Abstract: A system, method, and apparatus are provided for securely controlling operations of a data processing system in which security subsystem is activated to provide security services by responding to a security service request, evaluating the request against an adjustable set of system security policies to determine if the security service request is granted access to a protected asset, by generating a response to the security service request using the protected asset if the security service request is granted access to the protected asset, by adjusting a security access policy for the protected asset in the adjustable set of system security policies, and by sending the response from the security subsystem to the external application subsystem.

Abstract: A system and method for privacy policy enforcement to ensure reconciliation between users communicating via an open system interconnection (OSI) communication architecture, with receiving of a privacy policy for at least one user's device and a usage policy for at least one user, receiving encryption codes, receiving private data from a first user to be sent to a second user, encrypting by a first server the received data, receiving a privacy policy enforcement vector, and performing selective decryption, by a second server, for each data segment, wherein data segments that correspond to a match between the privacy policy and usage policy are decrypted, and wherein at least one of the first server and the second server is external to the first user and second user.

Abstract: Techniques are disclosed for transmitting a secure message over a public or untrusted network. The techniques include receiving a message and creating multiple hash values of the message. A sending device signs and encrypts the message and hash values, then encapsulates and transmits to the message and hash values a security server. The security server receives and de-encapsulates the message and hash values, decrypts the message and hash values, and verifies the signature. The security server verifies the hash values and determines whether any changes were made to the message during transmission. If verified, the security server processes the message for transmission to the recipient. The security server creates multiple hash values of the original message, signs and encrypts the message and the hash values, encapsulates the message and hash values and transmits to a recipient device for further verification and presentation to the recipient.

Abstract: The intrinsic data generation device of the disclosure includes a modulation control part outputting a modulation control signal for controlling modulation, a modulation part modulating a signal based on the modulation control signal and outputting a modulated modulation signal, a PUF circuit specifying a relationship between input data and output data based on random variation intrinsic to the device and changing the output data based on the modulation signal, a data holding part holding the output data from the PUF circuit in response to the modulation control signal, and an intrinsic data output part outputting intrinsic data based on the output data provided from the data holding part.

Abstract: A key exchange technique of performing a key exchange among N (?2) parties, which can conceal metadata on communication, is provided. A key exchange method includes: a first key generation step in which a communication device Ui generates a first key; a first anonymous broadcast step in which the communication device Ui anonymously broadcasts the first key with a set R?{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the first key with ? being designated for i?{n+1, . . . , N}; a second key generation step in which the communication device Ui generates a second key; a second anonymous broadcast step in which the communication device Ui anonymously broadcasts the second key with the set R?{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the second key with ? being designated for i?{n+1, . . . , N}; and a session key generation step in which the communication device Ui generates a session key SK for i?{1, . . .

Abstract: Some examples relate to identifying a security vulnerability in a computer system. In an example, via a NAND flash memory, a computer system may be scanned to obtain information related to a software program, based on a rule set defined in a management controller (e.g., baseboard management controller (BMC)) on the computer system. The NAND flash memory may obtain metrics related to the software program via the BMC. The NAND flash memory may analyze the information related to the software program along with the metrics related to the software program to identify a security vulnerability in the computer system. The NAND flash memory may provide the information related to the security vulnerability in the computer system to the BMC.

Abstract: A system which comprises a series of native applications, suited to run on mobile devices, and a series of web-based applications for which functionality and processing are optimized. The native applications and the web-based applications are coordinated to optimize processes of acquiring, storing and disseminating data for speed, integrity and security.

Abstract: Aspects of the disclosure relate to detecting and protecting against cybersecurity attacks using unprintable tracking characters. A computing platform may receive a character-limited message sent to a user device. Subsequently, the computing platform may detect that the character-limited message sent to the user device includes suspicious content. Then, the computing platform may generate a modified character-limited message by inserting one or more special characters into the character-limited message and cause transmission of the modified character-limited message to the user device. Next, the computing platform may receive, from the user device, a spam report that includes the modified character-limited message. Then, the computing platform may identify a presence of the one or more special characters included in the modified character-limited message and adjust one or more filters based on the identification.

Abstract: A system and methods for protecting a serverless application, the system including: (a) a serverless application firewall configured to inspect input of the serverless function so as to ascertain whether the input contains malicious, suspicious or abnormal data; and (b) a behavioral protection engine configured to monitor behaviors and actions of the serverless functions during execution thereof.

