Abstract: This disclosure provides systems, methods, and apparatuses for wireless communication performed by a wireless communication device. An example wireless communication device includes an access point (AP) multi-link device (MLD). The AP MLD transmits a beacon frame to a wireless station (STA) MLD, the beacon frame including a plurality of AP medium access control (MAC) addresses of respective APs belonging to the AP MLD. The AP MLD receives an association request from the STA MLD, the association request including a plurality of STA MAC addresses of respective STAs belonging to the STA MLD. The AP MLD generates, during a handshake operation with the STA MLD, one or more encryption keys configured to encrypt communications between the AP MLD and the STA MLD. The AP MLD verifies the plurality of STA MAC addresses based at least in part on the one or more encryption keys.

Abstract: A fully-automated, defensible and highly-scalable system for disposition decisioning and, where applicable deleting previously archived electronic communications. In this regard, the present invention is capable of determining, on an individual e-communication basis, whether an e-communication should be deleted/purged from archive or retained in archive taking into account applicable rules and policies based on the geographic location from which the e-communication was sent, received or posted, as well as, based on the status on the sender/poster and/or recipient.

Abstract: Techniques for governing access to third-party application programming interfaces (API's) are disclosed. A proxy service exposes an API configured to receive requests, from user-facing services, to perform functions of backend services. The proxy service stores a usage policy that defines a criterion that is (a) different from any authorization criterion and (b) associated with using a function of a backend service. The proxy service receives a request to perform the function of the first backend service for a user-facing service and determines that the request does not satisfy the usage policy. Based on determining that the request does not satisfy the usage policy, the proxy service refrains from accessing the backend service to perform the function responsive to the request, and transmits an alert to the user-facing service indicating that the request does not satisfy the usage policy.

Abstract: Techniques for hash based flexible scanning are described. A method of hash based flexible scanning may include obtaining a sample from a sample source, determining a size of the sample, generating one or more hashes of one or more blocks of the sample based on the size of the sample, and determining whether the sample is associated with a known threat by comparing the one hashes of the one or more blocks to hashes in a threat database.

Abstract: Embodiments are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application).

Abstract: This application discloses a data processing method, system, and apparatus, a storage medium, and a device, and belongs to the field of database technologies. The method includes receiving, a trigger request; triggering, according to the trigger request, the first cloud encryptor to store a root key seed, an operating policy, a data key seed, and a data key identifier, and triggering the database proxy to store an encryption data dictionary, the operating policy indicating an operation policy of the first cloud encryptor. The method further includes receiving a data processing request from the client; sending first data that the data processing request requests to process and the data key identifier in the encryption data dictionary to the first cloud encryptor. The method further includes implementing the operating policy, processing the first data, and responding to the data processing request by using the second data.

Abstract: Provided are a computer program product, system, and method for determining a frequency at which to execute trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code. Trap code is executed in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code. A determination is whether to modify a frequency of executing the trap code in response to processing a specified type of command. The frequency of executing the trap code is modified in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code.

Abstract: A method of securing, by a managing node, communication in a network of member nodes including a first member node. Communication is secured using a (k, n1) secret sharing scheme during a first phase. The managing node announces a phase shift to a subsequent phase relative to the first phase. The managing node secures communication in the network during the subsequent phase using a (k+x, n2) secret sharing scheme. Each of the member nodes is previously in possession of exactly one corresponding unique share for the second key. The first member node is previously in possession of a first unique share for the second key. The managing node deletes the first member node from the subsequent phase by broadcasting the first unique share for the second key.

Abstract: A network traffic sending method and apparatus, and a hybrid honeypot system are provided. The method includes receiving a first attack traffic flow; determining that a request type of the first attack traffic flow is a first request type and determining maturity of a virtual honeypot model for the first request type. Upon the maturity of the virtual honeypot model for the first request type being higher than a threshold set for the first request type, the method includes forwarding the first attack traffic flow to a virtual honeypot using the model, or forwarding the first attack traffic flow to a virtual honeypot using the model and a physical honeypot. Otherwise, it includes forwarding the first attack traffic flow to a physical honeypot. Therefore, a virtual honeypot using a virtual honeypot model of relatively high maturity is used to respond to an attack traffic flow.

Abstract: Example implementations include generating a guard service for a secure service at a secure region of a processing system by detecting a call to a secure service at a secure region of a processing device, obtaining a secure interface associated with the secure service, generating a guard interface based at least partially on the secure interface, generating a guard service based at least partially on the guard interface, locating the guard service at a secure region, and locating the guard interface at a secure address at the secure region.

Abstract: The disclosed exemplary embodiments include computer-implemented devices, apparatuses, and processes that, among other things, perform dynamic biometric authentication based on distributed ledger data. For example, a device may compute a first hash value based on first biometric data captured by a sensor unit, and may transmit a request to, and receive a response from, a computing system across a communications network via the communications unit. The request may cause the computing system to execute instructions maintained within the distributed ledger data, and to extract second biometric data maintained within an element of the distributed ledger data. The second biometric data may include a second hash, which the computing system may incorporate into the response. The device may authenticate an identity associated with the device when the first hash value corresponds to the second hash value incorporated within the response.

