Abstract: A wireless local area network (WLAN) access method includes sending, by a terminal, a request for querying an available wireless access point to a server. The method further includes sending, by the server according to the query request, obtained information about the available wireless access point. The method further includes receiving, by the terminal, wireless access point information returned by the server, and determining a specific wireless access point from the received wireless access point information. The method further includes sending, by the terminal, an authentication information request of the specific wireless access point to the server. The method further includes when receiving the request, sending, by the server, authentication information corresponding to the specific wireless access point to the terminal, where the authentication information is used to connect the terminal to the specific wireless access point.

Abstract: A user equipment device (UE) establishes a communication session with a wireless network, and receives, from the wireless network, a message that includes scheduling data that schedules a power-saving mode (PSM) at the UE. The UE interrupts, at a first time based on the scheduling data, a supply of power to a modem of the UE. The UE provides, based on the scheduling data at a second time that is subsequent to the first time, power to the modem.

Abstract: An information processing apparatus according to an embodiment includes a list storage unit and processor. The list storage unit stores therein allow lists for module processing types, and each allow list describes an execution-permitted system operation. The processor functions as an operation detecting unit, a process specifying unit, a log specifying unit, a type specifying unit, and an output unit. The operation detecting unit detects execution of any of system operations. The process specifying unit specifies a target process that has executed execution-detected system operation. The log specifying unit specifies a target operation log. The type specifying unit specifies a type of target module processing that executed execution-detected system operation by analyzing the target operation log. The output unit outputs anomaly information when the allow list for the target module processing type does not include the execution-detected system operation.

Abstract: A system for managing communication between building management system (BMS) devices includes a memory and a controller. The memory includes instructions stored thereon. The controller is configured to execute the instructions to implement an agent manager, a zone manager, and a channel manager. The agent manager is configured to generate an agent for each of the BMS devices. The zone manager is configured to define at least one zone relating to a physical location zone or a building control zone. The channel manager is configured to generate a communication channel associated with the at least one zone. The channel manager is further configured to manage registration of an agent to the communication channel, wherein an agent is configured to communicate over a communication channel in response to being registered to the communication channel.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: Disclosed are various embodiments for decentralizing the authentication or verification of data. An identity key can be generated for a data item. A request can then be sent to an authentication provider for authentication of the data item, the request comprising the identity key and the data item. A verified claim for the data item can then be received in response. Subsequently, an identity document is generated, the identity document comprising the identity key for the data item and the verified claim. Finally, the identity document can be stored in a distributed ledger.

Abstract: A private communication set-up service enables scalable private connectivity between producers and consumers residing within a public cloud environment. A producer exposes metadata information about a new or updated resource within the public cloud environment using a tag. The system monitors the public cloud environment for tagged metadata about new resources and configures a producer-side service to a private link. Subsequently, the system exposes metadata information about the private link. The system monitors for tagged metadata about private links and configures the consumer-side private link endpoint to the private link. The producer and the consumer communicate using the configured private link.

Abstract: A domain proxy receives a request from a base station for allocation of a first portion of a frequency band to support cellular communication in a geographic area that is indicated in the request. The frequency band is available for exclusive allocation to an incumbent device. The base station is required to vacate the first portion of the frequency band in response to the incumbent device arriving in the geographic area and being allocated a second portion of the frequency band that overlaps with the first portion. The domain proxy accesses a policy for the base station from a database and, based on the policy, selectively provides the request to a spectrum access server (SAS) that is responsible for allocating portions of the frequency band.

Abstract: An embodiment includes identifying which of a plurality of participants of a web conference is an identified participant associated with a selected cluster of a plurality of clusters of audio feed data of an audio feed of the web conference based on a self-introduction in the selected cluster. The embodiment also generates a first preliminary leadership score for the identified participant based on a speaking duration value associated with the identified participant and generates a second preliminary leadership score for the identified participant using a selected video segment as an input for a machine learning classifier model. The embodiment calculates a final leadership score for the identified participant based on the first and second preliminary leadership scores. The final leadership score is representative of a likelihood that the identified participant is a supervisor, and is indicative of the identified participant being a supervisor if it exceeds a designated threshold value.

Abstract: Methods to securely remediate a captive portal are provided. In these methods, a processor of a user device detects a connection, via a network, to a captive portal. Based on the detected connection to the captive portal, the processor launches a dedicated secure web browser, and selectively restricts access of the user device to the network in order to only allow, via the dedicated secure web browser, communications related to remediation with the captive portal.

