Abstract: A method for detecting and mitigating effects of abnormal MTC device behavior includes, at a telecommunications network node comprising one of an MME, DRA, or SCEF, receiving CP information from which core network (CN) assistance information for tuning an evolved node B (eNB) to minimize MTC device state transitions is derivable, forwarding the CP information or CN assistance information derived from the CP information to another network node, deriving, from the CP information, a rule for policing behavior of the MTC device, storing the rule in memory of the telecommunications network node, monitoring uplink communications from the MTC device, determining, using the stored rule derived from the CP information, that the MTC device is not behaving in accordance with an expected behavior; and, in response performing a network security action that mitigates an effect of traffic from the MTC device on the network.

Abstract: A wearable electronic device includes one or more processors identifying one or more companion electronic devices operating within a wireless communication radius of the wearable electronic device. One or more sensors identify the wearable electronic device being within a predefined distance of a companion electronic device. A wireless communication circuit, responsive to the one or more processors, delivers an authentication credential to the companion electronic device in response to the one or more sensors identifying that the wearable electronic device is within the predefined distance of the companion electronic device. The one or more sensors thereafter detect a gaze of an authorized user of the wearable electronic device being directed at the companion electronic device, where the wireless communication circuit delivers an actuation command to the companion electronic device.

Abstract: A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Abstract: Techniques for assessing risks of IoT devices. A system utilizing such techniques can include a packet analysis based IoT device risk assessment system and an IoT device risk assessment system. A method utilizing such techniques can include extraction of IoT device risk factors from a device profile of an IoT device and application of assessment weights to the IoT device risk factors to assess a risk level of an IoT device.

Abstract: An electronic device including a first memory configured to store authorization information; a first processor configured to access the first memory; a second memory; and a second processor configured to access the second memory. The first processor is configured to check state information related to a battery state of the electronic device while the electronic device is in a first state; if the state information satisfies a first specified condition, provide authorization information to an external device in the first state so that the external device performs authorization using the authorization information; and if the state information satisfies a second specified condition, copy the authorization information into the second memory in the first state and convert the electronic device to a second state in which power consumption thereof is less than that in the first state.

Abstract: A method for operating an aggregator in an electronic commerce system includes receiving ciphertexts and signatures transmitted from multiple clients, each ciphertext encrypting noisy plaintext data of a category of information for a user that purchased a product, generating sums of the ciphertexts and the signatures, verifying the sum of the ciphertexts with a homomorphic signature system based on the sum of the signatures and homomorphic verification data, decrypting the sum of the ciphertexts in a private stream aggregation (PSA) process based on homomorphic decryption data to generate a sum of noisy plaintext data in response to a success of the verification, and identifying aggregate statistical information transmitted from the clients based on the sum of noisy plaintext data while preserving differential privacy of the clients.

Abstract: Implementations of the present specification provide a blockchain-based transaction method and apparatus, and a remitter device. The method includes: calculating a transaction amount commitment, a first commitment random number ciphertext, and a second commitment random number ciphertext; and submitting transaction data to the blockchain, the transaction data including the transaction amount commitment, the first commitment random number ciphertext, and the second commitment random number ciphertext, for the transaction amount commitment and the first commitment random number ciphertext to be recorded into a remitter account, and the transaction amount commitment and the second commitment random number ciphertext to be recorded into a remittee account.

Abstract: Hosted server implementation is provided for intermediating anonymous firm matching and exit strategy negotiations. The system generates user accounts in response to user interaction with a hosted server interface, and matches client users based on at least an industry type and user-selected criteria, and electronically presents users with anonymized profiles corresponding to the users matched therewith. Responsive to selection of an anonymized profile, the system enables confidential and anonymous sharing of client user data corresponding to the selection criteria. Further responsive to authorization from each corresponding client user, the system generates intermediated and anonymous correspondence between a first client user and selected client users via a hosted server platform, wherein the hosted server interfaces substantially prevent identification of either client user participating in the intermediated correspondence.

Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with managing a federated identity environment based on application availability includes identifying a current status of one or more applications. Next, a response to a received request is generated based on the identified current status and a status of user authentication, wherein the generated response comprises an access token and a notification message corresponding to the identified current status. The generated response is provided to the client.

Abstract: A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. The software in turn uses the result of the stateless look up to perform the stateful connection flow handshaking and to determine the result of the stateful packet classification.

Abstract: A method to assess network vulnerabilities of devices may include accessing, by a relay device, a network that includes a firewall to separate the network from external networks such that the relay device is coupled to the network from behind the firewall attached to the network. The method may further include establishing a communication channel over a secondary network between the relay device and a monitor system. The method may further include detecting one or more devices behind the firewall attached to the network by the relay device. The method may also include after establishing the communication channel and detecting the one or more devices and while the relay device is coupled to the network from behind the firewall attached to the network, performing, by the monitor system, one or more network vulnerability assessments on the one or more devices via network communications that pass through the relay device.