Abstract: Embodiments of the present disclosure provide a method for control-flow integrity protection, including: changing preset bits of all legal target addresses of a current indirect branch instruction in a control flow of a program to be protected to be same; and rewriting preset bits of a current target address of the current indirect branch instruction to be same as the preset bits of the legal target addresses, so that the program to be protected terminates when the current target address is tampered with. By changing the preset bits of all the legal target addresses of the current indirect branch instruction to be same and rewriting the preset bits of the current target address to be consistent with the preset bits of the legal target addresses, traditional label comparison is replaced by the preset bit overlap operation, reducing performance overhead and improving attack defense efficiency.

Abstract: A computer-implemented method for detecting a code injection threat may include: performing a search process on a memory of a computer system to identify property list files; in response to an identification of a property list file, retrieving the property list file; performing an analysis process on the property list file to identify a target identifier; in response to an identification of the target identifier in the property list file, determining whether the target identifier corresponds to an electronic application stored in the memory of the computer system; in response to determining that the target identifier corresponds to the electronic application, determining that the property list file is indicative of a code injection threat to the electronic application; and in response to the determination that the property list file is indicative of a code injection threat to the electronic application, performing a security action based on the property list.

Abstract: Computing systems with dynamic architectures may be used to secure against code-injection attacks and other exploits. A system may generate multiple representations of instructions or other data associated with each of a set of configurations of the system. The system may periodically or randomly change configurations such that malicious code that is executable in one configuration cannot be executed in another configuration. A system may also detect malicious code by comparing code previously generated in one representation with different representations of the same code. If, during execution of a representation of a program code, the system determines that the representation specifies instructions that differ from other representations of the same program code, they system may stop executing the compromised program code, change its configuration, and continue to execute another representation of the program code that has not been compromised.

Abstract: Systems and methods for attesting an enclave in a network. A method includes receiving, by a first device, proof information from an application provider entity that the enclave is secure, wherein the proof information includes a public part, Ga, of information used by the enclave to derive a Diffie-Hellman key in a key generation process with the application provider entity, processing, by the first device, the proof information to verify that the enclave is secure and ensuring that Ga is authentic and/or valid, deriving, by the first device, a new Diffie-Hellman key, based on Ga and x, wherein x is a private part of information used by the first device to derive the new Diffie-Hellman key, and sending, by the first device, a message including Ga and a public part, Gx, of the information used by the first device to derive the new Diffie-Hellman key to the enclave.

Abstract: Methods of half-duplex communication systems or full-duplex communication systems are provided. The half-duplex communication system includes n number user units-including a transmitting unit of transmitting units, wherein the transmitting unit including a channel estimation module, an identity update module and a modulation module; a receiving unit of receiving units including a demodulation module, a post-processing module and a reconciliation and verification module; a memory unit for storing prime identities, data to be transmitted and shared secret key; a control unit; an antenna connected to each of the transmitting units and each of the receiving units; and the methods are used for realizing a generation of shared secret keys, and an integrated identity verification and a data transmission using the half-duplex communication systems and the full-duplex communication systems.

Abstract: An information handling system may include a management controller; and a plurality of target information handling systems each including a target management controller that is communicatively coupled to the management controller. The information handling system may be configured to: receive, at a particular target management controller and from a client information handling system, a request for management associated with the particular target management controller; perform, at the management controller, validation of a token associated with the request; and based on the validation, cause the particular target management controller to service the request.

Abstract: A method of providing, by a computing device, access to a user of sections of an electronic document. The method includes receiving, by a computing device, a computerized image of a user accessing an electronic document. The computing device further accesses a facial recognition database and compares the computerized image to one or more entries in the facial recognition database to determine an identity of the user. The user is provided access to one or more sections of the electronic document based upon the identity of the user.

Abstract: A method is provided that determines whether to allow an application (app) for use or restrict the app on a set top box (STB). The method includes the steps of measuring at the STB, one or more resources used by the app; comparing at the STB, one or more thresholds set by an operator; and determining if the one or more resources used by the app exceed one or more thresholds set by the operator. Another method is provided that monitors applications (apps) that are installed a set top box (STB) for illegal or harmful activity by a policy manager. This method includes downloading and copying an app from an external source; installing or uninstalling the app into an application folder; providing a notification informing the policy manager of the installing or uninstalling of the app; and evaluating the app be installed or uninstalled.

Abstract: An apparatus and method for detecting a change in electrical properties in a system is disclosed. Embodiments of the disclosure enable the detection of a change in electrical properties in a system by, in response to a load generated on a power delivery network power in at least part of the system, measuring noise induced in the power delivery network in response to the load. Based on the measured noise, a dynamic-response property of the power delivery network is determined and the dynamic-response property is compared to a stored reference dynamic-response property of the power delivery network based on a predetermined load. In the event of a difference between the dynamic-response property and the reference dynamic-response property, a response to the event is triggered to indicate tampering with the power delivery network.