computer program for detecting anomalous user network activity based on multiple data sources. The system extracts user event data for n days from multiple data sources to create a baseline behavior model that reflects the user's daily volume and type of IT events. In creating the model, the system addresses data heterogeneity in multi-source logs by categorizing raw events into meta events. Thus, baseline behavior model captures the user's daily meta-event pattern and volume of IT meta events over n days. The model is created using a dimension reduction technique. The system detects any anomalous pattern and volume changes in a user's IT behavior on day n by comparing user meta-event activity on day n to the baseline behavior model. A score normalization scheme allows identification of a global threshold to flag current anomalous activity in the user population.

Abstract: An apparatus has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to store identity attributes including real identity attributes for a real individual and a digital identity with digital identity data attributes operative as a personal privacy proxy for the real individual. Web site input forms are automatically filled alternately using the real identity attributes and the digital identity attributes.

Abstract: Concepts and technologies of latency sensitive tactile network security interfaces are provided herein. In an embodiment, a method can include identifying, by a tactile network interface controller, encrypted command packets that are being sent as a data stream to a tactile application. The method can include obtaining a command sequence model based on the encrypted command packets being sent to the tactile application, and decrypting at least some of the encrypted command packets based on the command sequence model, where decrypting the encrypted command packets identifies non-sequential command instructions. The method can include determining, based on the command sequence model, that at least some of the non-sequential command instructions do not conform to the command sequence model, and dropping, by the tactile network interface controller, the non-sequential command instructions that do not conform to the command sequence model from the data stream.

Abstract: The object of the invention relates to a method in which a telecommunications operator or an e-delivery provider can send notices by email to one or a number of recipients, certifying the content of the notice and with a link to a proxy server of a CA (certification authority) who will verify the digital certificate of the recipient and their identity.

Abstract: A computing device, including one or more output devices and a processor. The processor may be configured to download a web application. The web application may include an authorization certificate and a metadata file that includes an identifier of at least one local application program interface (API) of the computing device that is not included in an API whitelist of a web host application program. The processor may determine, based on the authorization certificate and the metadata file, that the web application is authorized to access the at least one local API. The processor may execute the web application at the web host application program. Executing the web application may include utilizing the at least one local API. The processor may convey at least one output of the web application for output at the one or more output devices.

Abstract: A method performed by a user equipment (UE) including establishing a primary authentication with a security anchor function, establishing a user plane (UP) session or connection with a UP function (UPF), receiving an extensible authentication protocol (EAP) based authentication request from the UPF, sending an EAP based authentication response to the UPF, and receiving an EAP based authentication result based on a verification response from an external authentication, authorization, and accounting (AAA) server. A method performed by a UPF includes establishing a UP session or connection to a UE, sending an EAP based authentication request to the UE, receiving an EAP based authentication response from the UE, forwarding the EAP based authentication response to an external AAA server, receiving a verification response from the external AAA server, and sending an authentication result to the UE based on the verification response from the external AAA server.

Abstract: The present invention relates to a method for authenticating software. The method comprises defining a set of parameters to use for trace mapping the software, wherein the set of parameters represents the software functionality when executed. The method further comprises: a) creating a trusted fingerprint that is created by trace mapping the software using the set of parameters when executed in a trusted environment; b) creating an operating fingerprint that is created by trace mapping the software using the set of parameters when executed in an operating environment; c) comparing the operating fingerprint with the trusted fingerprint, and identifying any difference between the trusted fingerprint and the operating fingerprint; and d) when said operating fingerprint is non-identical with the trusted fingerprint, initiating predefined action(s) in response to the identified differences between the trusted fingerprint and the operating fingerprint.

Abstract: A series terminal for an automation system, having an insulating housing, which has an electrical contact on at least one side of the housing with which the series terminal can be connected with a data bus of an automation system. The series terminal comprises an integrated electronic processing unit which is connected to the at least one contact device and is designed for transmitting and/or receiving data via the data bus. In this case, the integrated electronic processing unit is set up to query a configuration of the automation system and, based on the configuration, to generate an individual cryptographic key for the automation system in conjunction with a secret cryptographic key stored in the series terminal.

Abstract: System and method for detecting an infected website are disclosed. A semantic finder receives top-level domains and identifies keywords of the top-level domains representing a predetermined semantics. The keywords are compared with irrelevant bad terms to find at least one irrelevant term. An inconsistency searcher searches the top-level domains and detects at least one fully-qualified domain name carrying the at least one irrelevant term. A context analyzer evaluates context information associated with the irrelevant term, identifies at least one frequently-used term identified in the context information, and determines whether the at least one frequently-used term is unrelated to a generic content of the at least one fully-qualified domain name An irrelevant bad term collector extracts the at least one frequently-used term unrelated to the generic content and adds the extracted frequently-used term to an irrelevant bad term list for detecting the infected website.

