Abstract: An example operation includes one or more of connecting, by an identity provisioning node, a blockchain one to a blockchain two, creating, by an identity provisioning node, an interoperation identity network (IIN) for the blockchain one and for the blockchain two as an instance of a self-sovereign identity (SSI) network, executing a smart contract to: invoke an IIN access control policy, map attributes and permissions of the blockchain one to attributes and permissions of the blockchain two based on the IIN access control policy, and generate a valid verifiable credential (VC) of the IIN in the blockchain one and in the blockchain two based on the mapped attributes and the permissions.

Abstract: Method for secure distance measurement comprising the following steps: transmitting from a verifier (V) to a prover (P) a challenge message comprising a challenge bit sequence (C); transmitting from the prover (P) to the verifier (V) a response message comprising the response bit sequence (R); verifying, in the verifier (V), the response message on the basis of the response bit sequence (R); and determining, in the verifier (V), the distance between the verifier (V) and the prover (P) on the basis of the time difference between the challenge message and the response message.

Abstract: A graph representation of a designated application may be created. The graph representation may include nodes that each represent a computer programming code statement associated with the designated application as well as edges that each represent a logical linkage between two or more computer programming code statements. A determination may be made as to whether the designated application constitutes an unacceptable security risk by comparing the designated graph representation with a plurality of comparison graph representations. When it is determined that the designated application constitutes an unacceptable security risk, a message may be transmitted to prevent the designated application from being executed.

Abstract: A device comprises a sensor and processing circuitry coupled to the sensor. The sensor is configured to obtain authentication information from an identification label of a cartridge of an electronic vaping device. The processing circuitry is configured to perform authentication of the cartridge based on the authentication information; and determine whether to unlock a battery section of the electronic vaping device to power the cartridge based on a result of the authentication of the cartridge.

Abstract: A method including detecting, in response to a design file uploaded by a development device, validity of an actual constraint file included in the design file and corresponding to an FPGA of the FPGA cloud host; synthesis processing the design file in response to detecting that the actual constraint file is valid; and writing a burner file obtained from the synthesis processing into the FPGA. The validity of the actual constraint file is detected to prevent a malicious attack of a user to FPGA hardware.

Abstract: Attacks with inserted data may be greatly thwarted with the disclosed innovation featuring systems and methods of using a governor. A governor may act directly in in-line processing to reduce and limit attack surfaces, enforcing validators pre-selected by applications and/or, in the absence of application preselection, selecting and validating validators separately. The applicability of such a technical improvement to system operations improves the technical operations of most any system with one or more applications that accept potential attack surface items, such as data, data fields and/or data types, from “open” or uncontrolled sources.

Abstract: Embodiments of the present invention provide a security indication information configuration method and device, to reduce a risk of attack and interception from malicious software. The method includes: detecting, by a terminal, whether universal security indication information is set in the terminal for a TUI; detecting a running status of the terminal if no universal security indication information is set; when it is detected that the running status of the terminal is a secure state, presenting a first input interface on a display by using a first information presentation interface; and receiving input universal security indication information by using the first input interface, and saving the universal security indication information to a trusted execution environment TEE of the terminal.

Abstract: An apparatus, method and computer program wherein the apparatus comprises:a plurality of quantum dot-graphene field effect transistors; circuitry configured to provide an individual drain-source bias voltage to each of a plurality of quantum dot-graphene field effect transistors, wherein different individual drain-source bias voltages have different parameters, to enable the plurality of quantum dot-graphene field effect transistors to detect light from a user of an apparatus; and circuitry configured to obtain output signals from each of a plurality of quantum dot-graphene field effect transistors where the output signal is dependent upon both the light detected by the quantum dot-graphene field effect transistor and the parameters of the drain-source bias voltage to enable the obtained output signals to be used as a scrambled identification signal of the user of the apparatus.

Abstract: Exemplary systems and methods for malware attack detection and identification are provided. A malware detection and identification system a controller that features an analysis environment including a virtual machine. The analysis environment to (1) receive data by the virtual machine of the analysis environment and identify a portion of the data that have been received from one or more untrusted, (2) monitor state information associated with the identified portion of the data during execution by the virtual machine, (3) identify an outcome of the state information by tracking the state information during execution of the identified portion of the data by the virtual machine, and (4) determine whether the identified outcome comprises a redirection in control flow during execution by the virtual machine of the portion of the data, the redirection in the control flow constituting an unauthorized activity.

