Abstract: A robot system includes a robot, and an RF tag, the RF tag including a detection device for detecting biometric authentication information of an individual, a memory for storing unique biometric authentication information of an authorized person which is authorized to perform operations related to a task of the robot, a first processor for obtaining a biometric authentication result by comparing the biometric authentication information detected by the detection device with the unique biometric authentication information stored in the memory, and a first antenna for transmitting the biometric authentication result obtained by the first processor. The robot system further includes a control device including a second antenna for receiving the biometric authentication result transmitted from the RF tag, wherein the control device advances a process of the operation when the biometric authentication result indicates that the individual is the authorized person.

Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.

Abstract: Provided is a method for transmitting a packet in a communication system, comprising the steps of: identifying the packet according to a packet identification criterion; reallocating frames included in the identified packet and encrypting the packet in which the frames have been rearranged; and transmitting the encrypted packet.

Abstract: An image communication apparatus includes a storage unit including a shared address book area and an individual address book area, a communication unit configured to receive an import file including shared address book data shared among a plurality of users or private address book data limiting users who can utilize the data, and a CPU, and if the import file includes the private address book data and the shared address book area is designated as an import destination, the CPU warns the user that the private address book data may be shared and prevents the user from importing the import file.

Abstract: A system for programmatically verifying electronic domain names is provided. For example, the system may receive a plurality of network domain names. A receipt frequency of a subset of the network domain names across a distributed system may be determined and compared with a receipt threshold. When the receipt frequency exceeds a receipt threshold, the network domain name may be matched with additional information that originates from a confirmation source. This information may be provided at a registration network document, which can help expedite a verification process for the user.

Abstract: To facilitate improved email and device security, embodiments of systems and methods include intercepting, by a processor associated with an entity, an internet request, where the internet request is produced by a link received in an email at a first computing device. The processor determines that the link is externally bound relative to an entity network. The processor determines an existence of a sandbox environment instance in a set of existing sandbox environment instances. The processor routes the link through the sandbox environment instance. The processor updates the sandbox log in the database based on the sandbox environment instance and the link. The processor causes to display on a screen of the first computing device a user interface for interacting with the link in the sandbox environment instance, and the processor logs activities associated with interacting with the link in a security log.

Abstract: A data processing system includes technology to detect a memory attack. The data processing system comprises a processing core, a memory controller, a memory bus, and memory. The memory controller comprises a memory attack detection module (MADM). The MADM comprises first and second input units and control logic in communication with the first and second input units. The control logic is configured to determine, based on first and second signals from the first and second input units, respectively, whether the memory bus is carrying a clock enable (CKE) signal of high (H), even though the memory controller is generating the CKE signal of low (L). The control logic is also configured to generate a physical memory attack detection indicator that indicates whether the memory bus is carrying the CKE signal of H, even though the memory controller is generating the CKE signal of L. Other embodiments are described and claimed.

Abstract: Methods and systems for switching between multiple languages of a remote desktop client operating on a secure boot device are disclosed. A method includes initiating an operating system from the secure boot device and receiving credentials including a user identification and a password. The method also includes booting, from the secure boot device, the operating system in a first language and receiving a selection of a second language different from the first language within a user interface of the operating system. The method further includes performing a desktop reset to execute the operating system in the second language.

Abstract: Protecting circuit designs can include, in response to receiving a first encrypted public key, generating, using a hash circuit within the integrated circuit, a first hash of the first encrypted public key. The first hash can be compared with a second hash that was previously stored within a non-volatile memory of the integrated circuit. In response to determining that the first hash matches the second hash, the first encrypted public key is decrypted resulting in a first decrypted public key. A determination is made whether received configuration data for the device is authentic using the first decrypted public key.

Abstract: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights. A search key can be generated based on the received query, and the selected index can be searched using the search query. Database entries mapped to the values of the selected index returned in response to the search can be outputted. Each index is associated with a different granularity defining the number and/or ambiguity of search results returned in response to searching an index.