Abstract: This disclosure describes a cyber-security protocol for validating messages being exchanged between two devices of an autonomous vehicle. The protocol includes the independent generation of multiple encryption or session keys by both devices. The encryption keys are generated based on a random number provided by each device. In some embodiments, the random numbers can be accompanied by a shared secret key installed on both devices that can help prevent an unauthorized device from creating a shared set of encryption keys with one of the devices. Including a hash generated using one of the encryption keys and a message sequence counter value in each message can help prevent the injection of previously transmitted messages as a means of disturbing operation of the autonomous vehicle.

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Using deceptive endpoints, attacks directed to API endpoints can be detected, and attackers can be monitored or blocked. Deceptive endpoints can be automatically generated by modifying valid endpoints for an application. Deceptive endpoints are not valid endpoints for the application, so if a deceptive endpoint is accessed, it is an indication of an attack. When a deceptive endpoint is deployed, accessing the deceptive endpoint can cause an alert to be generated, and an account, user, or device associated with accessing the deceptive endpoint can be blocked or monitored.

Abstract: Systems and methods for determining whether a voice biometrics credential provides a reliable mechanism for authenticating a user are provided. The method includes receiving at least one set of voice data from the user; determining, based on the received at least one set of voice data, a value of at least one parameter that corresponds to a user-specific voice biometrics credential; obtaining at least one user-specific item of information; accessing at least one business rule that relates to the user; and determining, based on the at least one set of voice data, the at least one user-specific item of information, and the at least one business rule, whether the user-specific voice biometrics credential is usable for authenticating the user.

Abstract: One example method includes correlating trust scoring with authentication levels. Trust scores are protected in a computing system such that devices can be validated. Authentication levels are based on the verified trust scores.

Abstract: A machine data validation system can track and validate the integrity of machine data generated by machines. The system can generate hashes for the items and batch hashes that can be validated using an immutable data store, such as a blockchain. The system can implement a tiered blockchain structure to efficiently store and reference the hashes to validate the machine data at different times or upon request from an end-user.

Abstract: Establishing secure communications by sending a server certificate message, the certificate message including a first certificate associated with a first encryption algorithm and a second certificate associated with a second encryption algorithm, the first certificate and second certificate bound to each other, signing a first message associated with client-server communications using a first private key, the first private key associated with the first certificate, signing a second message associated with the client-server communications using a second private key, the second private key associated with the second certificate, the second message including the signed first message, and sending a server certificate verify message, the server certificate verify message comprising the signed first message and the signed second message.

Abstract: Generally discussed herein are devices, systems, and methods for improving cloud resource security. A method can include obtaining a cloud resource management log that details actions performed by users of cloud resources in a cloud portal, the actions including entries comprising at least two of a user identification (ID) of a user of the users, an operation of operations performed on the cloud resource, a uniform resource identifier (URI) of a cloud resource of the cloud resources that is a target of the operation, or a time the operation was performed. The method can include determining a respective score for each action in the cloud resource management log, comparing the respective score to a specified criterion, and providing an indication of anomalous action in response to determining the respective score satisfies the specified criterion.

Abstract: Aspects of a storage device including a memory and an encryption core are provided. The storage device may be configured for providing secure data storage, as well as one or more post-processing operations to be performed with the data. The encryption core, which may be configured to decrypt data, may control execution of one or more post-processing operations using the data. A read command received from a host device may include a tag associated with data identified by the read command. When encrypted data is retrieved from memory according to the read command, the encryption core may decrypt the encrypted data and provide the decrypted data for post-processing based on the tag. A corresponding post-processing operation may return a result when executed using the decrypted data. Rather than raw data identified by the read command, the result may be delivered to the host device in response to the read command.

Abstract: System and methods of brokering trust across multiple Authentication and Authorization methods in a multi-domain, multi-operator, private and public cloud networks are identified. A Digital Trust Broker (DTB) is disclosed that brokers trust between infrastructure authentication methods that use digital certificates (PKI) and operator/enterprise Authentication/Authorization methods through interaction with multiple operator/service provider control and management platforms. The Digital Trust Broker interacts with vendor management and security platforms for associating device manufacturing, assembly, supply-chain, and logistics attributes for assuring trust of compute, network, storage and other system components that a high security enterprise or service provider acquires and installs in their networks. Additionally, methods of generating enhanced certificates for secure network slices and other Cloud and SDN hosted virtual network functions as trust assured services are also disclosed.

