Abstract: The present disclosure relates generally to authentication of voice communications. Methods performed by a user device for mutually authenticated communications can include creating a first communication channel with a backend, creating a secure session across a second communication channel with the backend, receiving a first identification message from the backend via the second communication channel, receiving a second identification message from the backend via the first communication channel, sending an attestation that the second identification message matches the first identification message to the backend via the second communication channel, receiving a second step authorization instruction from the backend via the second communication channel, assessing the identity of the user, and delivering an authorization response to the backend via the second communication based of the assessed identity of the user.

Abstract: An information processing system includes a file acquirer that acquires a file used in a meeting, an authentication processor that selects, if a password is set to the file acquired by the file acquirer, an authentication scheme of the password, based on meeting information about the meeting, and executes a process of authenticating the password by the selected authentication scheme, and a file executer that executes the file if the password is authenticated by the authentication processor.

Abstract: An apparatus and method for selectively revealing user data. User data may be stored on an immutable sequential listing and accessed through the immutable sequential listing. Processor of apparatus is configured to receive user-associated data to be stored in a resource data storage system. Processor is configured to sort the user-associated data into data sets and assigned an identifier to each data set. Identifier may be related to job history, education history, volunteer history, or the like. Processor is configured to receive a request to reveal data from a third-party and transmit data set to the requestor. Third party and data in data sets may be verified and validated.

Abstract: Systems, methods, and computer-readable media for context-based transfer and access of data include a producer which receives a request from a consumer to access a data block. The producer verifies whether a context associated with the consumer will allow access the data block, by providing a challenge to the consumer and obtaining a response, the response including a certification that the context associated with the consumer will allow the consumer to access the data block. Upon verifying that the context allows the consumer to access the data block, the producer transfers a data capsule, the data capsule including an encrypted version of the data block and a micro agent for monitoring access to the data block. The micro agent can interact with an operating system at the consumer to allow decryption and local access of the data block upon the data capsule being transferred.

Abstract: A method, an apparatus, and a storage medium for detecting vulnerabilities in software to protect a computer system from security and compliance breaches are provided. The method includes providing a ruleset code declaring programming interfaces of a target framework and including rules that define an admissible execution context when invoking the programming interfaces, providing a source code to be scanned for vulnerabilities; compiling the source code into a first execution code having additional instructions inserted to facilitate tracking of an actual execution context of the source code, compiling the ruleset code into a second execution code that can be executed together with the first execution code, executing the first execution code within an virtual machine and passing calls of the programming interfaces to the second execution code, and detecting a software vulnerability when the actual execution context disagrees with the admissible execution context.

Abstract: In one aspect, the present disclosure relates to a method including: determining whether first data representative of a first string of content used by a user to access an application is present within the data structure having positions that contain values representative of strings of content; responsive to determination that the first data is not present within the data structure, retrieving a value from an index using a key associated with the user, the value being derived from positions in the data structure that contain values representative of a second string of content previously used by the user to access the application; decrementing the values of the positions in the data structure representative of the second string of content to remove second data representative of the second string of content from the data structure; and adding the first data representative of the first string of content to the data structure.

Abstract: Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service.

Abstract: A network node (21), which is placed within a core network, receives a message from a transmission source (30) placed outside the core network. The message includes an indicator indicating whether or not the message is addressed to a group of one or more MTC devices attached to the core network. The network node (21) determines to authorize the transmission source (30), when the indicator indicates that the message is addressed to the group. Further, the message includes an ID for identifying whether or not the message is addressed to the group. The MTC device determines to discard the message, when the ID does not coincide with an ID allocated for the MTC device itself. Furthermore, the MTC device communicates with the transmission source (30) by use of a pair of group keys shared therewith.

Abstract: Secure methods, systems, and media for generating and verifying user credentials are provided. In some embodiments, the method comprises: receiving, from a user device, a request for access to a service that requires valid user credentials; determining an aspect of the user credentials that is to be satisfied to grant access to the requested service; transmitting, to the user device, a request for information related to the aspect of the user credential; receiving, from the user device, information related to the aspect of the user credential, wherein the information has been signed using a key associated with the user device; verifying the key used to sign the information by the user device; in response to verifying the key used to sign the information, determining whether the aspect of the user credential has been satisfied based on the received information; and, in response to determining that the aspect of the user credential has been satisfied, granting access to the service.

Abstract: Systems and methods for side-channel monitoring a local network are disclosed. The methods involve generating a program trace signal from at least one of power consumption, electromagnetic emission, or acoustic emanation of a control processor connected to the local network and operating a monitoring processor to detect a communication of a message on the local network; identify at least one purported control processor related to the communication; analyze the program trace signal of the at least one purported control processor relative to the communication; and at least one of an authenticate or verify one or more purported control processors of the at least one purported control processor based on the program trace signal of the at least one purported control processor.