Abstract: The disclosed embodiments relate to systems and methods for secure and efficient resource access using distributed directory caching techniques. Techniques include obtaining, from a directory service, client directory data associated with a client; providing the client directory data to a computing device associated with the client for caching on the computing device; identifying a request from the client; receiving, from the computing device, the client directory data that was cached on the computing device; and evaluating the request based on the received client directory data.

Abstract: A set of certificates are received at a gateway device from a management server, where each one of the certificates was generated by the management server upon determination that the gateway device is associated with a respective wireless sensing device (WSD). The gateway device receives from a first WSD an advertisement message indicating it is available for connecting to a gateway device. In response to confirming based on a first certificate of the set of certificates associated with the first WSD, that it is authorized to connect to the WSD, the gateway device transmits to the first WSD the first certificate and an identifier of the gateway device for enabling authentication of the gateway device at the WSD. The gateway device receives data from the first WSD, upon confirmation at the WSD that it is authorized to connect with the gateway device.

Abstract: Disclosed herein is a method for electronic authentication, validation, storage, and third party verification of documents by a document service. The method provides a system for authenticating a user by a process that includes presentation of photo identification by the user and generation of an authenticated user code. The user then requests transfer of a document to the document service. The document service then validates, encrypts, and stores the document and associated metadata. A request for verification by a third party is responded to by the document service if the user sends the authenticated user code to confirm permission for verification by the document service.

Abstract: An entity runs in background mode on a computing device and automatically determines when the current user is attempting to open an age-restricted app. The age of the user is automatically determined, e.g., by passively capturing a biometric image and estimating the user's age. A camera on the computing device can be used to take a picture of the user, and a facial image can be recognized in the picture by applying a facial recognition algorithm. The age of the user can be estimated based on the facial image, by applying an age estimation algorithm. The app is locked responsive to determining that the user's age does not meet a corresponding requirement. A communication can be transmitted to the primary user of the computing device, indicating that the current user of the device unsuccessfully attempted to open the app, optionally including a picture of the user.

Abstract: In one example, the present disclosure describes a device, computer-readable medium, and method for multi-phase protection of digital content. For instance, in one example, a method includes receiving a request for digital content from a client device, initiating a digital content protection process comprising a plurality of phases, where each phase of the plurality of phases includes verifying credentials provided by the client device, delivering a plurality of seeds to the client device, wherein each individual seed of the plurality of seeds is delivered to the client device upon a successful completion of one phase of the plurality of phases, encrypting the digital content, using an encryption key derived using the plurality of seeds, to generate encrypted content, and delivering the encrypted content to the client device.

Abstract: Methods, systems, and computer program products are described herein for the classification, tagging, and protection of data objects. Such techniques may be imposed on the data objects automatically regardless of whether the data objects are created/generated/interacted/downloaded/uploaded/accessed on the cloud-based environments and/or on-premises environments. The foregoing techniques are orchestrated from a centralized policy that is treated uniformly regardless of the data objects' environment. Once a data object is identified, it is classified based on multiple criteria and a tag is associated therewith. An enforcement action may be applied to the data objects based on a defined policy. The tag attached to the data object may be used to search for related audit logs that track accesses to the data object. By associating the tag and protection persistently, data object(s) are treated uniformly (i.e., in the same manner) regardless of what environment it is in.

Abstract: Different database deployments, or other data system deployments, may want to communicate with each other without sacrificing security or control. To this end, embodiments of the present disclosure may provide secure message exchange techniques for a source and/or target deployment. Configurable rule sets may be stored in the deployments; the rule sets may define what messages may be communicated between deployments. The deployments may implement a selective filtering scheme in one or more stages based on the rule sets to filter outgoing and/or incoming messages.

Abstract: A user authentication system that analyzes call forwarding information obtained from telecommunication networks, such as through the use of Signaling System No. 7 (“SS7”) protocols, to detect the possibility of fraud. In response to a request to access a network-accessible service, the system performs an initial authentication of provided user account credentials. The system then obtains a telecommunication subscriber identifier that is associated with the user account. Prior to performing additional device-based user authentication, the system obtains call forwarding information for the user. The obtained call forwarding information is then evaluated for potentially fraudulent call forwarding configurations. For example, call forwarding to certain call forwarding numbers, or the use of different call forwarding types, may be indicative of fraud intended to undermine further user authentication.

Abstract: FIDO (“Fast IDentity Online”) authentication processes and systems are described. In an embodiment, a FIDO (“Fast IDentity Online”) authentication process includes a FIDO information systems (IS) computer system receiving a FIDO authentication request for a transaction from a user device, the FIDO authentication request including user data and user device authenticator data, then verifying the user data and user device authenticator data, selecting a FIDO-certified server based on a list of authorized authenticators, business rules and the user device authenticator data, and transmitting the FIDO authentication request to the selected FIDO server. The process also includes the FIDO IS computer system receiving an authentication result from the FIDO-certified server, and transmitting the authentication result to the user device.