Abstract: A system including a processor and a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to process access permission type-specific access permission requests from enterprise users in an enterprise, the system including access permission type-specific access permission request receiving functionality operable for receiving at least one request for at least one access permission type-specific access permission of at least one user to at least one data element in the enterprise, and access permission type-specific access permission request output providing functionality operable for employing information pertaining to ones of the enterprise users having similarities to the at least one user with respect to at least the access permission type-specific access permission to the data elements in order to provide an output indication of perceived appropriateness of grant of the request.

Abstract: Techniques for generating and executing an execution plan for a machine learning (ML) model using one of an edge device and a non-edge device are described. In some examples, a request for the generation of the execution plan includes at least one objective for the execution of the ML model and the execution plan is generated based at least in part on comparative execution information and network latency information.

Abstract: The present disclosure relates generally to authentication of voice communications. Methods performed by a user device for mutually authenticated communications can include creating a first communication channel with a backend, creating a secure session across a second communication channel with the backend, receiving a first identification message from the backend via the second communication channel, receiving a second identification message from the backend via the first communication channel, sending an attestation that the second identification message matches the first identification message to the backend via the second communication channel, receiving a second step authorization instruction from the backend via the second communication channel, assessing the identity of the user, and delivering an authorization response to the backend via the second communication based of the assessed identity of the user.

Abstract: An immersion cooling system includes an electronic component, a thermally conductive dielectric liquid, and a tank defining a tank interior configured to receive the electronic component and the thermally conductive dielectric liquid for cooling the electronic component. The immersion cooling system also includes a wall positioned external to the tank to coordinate with the tank to define an overflow gap extending between the tank and the wall. The overflow gap is configured to receive an overflow of the thermally conductive dielectric liquid from the tank interior.

Abstract: Systems and methods for dynamic IP address whitelisting are disclosed. These techniques allow for better management of IP addresses and improve computer system and network security. In one embodiment, a system may execute a first task, at a first frequency, that includes determining, based on registered account activities corresponding to registered accounts with a service provider, at least one IP address associated with at least one registered account with the service provider. The first task may further include adding the at least one IP address to a dynamic whitelist (e.g., allowlist) of IP addresses. The system may execute a second task, at a second frequency, that includes removing, from the dynamic whitelist, at least one existing IP address identified as inactive. Thus, in various embodiments, inactive IP addresses can be removed from a whitelist while active IP addresses are periodically re-verified.

Abstract: A method and system for automatically associating an Internet addressable endpoint device of an end-user with an account of the end-user at a remote system supporting a plurality of Internet addressable endpoint devices each associated with a respective end-user.

Abstract: A method to determine, by a computing system, a trust score for a network entity in a computer network, the trust score for the network entity indicating a level of trust in the network entity; and modifying, by the computing system, a traffic pattern of the computer network based on the trust score for the network entity.

Abstract: A computer-implemented method and system for global device management architecture with regional autonomy for devices on a cellular network are disclosed. The computer implemented method for optimizing device management architecture for IoT devices includes providing device information to a server in a master node for registering a device with the master node; providing rules to assign the device to at least one node based on the device information; assigning the device to the at least one node in response to the rules; and automatically configuring the device to connect the device to the assigned node.

Abstract: Methods, systems, and apparatuses for improved content delivery are described herein. During delivery of content to one or more user devices of a content distribution network (CDN), a content session may be created for each user device. During each content session, each user device may send one or more upstream communications, such as heartbeat signals and bitrate requests, to the CDN. A monitoring module of the CDN may aggregate the upstream communications into session data. The monitoring module may use the session data to determine an impairment associated with content delivery to the one or more user devices.

Abstract: An image forming device includes a receiver and a switcher. The receiver receives data for executing a function of storing specific data in a preset private box. The switcher switches between first and second register modes when the function to be executed by using the data received by the receiver is copied into the image forming device. The first register mode is a mode in which a private box is manually registered in the image forming device. The second register mode is a mode in which a private box is automatically registered in the image forming device.

