Abstract: A user equipment includes a receiving unit configured to receive, from a base station apparatus, information for requesting a report of a User Equipment (UE) capability, a control unit configured to generate the report including a supported UE capability, and a transmitting unit configured to, in a case where an Access Stratum (AS) security with the base station apparatus is activated, transmit the report to the base station apparatus.

Abstract: A method of using a blockchain in an access control environment according to one embodiment includes transmitting, by a mobile device, a request to access a passageway secured by a lock device to a first node device, wherein a plurality of node devices including the first node device store the blockchain, receiving, by the mobile device, a lock-specific access token from one of the plurality of node devices in response to validation of a blockchain transaction associated with the request received from the mobile device by the plurality of node devices, transmitting, by the mobile device, the lock-specific access token to the lock device, receiving, by the mobile device, a verification message from the lock device in response to successful authentication of the lock-specific access token, and transmitting, by the mobile device, a notification of verification to the first node device to amend the blockchain.

Abstract: Some examples described herein relate to computer interfaces and authentication protocols for securely linking and transferring content between online accounts. In one example, a system can provide a graphical user interface (GUI) with multiple interactive interface pages, through which a user can selectively transfer content from a first online account to a second online account. For example, the user can select to transfer points from the first online account to the second online account. The system can then transfer of the selected content from the first online account to the second online account. To perform this transfer, the system can employ multiple layers of authentication and other security mechanisms. For example, the system can employ two or more layers of authentication and a unique external identifier to perform the transfer. Following the transfer, the GUI can be updated to reflect the results of the transfer.

Abstract: A computing device may provide content items to user devices requesting the content items. The computing device may receive the content item, in portions, from a source, and may send the portions to the user device. The computing device may send a first portion before the computing device receives all of the content item from the source. The request may also be associated with an expiration period, and the expiration period may affect the sending of the content item to the user device.

Abstract: Firmware passwords, such as BIOS passwords can be managed by a remotely executed management service. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: Machines, devices, and other objects are configured to use authorization tokens to verify object identities without human input. In examples, the object uses a password to validate the object's identity to an authorization server to obtain an access token for use in multiple applications. In another example, the object uses a certificate to validate the object's identity to an authorization server to obtain an access token. In other examples, any other suitable identifying data may be used to validate the object's identity to an authorization server to obtain an access token. The process of using passwords, certificates, or other validation processes to obtain tokens or other authorization mechanisms allows the object to authenticate themselves without human interaction and to use a single identity to access services from multiple service providers that trust a central authorization server.

Abstract: Aspects of the present disclosure are drawn to a client device for use with a first network device, a second network device, an external server, the first network device being configured to communicate with the external server and the second network device being configured to communicate with the external server. The client device includes a memory and a processor configured to execute instructions stored on the memory. This causes the client device to onboard onto the first network device using a first password, generate a key, and store first association information in the external server. The first association information including client device identifying data to uniquely identify the client device.

Abstract: Our Names in physical and real world have transformed into ‘username’s in virtual digital world. Anything that we need to access in digital world asks us for a ‘username’, which can be user selected (like an e-mail address) or provided to a user (like an employee ID/Number). This ‘username’ has indeed become a SuperName, giving access to restricted areas, based on privileges, links to other services as well. So, to a cybercriminal, if a ‘username; is known, more than half the job is done. And once corresponding password is cracked, the whole digital identity lies threadbare. Damages done through transactions of such unauthorized access may get quantified, but dent to privacy is far more damaging.

Abstract: A system for monitoring an industrial system for cyberattacks includes an industrial control system including a plurality of actuators, a plurality of sensors each arranged to measure one of a plurality of operating parameters, and an edge device and a computer including a data storage device having stored thereon a program that includes each of a time-series database including expected operating ranges for each operating parameter, a clustering-based database that includes clusters of operating parameters having similarities, and a correlation database that includes pairs of operating parameters that show a correlation.

Abstract: Anomalous activities on a computer network are detected from audit or sign-in activity information of a target entity as recorded in an audit or sign-in log. A baseline graph of the target entity is generated using information on activities of the target entity during a collection period. A predict graph of the target entity is generated with information on activities of the target entity during another collection period, which follows and is shorter than the earlier collection period. A residual graph that indicates nodes or edges that are in the predict graph but not in the baseline graph is generated. The residual graph is scored and the score is compared to a threshold to determine whether the target entity has performed an anomalous activity.

Abstract: An access control system includes a first controller having a first antenna interface for broadcasting identifying data to local devices, for receiving ephemeral ID signals, token signals or payload data from local devices, and a first processor for determining a first authentication when an ephemeral ID signal or a token from a first local device is determined to be valid, for determining a second authentication when an ephemeral ID signal or a token from a second local device is determined to be valid, and for instructing a peripheral to perform a user-perceptible action in response to the first authentication, and a second controller coupled to the first controller having a second processor for receiving payload data for the second local device in response to the second authentication, and a second antenna interface for outputting at least a portion of the payload data to the remote server in response to the second authentication.