Abstract: Methods and systems for detecting a privacy violation in an image file. A policy to be used by a master imaging application is obtained and a file system is monitored for a digital image modified by a monitored imaging application. It is then determined that the digital image file includes at least some content in violation of a defined setting for the master imaging application and, based on the determination that the digital image file includes at least some content in violation of the defined setting for the master imaging application, taking an action.

Abstract: Aspects of the present disclosure involve systems and methods for utilizing verified autonomous system (AS) network interconnections received via a cryptographically certified Recognized Operating Agency (ROA) object to generate an interconnect network model which may be used as a reference model to mitigate hijacking of network communications in downstream route announcements. In particular, AS networks may announce or share a cryptographically certified ROA object that includes a list of other AS networks to which the announcing network is connected. A router, server, or other networking device may receive ROA objects from multiple AS networks and generate a model or graph of the interconnectedness of the AS networks. Further, because each ROA object may be cryptographically certified or signed, the networking device may trust the information provided in the received ROA objects. The networking device may further verify announced routing information against the generated network model.

Abstract: A computer-implemented method for use with a database computer system including a database data set that includes machine readable data in the form of a plurality of records, the computer-implemented method comprising: (i) defining a plurality of sets of permission rule(s); (ii) receiving a first user profile for a first user; (iii) establishing a plurality of user identities to the first user; (iv) generating a plurality of tokens; and (v) for each given user identity of the first user, adding a given token of the plurality of tokens to the first user profile and associating the given user identity and the given token.

Abstract: Systems and techniques for detecting suspicious file activity are described herein. System for identifying anomalous data events is adapted to monitor a networked file system and receive an indication of a suspicious event associated with a user and a file. The system is further adapted to perform a pattern of behavior analysis for the user, perform an adjacency by time analysis based on a set of events before the suspicious event and a set of events after the suspicious event, and perform an adjacency by location analysis using a set of files located in a location of the file. The system is further adapted to determine whether the suspicious event is an anomalous event based on the pattern of behavior analysis, the adjacency by time analysis, and the adjacency by location analysis and display a report for the user including the anomalous event.

Abstract: Decoding includes sensing a packet related to SSL handshake for connecting a SSL between a client and a server after a TCP session has been established between the client and the server in an SSL decoding device. If the packet for an SSL handshake is transmitted in a preset operating system, an SSL between the client and the SSL decoding device and an SSL between the SSL decoding device and the server is established. A TCP session between a virtual client corresponding to the client and a virtual server corresponding to the server is also established. A packet transmitted/received between the virtual client and the virtual server is transmitted when the TCP session is established. If a first SSL packet transferred from the client to the SSL decoding device is received, the SSL packet is decoded and transmitted to the security device and to the server.

Abstract: A method and an apparatus for authority control, a computer device, and a storage medium, and relates to the field of the Internet technologies. The method includes: acquiring a configuration file according to a business scenario when a container is initialized, wherein the configuration file is managed outside the container; validating the configuration file in the container; receiving a user instruction; and identifying a type of the user instruction when the user instruction is an executable instruction. The method further including acquiring script content of a script file when the type of the user instruction indicates that the user instruction is the script file, wherein the script content includes at least one command statement; and performing a validity check on the at least one command statement based on the configuration file.

Abstract: The process includes acquiring, from a relay device that relays a packet between a first communication device and a second communication device, a plurality of first delay times generated by a round trip of the packet between the first communication device and the relay device, and a plurality of second delay times generated by a round trip of the packet between the second communication device and the relay device, sorting separately the plurality of first delay times and the plurality of second delay times based on a length of a delay time, and calculating device delay times based on a first delay calculation that calculates a difference between each of the plurality of first delay times and each of the plurality of second delay times in a same rank after the sorting.

Abstract: Systems and methods for side-channel monitoring a local network are disclosed. The methods involve generating a program trace signal from at least one of power consumption, electromagnetic emission, or acoustic emanation of a control processor connected to the local network and operating a monitoring processor to detect a communication of a message on the local network; identify at least one purported control processor related to the communication; analyze the program trace signal of the at least one purported control processor relative to the communication; and at least one of an authenticate or verify one or more purported control processors of the at least one purported control processor based on the program trace signal of the at least one purported control processor.

Abstract: Disclosed is a checksum generation and validation system and associated methods for dynamically generating and validating checksums with customizable levels of integrity verification. The system receives a file with data points defined with positional values and non-positional values, and differentiates a first set of the data points from a second set of the data points. The system generates a checksum based on a combination of two or more values from the positional values and the non-positional values of each data point from the first set of data points, and further based on exclusion of the positional values and the non-positional values of the second set of data points from the checksum. The system may use the checksum to verify the integrity of the data associated with the first set of data points.

Abstract: A processing apparatus (10) includes a dividing means (110). The dividing means (110) divides data into a plurality of pieces of partial data by degree of importance, based on a content of the data. Then, first partial data and second partial data having a degree of importance higher than that of the first partial data are held separately from each other. The data are, for example, sensor data or camera data constituted of a plurality of values. For example, the second partial data are encrypted.