Abstract: This application provides a message processing method, an access controller, and a network node. The method includes: an access controller receives a first message used to obtain Internet Protocol (IP) address information for a user-side device and a first access loop identifier of a first network node, where the first message and the first access loop identifier are sent by the first network node, the first access loop identifier is not carried in the first message; the access controller obtains an authentication, authorization and accounting (AAA) message according to the first access loop identifier, wherein the AAA message comprises the first access loop identifier; and the access controller sends the AAA message to an AAA server.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for dynamic resource interaction allocation based on geographic positioning and usage category information associated with a resource interaction system. The invention receives a base positional location and category of usage for a resource interaction system. The invention determines a set of parameters to be used for interactions having characteristics meeting the determined base positional location and category of usage information. When it receives a proposed interaction from a requesting system containing geographic information and usage category information associated with the proposed interaction, it determines whether the geographic information and usage category information associated with the proposed interaction correspond to the base positional location and category of usage for the resource interaction system.

Abstract: Novel tools and techniques for are provided for implementing a hybrid spectrum access system and access probe framework. A system includes a base station coupled to a network, a spectrum access system, and user equipment coupled to the base station and the spectrum access system. The user equipment is configured to transmit, to the base station, a first network access request following a first access sequence while transmitting signals under a first power limit. If no response is obtained from the base station, the user equipment is configured to transmit a second network access request above the first power limit, but under a second power limit. The user equipment is configured to obtain spectrum access from the spectrum access system and transmit a second network access request to the base station.

Abstract: A wireless network device, for use within a wireless network, comprising: a processor; a memory; and an interface for receiving and transmitting data; wherein the wireless network device is adapted to: determine a first cost associated with communication between the wireless network device and a client device to which the wireless network device is connectable; determine a second cost associated with communication between the client device and a further wireless network device to which the client device is connectable; determine whether the first cost or the second cost is the lower cost; and if the second cost is the lower cost, the wireless network device is adapted to guide the client device to communicate with the further network device.

Abstract: Methods and systems for providing a wireless communication service are disclosed. A device identifier for a wireless communication service can be used to generate a connection profile (e.g., communication profile, wide-area network profile, service profile, network profile, etc.) for the wireless communication service that requires credentials for authentication. The connection profile can be generated in response to a user accessing or signing up for the wireless communication service. The connection profile can comprise a username that includes and/or mirrors the device identifier and a password generated by inputting the device identifier into a predefined function. The connection profile also can comprise an authentication identifier. A service provider applies a specific type of authentication for devices that provide the authentication identifier as part of an authentication request message.

Abstract: A method for detecting unauthorized eavesdropping. A first subscriber determines a transit time for the transmission of data to a second subscriber, adds the random value to the transit time to obtain a waiting time, waits for the waiting time, creates a data packet containing a time stamp and transmits this data packet to the second subscriber. The second subscriber records the time it receives the data packet and compares it with the time stamp contained in the data packet, determines that the data packet has arrived either: before the time indicated in the time stamp, more than a predefined tolerance time after the time indicated in the time stamp, or before or more than a predefined tolerance time after a time at which it can be expected in the second subscriber as an indication that communication between the first subscriber and the second subscriber is being eavesdropped on.

Abstract: Disclosed herein are systems and methods for continuous user authentication during access of a digital service. In an exemplary aspect, a continuous authentication module may receive, at a computing device, initial authentication credentials of the user. The initial authentication credentials enable access to a service via the computing device. While the service is being accessed, the continuous authentication module may continuously monitor whether an unauthorized user has replaced the user in accessing the service by comparing usage attributes of the service with historic usage attributes associated with the user. In response to determining that the unauthorized user has replaced the user, the continuous authentication module may cease the access to the service via the computing device.

Abstract: A system for providing security to a fleet of vehicles, the system comprising: a plurality of modules, each module configured to monitor messages propagating in an in-vehicle network of a vehicle comprised in the fleet; a memory having data characterizing messages, and software executable to: identify an anomaly in communications over the in-vehicle communication network; and instruct a communication interface, configured to support communication with an entity external to the vehicle, to transmit monitoring data responsive to the messages; and a processor configured to execute the software in the memory; and a data monitoring and processing hub external to the vehicles comprised in the fleet and operable to receive transmission of monitoring data from the plurality of modules.

Abstract: A method for handling a security procedure in a MC communication system is provided. The method includes selecting, by a MC service server, the security procedure, including a signaling procedure parameter during a key management procedure, and indicating, by the MC service server, the selected security procedure to protect at least one MC service signaling field by including the signaling procedure parameter to at least a MC service client during the key management procedure.

