Abstract: The disclosed computer-implemented method for identifying message payload bit fields in electronic communications may include (i) monitoring messages transmitted via a network, (ii) selecting a plurality of messages transmitted via the network, each of the plurality of messages comprising an identical message identifier corresponding to a specified message type having a payload, (iii) determining for each bit position in the payload of the specified message type, a quasi-entropy value based on a proportion of occurrences of a first bit value and a proportion of occurrences of a second bit value at each corresponding bit position in the plurality of messages, and (iv) identifying at least one of a near-random bit field, a periodic bit field, and a constant bit field within the specified message type based on the determined quasi-entropy values. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In some implementations, a system may control an environment in which biometric data is entered when a user enrolls data for a user account or authenticates after having enrolled user data. Enrollment and/or authentication may be required to occur under one or more conditions. In some implementations, data from an electronic device associated with a user may be used to determine whether conditions on enrollment and/or authentication have been satisfied.

Abstract: In an example, a detection engine identifies potential malware objects according to behavior. In order to circumvent blacklists and fingerprint-based detection, a malware server may frequently change domain names, and change the fingerprints of distributed malware agents. A malware agent may perform only an initial DNS lookup, and thereafter communicate with the malware command-and-control server via “naked” HTTP packets using the raw IP address of the server. The detection engine identifies malware agents by this behavior. In one example, if an executable object makes repeated HTTP requests to an address after the DNS lookup “time to live” has expired, the object may be flagged as potential malware.

Abstract: A method includes: receiving, at a host vehicle, a plurality of messages transmitted using Vehicle-to-Vehicle (V2V) communications indicating a heading angle and a speed of a remote vehicle; calculating an expected change in frequency of the plurality of messages received at the host vehicle based on the heading angle and the speed of the remote vehicle; measuring an actual change in frequency of the plurality of messages received at the host vehicle due to the Doppler effect; comparing the expected change in frequency to the actual change in frequency; and determining that the plurality of messages were not transmitted from the remote vehicle when a difference between the expected change in frequency and the actual change in frequency exceeds a predefined frequency change threshold.

Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.

Abstract: Systems and methods are provided for determining applications that are co-installed on a device. In an aspect, a system includes a registration component that receives, from a device, a request to register a first application provided on the device with a notification service, the request comprising an account identifier associated with a user identity, a session token, and an identifier for the first application. The session token is derived from an authentication token that is unique to the user identity and the device. The system further includes an authentication component configured to authenticate the user identity using the session token, and a fingerprint component configured to receive a fingerprint of the authentication token based on authentication of the user identity using the session token, wherein the registration component is configured to associate the account identifier, the identifier for the first application, and the fingerprint with one another in a database.

Abstract: The present invention relates to a method for accessing service/data of a first network from a second network for service/data access via the second network, comprising the steps of a) Pairing of a user device with the first network, b) Attaching the user device to the second network, c) Authenticating the user device with the second network, d) Providing connectivity information for services/data of the first network to the second network, e) Providing available services/data information by the first network to the second network, f) Accessing a service and/or data of the first network by the second network. The present invention relates also to a system for accessing service/data of a first network from a second network for service/data access via the second network.

Abstract: Securing a server before connecting the server to a data communications network in a data center may include: establishing a proximity-based communications connection with a service processor of a server, where the server is not coupled to a data communications network; and transmitting, via the proximity-based data communications connection, a digital certificate to the service processor of the server, where the digital certificate is configured to enable access to the server only by a system management server.

Abstract: A system and non-transitory computer program product for preserving data redundancy in a data deduplication system in a computing environment is provided. A selected data segment, to be written through the data deduplication system, is encrypted such that the selected data segment is not subject to a deduplication operation. Copies of the data segment that are to be precluded from data deduplication are determined and identified. A unique encryption key is used to encrypt the selected data segment to be written through the data deduplication system such that the selected data segment is not subject to a deduplication operation. The data deduplication system is tricked to recognize the encrypted, selected data segment as new, undeduplicated data by the encrypting thereby skipping steps of the deduplication operation that includes fingerprint generation and matching. The encrypted, selected data segment is directly written to a new physical storage location.

Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.

Abstract: A method for preserving data redundancy in a data deduplication system in a computing environment is provided. A selected data segment, to be written through the data deduplication system, is encrypted such that the selected data segment is not subject to a deduplication operation. The method determines and identifies copies of the data segment that are to be precluded from data deduplication. A unique encryption key is used to encrypt the selected data segment to be written through the data deduplication system such that the selected data segment is not subject to a deduplication operation. The data deduplication system is tricked to recognize the encrypted, selected data segment as new, undeduplicated data by the encrypting thereby skipping steps of the deduplication operation that includes fingerprint generation and matching. The encrypted, selected data segment is directly written to a new physical storage location.

Abstract: A system may determine to perform an internal and an external malware detection operation to detect a malware infection associated with a client device. The system may perform the internal operation by modifying an environment, executing on a particular device, to form a modified environment. The system may perform the external operation by performing a communication from the particular device. The system may monitor the modified environment for a first behavior indicative of the malware infection, and may monitor a result of performing the communication for a second behavior indicative of the malware infection. The system may detect that the first or second behavior has occurred. The system may provide a notification that the client device is infected with malware based on detecting that the first or second behavior has occurred. The notification may cause one or more network devices to block network traffic to or from the client device.

Abstract: Technologies are described herein to manage the replacement of routing rules. Some example technologies may receive a request to replace one or more active rules in a routing device with one or more stored rules. Each of the active rules and the stored rules may specify a routing rule that specifies how to route packets within a network. The active rules may be routing rules that are actively being used by the routing device. The stored rules may be routing rules that are not currently in use by the routing device. A determination may be made as to whether a number of active rule replacements for the routing device exceeds a threshold. In response to determining that the number of the active rule replacements exceeds the threshold, the request to replace the one or more active rules in the routing device may be denied.

Abstract: Techniques are provided for the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files.

Abstract: Methods, devices, signals, and systems are provided in a message routing architecture which provides improved capabilities for integrating “digital” communication through email messages with “analog” communication through voice and/or fax or pager messages. Email can be addressed using nothing more than a standard telephone or fax number. If the registered owner of the telephone or fax number has a corresponding email address, then the invention converts the telephone or fax number to the email address for delivery and uses standard email delivery systems to deliver the message. If no conventional delivery email address is known, or if the message sender or recipient specify multiple delivery modes, then the email message content is transformed into voice, pager and/or fax content and delivered to the recipient using the telephone or fax number which was specified as the email address.

Abstract: Systems, methods, and media for authentication are provided. In accordance with some implementations, the system comprises: a hardware processor that is programmed to: receive, from a device, a message relating to an authentication status of a user account associated with the device; transmit an authentication request to the device that is transmitted to an authentication server; receive, from the device, a response to the authentication request that includes authentication data relating to a session corresponding to the user account on the authentication server; cause an interface to be presented that requests authorization to authenticate the device with the authentication server using the user account; and transmit the authentication data to the device that causes the device to retrieve a corresponding authentication token from the authentication server, wherein the corresponding authentication token authenticates the user account on the device.

Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.

Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

Abstract: A server holds correspondence information in which a device identifier of a device for which an authentication process is successful and area network information concerning an area network including a controller are associated with each other. In the case where the authentication process is successful, the device holds area network information concerning an area network including a controller for which authentication is successful. In response to a connection request from a new device, the server checks whether an identifier of the new device is registered in the correspondence information. If the identifier is registered, the server determines whether the area network information associated with the identifier matches the area network information held by the new device. If the pieces of information do not match, the server detects the new device as an unauthorized device.

Abstract: A mobile device including a touch panel and a processing unit is provided. The touch panel includes one transmitting electrode and one receiving electrode. The transmitting electrode performs signal transmission using a touch-link technology, and the receiving electrode performs signal reception using the touch-link technology. The processing unit receives a message from a terminal device via the receiving electrode, and transmits an identification number to the terminal device via the transmitting electrode according to the message, so as to use the identification number for a verification on the terminal device.