Abstract: Disclosed is a method of controlling access to mobile radio connection(s) in a vehicle, having a policy and charging enforcement function with deep packet inspection capabilities “vePCEF” and optionally a policy and control rules function “vePCRF” in the vehicle. Furthermore, a Man In The Middle (MITM) methodology can be employed within the vehicle PCC architecture to enhance the enforcement of the PCRF/vePCRF policies. Also disclosed is a vehicle containing a PCC architecture having a MITM functionality. Also disclosed is a method of controlling access to mobile radio connection(s) in a vehicle, having a policy and charging enforcement function with deep packet inspection capabilities “vePCEF” which interfaces to a mobile core network PCRF or a cloud based PCRF.

Abstract: Methods, apparatus, systems and articles of manufacture to provide resource security are disclosed. Example methods and apparatus manage a benchmark specific to a resource, the benchmark created during development of the resource and including a collection of rules to constrain behavior of the resource, enable a rule of the benchmark that corresponds with a type of the resource, disable a rule of the benchmark that does not correspond with the type of the resource, test the enabled rule of the benchmark against the resource, identify an insufficiency of the resource based on the enabled rule of the benchmark, and remediate the insufficiency of the resource to comply with the enabled rule of the benchmark.

Abstract: A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.

Abstract: A profile downloading method and apparatus is provided for a terminal to download and install a profile in a communication system. The communication method of the terminal includes transmitting a first message including information on a profile to be received from a profile provision server; receiving a second message including information indicating whether an encryption code input is required and a first modified encryption code; generating, when the first modified encryption code is successfully authenticated, a second modified encryption code; transmitting to the profile provision server a third message including information requesting to the profile provision server for the second modified encryption code and profile download, and receiving a fourth message including information on the profile from the profile provision server.

Abstract: Disclosed are various approaches for generating a device posture token corresponding to a client device. The device posture token can be used by a verification computing device to determine whether the client device complies with the security policies of a particular facility.

Abstract: The disclosed computer-implemented method for controlling uploading of potentially sensitive information to the Internet may include (i) loading, at the computing device, at least a portion of a webpage and (ii) performing a security action including (A) converting, at the computing device, components of the webpage from an online status to an offline status, (B) receiving a sensitive information input to a respective offline component of the webpage, (C) converting, based on a stored user preference and in response to receiving the sensitive information input, the respective offline component to the online status, (D) buffering an outgoing network request comprising the sensitive information input, (E) receiving an approval input indicating approval to transmit the potentially sensitive information to the Internet, and (F) releasing the outgoing network request in response to receiving the approval input. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A moderation framework monitors content posted in a database network and uses a declarative configuration scheme that defines moderation rules without having to write new software. A user interface operated by the moderation platform allows selection of different user criteria and different content criteria for triggering the moderation rules. The user interface also provides selectable actions for the moderation rules to apply when the content matches the selected user and content criteria. The user interface also allows selection of different entities for associating with different moderation rules, such as accounts, cases, opportunities, Chatter® feed posts, or custom objects defined by customers.

Abstract: In a wireless network, a distributed ledger client maintains hardware-trust with a wireless network slice and distributed ledger nodes. The wireless network slice delivers wireless communication services to wireless user devices. When the distributed ledger client maintains hardware-trust with the wireless network slice, the wireless network slice transfers slice data to the distributed ledger client. The slice data that characterizes the delivery of the wireless communication services. The distributed ledger client transfers the slice data to the distributed ledger nodes. The distributed ledger nodes log the slice data when the distributed ledger client maintains hardware-trust with the distributed ledger nodes.

Abstract: The method of securing secure communication between a User Equipment (UE) and evolved NodeB (eNB), involves deriving a user plane (UP) encryption key (KUPenc) from a shared key (KeNB) associated with the UE for an ongoing communication session. At the UE, the UP encryption key (KUPenc) may be hashed with a number of random numbers to generate a plurality UP encryption keys(KUPenc(n)), wherein the random numbers are transmitted to the eNB through a Packet Data Convergence Protocol (PDCP) control message. One or more data packets sent from the UE to the eNB may be encrypted, by the UE, using the plurality of UP encryption keys (KUPenc(n)).

Abstract: Disclosed are an apparatus and method for encryption. The encryption apparatus includes a key table generator configured to generate at least one encryption key table from random values obtained from a seed value and generate at least one decryption key table from the at least one encryption key table; an algorithm generator configured to generate an encryption algorithm having a Misty structure that has a round function to which the at least one encryption key table is applied and a decryption algorithm having a Misty structure that has a round function to which the at least one decryption key table is applied; an encryptor configured to encrypt plaintext data with the encryption algorithm; and a decryptor configured to decrypt encrypted data with the decryption algorithm.

Abstract: Some external users in a public on-line community may post excessive numbers of items, causing annoyance to others and unnecessary loading on database resources. A robust moderation framework enables an individual community moderator or admin to specify a set of rules and actions to mitigate this problem. Scalable, performant rate limiting rules employ windowed counters, separately for each rule, with the counters maintained in cache memory resources outside the main database.