Abstract: A method at a network element for processing a first message destined for an intelligent transportation system station, the method including receiving from a sending entity, or generating, the first message at the network element; based on a source or contents of the first message, performing one of: discarding the first message; or modifying the first message to provide an indication to the intelligent transportation system station of checks the intelligent transportation system does not need to perform, thereby creating a second message; and forwarding the second message to the intelligent transportation system station.

Abstract: Disclosed are techniques for detecting outlier cells based on positioning of a user equipment (UE). In an aspect, the UE or a location server determines a plurality of cells detectable by the UE, calculates a plurality of location estimates for the UE based on positioning measurements of a corresponding plurality of subsets of the plurality of cells, identifies a subset of cells that provides a best location estimate for the UE, wherein the best location estimate maximizes a set of inlier cells, calculates a final location estimate for the UE based on positioning measurements of the subset of cells and the set of inlier cells, identifies any remaining cells of the plurality of cells other than the subset of cells and the set of inlier cells as at least one outlier cell, and performs a mitigation operation based on identifying the at least one outlier cell.

Abstract: A vehicle authentication system includes a ring-type wearable device, an in-vehicle device, and a communication terminal. The in-vehicle device performs authentication regarding use of the vehicle. The in-vehicle device causes a short-range communication module to perform short-range wireless communication with the ring-type wearable device that has unique identification information. The in-vehicle device acquires information received by a wide area communication module configured to communicate, via a network, with the communication terminal configured to make a reservation for the use of the vehicle.

Abstract: This disclosure relates to using trust tokens to verify the integrity of devices and applications from which data is received. In one aspects, a method includes receiving, from a client device, a request for one or more trust tokens. The request includes at least one of one or more device-level fraud detection signals obtained from the client device or data representing code of an application that initiated the request. The request also includes a respective nonce for each of the one or more trust tokens. A determination is made, based on at least one of the one or more device-level fraud signals or the data representing the code of the application, to issue the one or more trust tokens to the client device. Each trust token is generated using the nonce for the trust token. The one or more trust tokens are provided to the client device.

Abstract: In some embodiments, the present disclosure provides systems and methods for detecting malware, including receiving thermal images of an integrated circuit, and generating a power density profile using at least one of the thermal images. The present disclosure further includes comparing the power density profile to an expected power density profile of the integrated circuit, and determining, based on the comparison, if the integrated circuit is in an abnormal operating state.

Abstract: A list-type detection unit (220) performs list-type detection on communication data so as to detect a fraudulent communication. A machine-learning-type detection unit (230) performs machine-learning-type detection on communication data so as to detect a fraudulent communication. A communication acceptance unit (210) receives communication data from a network, and allocates the received communication data to at least one of the list-type detection unit and the machine-learning-type detection unit, using an allocation filter. A filter setting unit (250) determines a parameter value based on a load status of the list-type detection unit and a load status of the machine-learning-type detection unit, and sets the determined parameter value in the allocation filter.

Abstract: A method for redacting sensitive information from an audio stream, such as a voice signal in a telephone call, in real time is provided. The method includes: receiving an audio stream; conveying the audio stream through a channel that includes a valve; detecting, from within the audio stream, a first event that indicates an onset of sensitive information; closing the valve so that the conveying of the audio stream through the channel is temporarily stopped; detecting, from within the audio stream, a second event that indicates an ending of the sensitive information; and reopening the valve so that the conveying of the audio stream through the channel is resumed. The sensitive information may include payment card industry (PCI) information, such as a card number and/or a card verification value (CVV).

Abstract: A management device calculates, from access information transmitted from a token terminal and a site seed assigned to a server, a user seed, and registers the user seed in the token terminal. The token terminal obtains a share seed, calculates a key code from the share seed and the user seed, and presents the key code to the user. When the user enters the key code to an access terminal, the access terminal transmits, to the server, a request having the key code specified. The server obtains access information relating to the transmitted request, calculates a checkup seed from the access information and the site seed assigned to the server, obtains a share seed independently from the token terminal, calculates a checkup code from the share seed and the checkup seed, and sets a necessary condition for sign-in that is consistent between the key code and the checkup code.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned lockable devices. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory of factory-provisioned lockable devices and also includes encrypted code(s) for accessing the lockable devices. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of detected lockable devices of the IHS is then collected. The validation process compares the collected inventory of detected lockable devices against the inventory of factory-provisioned lockable devices from the inventory certificate in order to validate the IHS is operating using only factory-provisioned lockable devices.