Abstract: A method for analysing data received by an addressed recipient of a data package. The method comprises receiving a data package over a data network. The data package comprises a header and payload data. The header of the data package is analysed to determine a plurality of characteristics, the characteristics comprising at least an identifier and a transmission time. The method also comprises generating a risk indicator, wherein the risk indicator indicates a risk associated with the analysis of the header. A handling action is generated based on the risk indicator; and provided along with the payload data to the addressed recipient.

Abstract: Embodiments of the present disclosure provide a data transmission method, apparatus, and device. The method includes: performing, by a terminal, encryption and integrity protection on a data packet by using a public key of a network device and a private key of the terminal, where the data packet includes user data; and sending, by the terminal, the data packet to the network device, to send the user data to a server by using the network device. Encryption and integrity protection are performed on the data packet respectively by using the public key of the network device and the private key of the terminal, and when no radio resource control RRC connection is established, the data packet is sent to the network device.

Abstract: This application provides a key configuration method and an apparatus. A key management center obtains a service key, and performs encryption and/or integrity protection on the service key to obtain a token. The key management center sends the token to a first network element, the first network element forwards the token to a second network element, and the second network element obtains the service key based on the token. The service key is used to perform encryption and/or integrity protection on data transmitted between the first network element and the second network element. Therefore, security key configuration can be implemented through interaction between the key management center and the network elements, thereby laying a foundation for end-to-end security communication between the first network element and the second network element.

Abstract: A method for performing secure computations on records, comprising: receiving a request to apply an arithmetic computation on a record; assigning a respective partial record to each of a plurality of computational processes; instructing each of the computational processes sharing a computation scheme to perform the following: submitting the arithmetic computation to the computation scheme to assemble a processed partial record from the respective partial record components; instructing each of the plurality of computational processes to verify an integrity of at least one of the plurality of processed partial records by: broadcasting combined encryptions of one of the plurality of processed partial record components to all other of the plurality of computational processes and analyzing received combined encryptions to detect integrity in the other of the processed partial record components; and when the detected integrity is valid, calculating a response to the request by combining the received processed parti

Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.

Abstract: Computing systems, devices, and associated methods of managing secure communication using hardware accelerators are disclosed herein. In one embodiment, a method includes receiving a data request from a user kernel requesting to read a message stored in a buffer. In response to receiving the data request, transmitting to a processor, data representing a request to validate content in the message. The method also includes receiving from the processor, data representing a validation result containing an indication whether the content in the message is valid and a header size of the message. When the indication indicates that the content of the message is valid, a header of the message is removed from the message according to the header size in the validation result to extract the payload and providing the extracted payload to the user kernel.

Abstract: Systems for dynamically detecting unauthorized activity are provided. A system may receive data from one or more computing devices associated with one or more different channels of communication (e.g., email, telephone, instant messaging, internet browsing, and the like). The received data may be formatted or transformed from an unstructured format to a structured format for further analysis and evaluation. In some arrangements, machine learning may be used to determine whether triggering content was identified in data received from the one or more systems and to evaluate the identified triggering content to determine whether the content, alone or in combination with triggering content from other channels of communication, may indicate an occurrence of unauthorized activity. If so, the identified occurrence may be evaluated to determine whether a false positive has occurred.

Abstract: Disclosed is a method for generating a secret or key in a network having first and second subscribers and a transmission channel therebetween. The first and second subscribers generating first and second sequences of subscriber values to achieve synchronous transmission; and the first and second subscriber each generate a common secret, the first subscriber doing so based on information about the first sequence and a superposition of the second sequence onto the first sequence on the transmission channel, and the second subscriber doing so based on information about the second sequence and the superposition of the second sequence of subscriber values onto the first sequence of subscriber values. At certain intervals or in accordance with a detected sequence of superposed values, the first or second subscriber outputs at least one filler value onto the transmission channel such that an edge change or change in values occurs on the transmission channel.

Abstract: A method for managing quarantines. A quarantine triggered by a network access policy is detected by a computer system. A determination is made by the computer system of whether to enforce a quarantine rule for the quarantine utilizing a quarantine enforcement model trained utilizing a machine-learning process to classify quarantine rules in response to detecting the quarantine rule. The quarantine is deactivated by the computer system when the quarantine rule is classified as inappropriate such that a risk of a threat is balanced with a group of operational considerations.

Abstract: An unauthorized control suppression method for use in a network system is provided. The network system includes a plurality of electronic controllers that exchange, via a communication channel, a plurality of frames The plurality of frames includes at least one control frame that instructs predetermined control to an object of control. The method receives, sequentially, the plurality of frames from the communication channel, and determines whether the predetermined control, instructed by the control frame received in the receiving, is to be suppressed, based on a set of frames received in the receiving. The set of frames is received in the receiving within a predetermined period preceding a time of reception of the control frame.