Abstract: In a secure hardware extension (SHE)-B, an initial key is set to a KEY_N key usable in a verification process and a generation process for a message authentication code. In an SHE-A, a master key is set to a KEY_N key usable in the verification process and the generation process for the message authentication code, the master key being used together with an identifier of an authenticated electronic control unit (ECU) for generating the message authentication code to be used as the initial key. A central processing unit (CPU) causes the message authentication code for the identifier of the authenticated ECU to be generated using the master key through the SHE-A and executes a process of authenticating validity of the authenticated ECU by using the generated message authentication code.

Abstract: A CRL can be divided into a number of segments. The number of segments into which the CRL is divided can be determined by using a predefined number of serial numbers per segment. The segment in which a particular certificate is included can be determined by application of a consistent hashing algorithm to the serial number of the certificate to determine in which segment the serial number will be found if revoked, thereby increasing the efficiency of determining the revocation status of the certificate. Metadata common to each CRL can be cached on each server and on the remote cache. The segments themselves can be cached in the remote cache. Storing the segments only in the remote cache decreases resource consumption (e.g., amount of memory used in the local cache). Storing the segments in the remote cache enables optimization for locality.

Abstract: Disclosed is a security keyboard executing method, and an apparatus and system for performing the same. A security keyboard system according to an embodiment of the present disclosure includes: a caller module configured to generate a first verification value in response to a call event for a security keyboard, and generate a security keyboard call signal which includes the first verification value and caller identification information; and a security keyboard module configured to receive the security keyboard call signal, generate a second verification value based on the security keyboard call signal, and verify a security keyboard call by comparing the first verification value and the second verification value.

Abstract: Embodiments of the present systems and methods may decide if a software file is malicious or benign, using properties of the file's overlay, if existing. For example, in an embodiment, a computer-implemented method for identifying malware in computer systems may comprise receiving a plurality of executable files labeled as being malicious or benign, training a machine learning model using properties extracted from overlays associated with each of the plurality of received labeled executable files, receiving an executable file that is not labeled, determining whether the received unlabeled executable file is malicious or benign using the trained machine learning model based on properties extracted from an overlay associated with the received unlabeled executable file, and transmitting information identifying the received unlabeled executable file as malicious when the received unlabeled executable file is determined to be malicious.

Abstract: A watermark in Adaptive Bitrate (ABR) content may be provided. First, a cache miss may be determined in response to receiving a request that includes an address that points to a fake media segment. Next, in response to determining the cache miss, a pull request may be sent to an origin server. The pull request may include an identifier corresponding to a client device. Then, in response to sending the pull request, a redirect response may be received from the origin server. The redirect response may include an address of a real media segment with an embedded watermark.

Abstract: A method of communicating via a vehicle communication network includes providing an electronic control unit (ECU), the ECU including a main processing unit and a security processing unit, the security processing unit including a symmetric security key, attempting a secure boot of the main processing unit, providing use of the symmetric security key to the main processing unit if the secure boot of the main processing unit is successful, preventing use of the symmetric security key by the main processing unit if the secure boot of the main processing unit is not successful, conducting, via an attestation processing unit, a remote attestation of the main processing unit, and determining, via the attestation processing unit, whether the secure boot of the main processing unit was successful according to the remote attestation.

Abstract: Methods and systems privatize a dataset while controlling discoverability of patterns of the dataset. In an embodiment, values are assigned to discoverable patterns of a dataset. Privacy constraints are determined to privatize the dataset. Pattern constraints are determined to preserve a first set of patterns of the dataset and to conceal a second set of patterns of the dataset. A model is generated to satisfy all of the privacy constraints and a subset of the pattern constraints that do not conflict with the privacy constraints, with minimal loss of data. The dataset is modified based on the model. Discoverable patterns of the modified database are determined from the subset of privacy constraints. And a monetary value of the modified dataset is determined based on the patterns that remain discoverable in the modified dataset.

Abstract: A security platform may determine mapped attribute information associated with a plurality of host identifiers. The mapped attribute information may include information that identifies a set of related attributes. The security platform may determine, based on the mapped attribute information, that a host device is associated with at least two host identifiers of the plurality of host identifiers. The security platform may aggregate, based on the at two least host identifiers, threat information as aggregated threat information associated with the host device. The security platform may classify the host device as an infected device or a suspicious device based on the aggregated threat information.