Abstract: The present disclosure describes systems, apparatuses, and methods for obfuscation-based intellectual property (IP) watermark labeling. One such method comprises identifying, by one or more computing processors, a specific net within an integrated circuit design that is likely to be used in a malicious attack; and adding additional nets to the integrated circuit design that add additional logic states to a finite state machine present in the integrated circuit design. The additional logic states comprise watermarking states for performing authentication of the integrated circuit design, in which a watermark digest can be captured upon application of secret key inputs to the additional nets. Other methods, systems, and apparatuses are also presented.

Abstract: Aspects of the disclosure relate to an electronic document sharing and signing (DSS) ecosystem for electronic document authentication and authorization. The DSS ecosystem may preferably provide a communication platform between a first user information database associated with a first entity and a second user information database associated with a second entity. The DSS ecosystem may include a signer information database. The signer information database may be coupled to the first user information database and the second user information database. The signer information database may be configured to be readable by the first entity and writeable to by the first entity, and readable by the second entity but not writeable to by the second entity. The signer database may include a list of signatory names associated with the first entity, and a plurality of electronically signed documents. Each of the documents may include an electronic signature applied by a signatory whose name appears on the signatory list.

Abstract: Systems and methods are disclosed that minimize ongoing risk to an organization from user behaviors which magnify the severity of a spoofed domain. Systems and method are provided which enable an entity and users of an entity to identify potential harmful domains, combining search, discovery, reporting, the generation of risk indicators, end-user risk assessments, and training into a security awareness system.

Abstract: A system includes a memory and at least one processor to set a network throughput level setting to a default network traffic rate in a computer network, begin a data protection operation at the network throughput level setting in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, dynamically adjust the network throughput level setting in response to the condition by one of decreasing the network throughput level setting by a network traffic rate increment and increasing the network throughput level setting by the network traffic rate increment, and dynamically shape network or storage traffic for the data protection operation using the network throughput level setting.

Abstract: Systems and methods are provided for augmenting the services of SM-DP and SM-DP+ based mobile network systems. These systems and methods enable securing, in advance of arrival at the mobile network system, connectivity services (e.g., limited, short or one-time) or long-term subscription for eSIM/iSIM capable devices/machines. Such connectivity services may be purchased or booked in advance from a local or foreign network operator with service to be activated immediately or at a point in the future. For example, a traveler to a foreign country can pre-purchase (at the travel booking stage) mobile connectivity for use during upcoming travel to a foreign network. The corresponding service can be activated at the time/date of arrival for the selected period.

Abstract: Technology related to a network application firewall is disclosed. In one example, a method includes intercepting a response from a network application and destined for a client. The response can be associated with a user identifier. A modified response can be forwarded to the client. The modified response can include a honeytrap embedded within the intercepted response. Engagement with the honeytrap can be detected in a subsequent request to the network application. In response to detecting the engagement with the honeytrap, an indication that the user identifier is malicious can be stored.

Abstract: In various embodiments, a computer-implemented method for generating and verifying officially verifiable electronic representations may be disclosed.

Abstract: An enterprise-grade network security system is described herein. An enterprise-grade network security system may ensure that a consumer-managed network conforms with security standards for a company. In this manner, potential cyber threats may be prevented from infecting centralized company resources. An enterprise-grade network security system may include hardware, software, applications, and a strategic intelligence platform utilizing machine learning and artificial intelligence to identify potential security risks.

Abstract: A method for execution by a computing device of a storage network includes dispersed storage error decoding a plurality of sets of encoded data slices to recover a plurality of secure packages, where the plurality of secure packages include a plurality of encrypted data segments and a plurality of sets of encoded key slices, and where encoded key slices are appended to the encrypted data segments in accordance with an appending approach. The method includes splitting the plurality of secure packages into the plurality of encrypted data segments and the plurality of sets of encoded key slices. The method includes decoding the at least the decode threshold number of each set of the plurality of sets of encoded key slices to recover a plurality of encryption keys. The method includes decrypting the plurality of encrypted data segments using the plurality of encryption keys to recover the data segments.

Abstract: An authentication system includes an authenticator that receives an authentication request from a device and receives sensor data from one or more sensors, the sensor data being indicative of interaction with one or more real world objects or with a displayed authentication image. The authenticator determines that the sensor data is indicative of an authorized interaction with the one or more real world objects or with the displayed authentication image and, in response to the determination, grants the authentication request.

Abstract: Techniques for securing control and user plane separation in mobile networks (e.g., service provider networks for mobile subscribers, such as for 4G/5G networks) are disclosed. In some embodiments, a system/process/computer program product for securing control and user plane separation in mobile networks in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an Packet Forwarding Control Protocol (PFCP) message associated with a new session, in which the mobile network includes a 4G network or a 5G network; extracting a plurality of parameters from the PFCP message at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network.