Abstract: A method for protecting an enterprise network includes, at a system that is remote from the enterprise network: controlling communications to and from the enterprise network according to a set of security policies; controlling endpoint to endpoint connections within the enterprise network according to the set of security policies; receiving a request for modifications to the set of policies; automatically generating a policy digest formatted according to a predefined format, the policy digest comprising the modifications, and storing the policy digest in the memory; retrieving the policy digest from the memory; generating one or more calls to one or more system components that control the communications to and from the enterprise network and the endpoint to endpoint connections based on the policy digest; and modifying control of the communications and the endpoint to endpoint connections based on the one or more calls.

Abstract: A system and method for encrypting portions of data for storage in a remote network have been provided. The system comprises a memory with instructions executable by a processor to receive data for forwarding to a server device, wherein the received data comprises an indication of one or more portions of the received data to be encrypted; identify a portion comprising the one or more portions of the received data based at least in part on the indication; encrypt the identified portion of the data; generate a payload that comprises the encrypted portion and one or more unencrypted portions of the received data; and transmit, to the server device, the payload.

Abstract: Described is a system for biometric based security. The system applies a reusable fuzzy vault (RFV) process to protect secret information. The RFV process comprises a locking algorithm and an unlocking algorithm. The locking algorithm takes as input a fuzzy string m generated from readings of biometrics and secret information sk to be protected, The locking algorithm outputs a public string vault and a hash value h of sk. The unlocking algorithm takes as input a public string vault and a fuzzy string m?, and outputs a string sk? if fuzzy string m? is sufficiently close to fuzzy string m. The unlocking algorithm further computes a hash value h? of sk? and compares it with h. The system allows access to the secret information sk when h? is equivalent to h.

Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.

Abstract: A method for automatically provisioning a secure data analytic environment is provided. In one or more embodiments, the method can include receiving one or more specifications regarding the data analytic environment to be created from a user, and using the specifications to automatically implement the data analytic environment on a cloud computing environment. In one or more embodiments, the created data analytic environment can be analyzed to determine if the environment is compliant with one or more computing security rules. If the environment is found to be compliant, then the provisioning scripts can be used to generate clones of the originally created analytic environment or modify the pre-existing data analytic environment without requiring the newly created or modified environment to undergo the level of security scrutiny provided when the original analytic environment was created.

Abstract: Authentication methods, apparatuses, and devices, including computer programs encoded on computer storage media are provided. One of the methods includes: receiving information to be authenticated from user input; sending an authentication request to an authentication client; determining a first time when the authentication request is sent to the authentication client and a second time when a jump operation from the browser to the authentication client is completed; when a time difference between the first time and the second time is greater than a threshold, sending an authentication result request to the authentication client; receiving a page jump request from the authentication client for jumping from the authentication client to the browser according to the identification information, the page jump request comprising an authentication result of the information to be authenticated; and displaying the authentication result according to the identification information.

Abstract: Provided is an analysis system including: an operation analysis unit that analyzes operation of an analysis target program that is a target program to be analyzed, by executing the analysis target program in a second execution environment that is a computing environment for analysis, the second execution environment being configured to emulate at least a partial configuration of a first execution environment that is a computing environment for real operation where the analysis target program is able to be executed; and a configuration unit that builds the second execution environment capable of emulating a specific configuration of the first execution environment, the specific configuration relevant to an operation of the analysis target program, by modifying at least a partial configuration of the second execution environment in accordance with the operation of the analysis target program analyzed by the operation analysis unit.

Abstract: A method of authenticating the communication of an authentication device and at least one authentication server using a local factor with creation of secret information shared by the authentication device and the authentication server; the reference information is derived from the secret information shared by the authentication device and the authentication server, where the manner of derivation is the same on the authentication device and on the authentication server; furthermore, the authentication device creates transformed reference information by means of cryptographic transformation from the reference information, where the local factor chosen and entered by the user or obtained from a medium or from the surrounding environment is used as an input in this cryptographic transformation, and where only the transformed reference information is stored on the authentication device and only the reference information is stored on the authentication server.

Abstract: Provided is a process that establishes representations and permits users to login to a relying device to which a mobile device has registered. Credential values of the user are established within a trusted execution environment of the mobile device and representations of those credentials are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may permit user access to the relying device via secure session. The user of the mobile device may authenticate with the mobile device to the server, which may permit user access by causing the mobile device to obtain a value by which the relying device may be accessed. The user of the mobile device may authenticate with the mobile device based on a policy received from the server to obtain a value by which the relying device may be accessed.

Abstract: Facial recognition-based authentication comprises obtaining a first image of a target object, updating projection information associated with a display by a display device, obtaining a second image of the target object, the second image being an image of the target object after the projection information is updated, obtaining an image difference data based at least in part on the first image and the second image, and determining whether the target object is a virtual object based at least in part on the image difference data.