Abstract: A method for distributing an application for an edge computing device performed by a computing device according to an embodiment of the present invention includes selecting a cluster including two or more edge devices from among a plurality of edge devices, distributing a first application to a second edge device included in the cluster, modifying routing information such that a service request incoming to a first edge device included in the cluster is transmitted to the second edge device, and replacing the first application running in the first edge device with a second application.

Abstract: Unstructured data items are stored at an object storage service. A filtering requirement to be used to generate a result set for an access request is determined. Using a transformed representation of the filtering requirement, a target set of tokens of the filtering requirement which are to be obfuscated within a log record is identified. A log record that comprises substitute tokens for the target set of tokens is generated and stored.

Abstract: A system for providing network services is provided. The system includes a device configured to interface with the network to receive a container, where the container is configured to interface with an operating system of the device and a plurality of applications operating on the device. The container is further configured to interface with a network services provider of one or more network services and one or more third party service providers.

Abstract: An information processing apparatus includes a processor configured to receive, from a first user, data and data identification information for identifying the data, generate association information that associates the data identification information with cloud-storage identification information for identifying a cloud storage for storing the data from among multiple cloud storages, and store the data in the cloud storage.

Abstract: A quantum entanglement communication service can be provided by detecting a request to access data stored at a first computer. In response to detecting the data access request, a request can be generated to request that a server computer generate an entangled particle pair. Measurement data can be received, the measurement data corresponding to a measurement observed after interacting a first bit of a token stored at a second computer with a first entangled particle from the entangled particle pair. An operation to perform on a second entangled particle of the entangled particle pair at the first computer can be determined and performed. A state of the second entangled particle can be measured to obtain a value, and a bit string can be generated, where the bit string can include a number that corresponds to the value.

Abstract: A method for controlling the admission of slices in a virtualized telecommunication network and the congestion generated between services with different priorities instantiated on the slices and likely to share a given quantity of resources comprising the following steps of: defining a priority scale to be assigned to the network slices, defining a low priority threshold, determining the quantity of available and used network resources sp(t) and xp(t), determining the quantity of resources allocated to slices with a priority lower than the low priority threshold and which may be temporarily assigned to new slices with a priority higher than the threshold, and determining the slices likely to be accepted into the network, taking into account the available resources and the priority of the slices.

Abstract: Described herein are methods and a system for managing devices in remote data centers using a cloud service user interface (UI). The cloud service UI receives device management requests to device management application program interface (API). At the cloud service side, the device management requests to device management application program interface (API) are intercepted and converted to device cloud management REST interfaces. The device cloud management REST interfaces to a remote data center of devices, and converted to device native API used to manage a specific device.

Abstract: Systems, devices, media, and methods are presented for transmitting shared visual content between networked devices with a linked source for the visual content by accessing and presenting visual content, receiving a network location for a network resource associated with the visual content, linking the network location to the visual content to generate linked visual content, and cause presentation of the linked visual content in a draft message within a graphical user interface.

Abstract: Generally discussed herein are devices, systems, and methods for improving phishing webpage content detection. A method can include identifying first webpage content comprises phishing content, determining, using a reinforcement learning (RL) agent, at least one action, generating, based on the determined at least one action and the identified first webpage content, altered first webpage content, identifying that the altered first webpage content is benign, generating, based on the determined at least one action and second webpage content, altered second webpage content, and training, based on the altered second webpage content and a corresponding label of phishing, a phishing detector.

Abstract: Systems and methods are provided for monitoring and logging all activity occurring in a system. The logged activity may include keystroke entries input into the system, user and/or application interactions with the system, access restriction conflicts, and the like. The logged activity may be stored in at least two datastores, at least one of which is an immutable, append-only datastore. Storage of the logged activity in the immutable, append-only datastore is performed using hash algorithms. Attempts at manipulating or at hiding malicious or unauthorized activity can be recognized due to all activity being captured in the immutable, append-only datastore.

Abstract: The disclosed embodiments can be used to automate the acquisition and management of user consents for one or more campaigns, thus reducing the possibility of unintended violations of consent requirements as compared with existing systems. In accordance with the disclosed embodiments, each user consent may be associated with at least three different values. The consent management system may be configured to filter consent values for various users and send user-consent requests to certain users based on their filtered user-consent values. In some disclosed embodiments, a user may provide consent to allow communications of the user's information to certain “connected parties.” The connected parties, moreover, may need to separately provide user consent(s) as necessary to effectuate communications for a campaign in compliance with one or more laws, rules, or regulations.

Abstract: An attack communication detection device that is robust against a deviation from the design value of a communication interval is provided.