Abstract: A fingerprint recognition based authentication method and apparatus is disclosed. The authentication apparatus may obtain an input fingerprint from a touch input of a user, determine an input number corresponding to the input fingerprint using preregistered fingerprint-number mapping information, and authenticate the user based on whether an input number sequence corresponding to an input fingerprint sequence is identical to a reference number sequence.

Abstract: An information management terminal device includes a health information acquisition means, a health information storage means that stores health information and a health information passbook, and a storage medium, in which the storage medium includes a concealed region accessible only by a specific program and a normal region accessible also by programs other than the specific program, the health information acquisition means adds a date/time record as the health information passbook, the health information storage means sequentially stores the health information and the health information passbook in the normal region, and that the concealed region holds a data alteration detection parameter for detecting alteration of the health information and/or the health information passbook.

Abstract: Determining the content of access control to data based on classification results obtained by classifying data includes recording setting information that sets a plurality of classification engines for predetermined conditions related to either data or to the access to the data and acquiring data subject to access when access to the data subject to access is requested. Responsive to satisfaction of predetermined conditions related to either the data subject to the access or access to the data subject to access, classification of data subject to access by the plurality of classification engines set for predetermined conditions in the setting information is indicated using a processor. Further, using the processor, the content of access control to the data subject to access based on classification results obtained by the plurality of classification engines classifying data subject to access is determined based on the indicating classification of data.

Abstract: The present invention relates to methods, systems and apparatus for providing efficient packet flow fillrate adjustments and providing protection against distributed denial of service attacks. One exemplary embodiment in accordance with the invention is a method of operating a communication system including the steps of receiving, at a session border controller, a first SIP invite request message; making a decision, at the session border controller, as to whether the first SIP invite request originated from an Integrated Access Device or an IP-PBX device; generating, at the SBC, a packet flow fillrate based on said decision as to whether the SIP invite request originated at an Integrated Access Device or an Internet Protocol-Private Branch Exchange (IP-PBX) device.

Abstract: Embodiments of the present disclosure relate to automatically and dynamically elevating permissions on a mainframe system. Initially, a user may request an elevation class which corresponds to elevated class resources of the mainframe system. The elevation class may enable the user to perform actions to datasets, files, applications, or systems of the mainframe system the user may not otherwise be able to perform. If the user has permission to the elevation class, a user identification corresponding to the user and the elevation class is registered in an elevated permission structure. An access control environment element (ACEE) is dynamically created with the elevated permission structure and the elevated class resources of the elevation class are associated with the ACEE. The user can then be validated with access to the elevated class resources. At the expiration of a limited duration of time, the elevated class resources are automatically disassociated with the ACEE.

Abstract: An example process that is performed by one or more processing devices uses one or more system states to detect cyber-attacks. The example process includes the following operations: generating a first graph that models states based on information obtained from an electronic device; and performing a correlation of the first graph with one or more second graphs to detect a possibility of a cyber-attack against the electronic device.

Abstract: A method of determining a distance between a first and a second device in a wireless data exchange protocol is presented. The method includes sending an advertising channel Protocol Data Unit (PDU) from the first device; receiving the advertising channel PDU at the second device and responsively sending a scan request scanning PDU from the second device to the first device; receiving the scan request scanning PDU at the first device and responsively sending a scan response scanning PDU from the first device to the second device; calculating a time of flight (TOF) for at least one of the sent PDUs; and determining the distance between the first and second devices using the calculated TOF.

Abstract: A network agent includes an ingress port in data communication with a network traffic source for receiving network traffic entering a network and an egress port in data communication with the ingress port and a protection device included in the network. The egress port is configured to transmit network traffic received from the ingress port to a network device included in the network. A processing device receives from a protection device included in the network blacklist addresses determined by the protection device to be a threat to the network, and maintains a blacklist that includes the received blacklist addresses. A physical layer device compares the network layer source address of a packet of the network traffic received by the ingress port to the blacklist and forwards the packet to the egress port only if the packet's source address is not included in the blacklist.

Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.

Abstract: Systems and methods for authenticating a user attempting to access content are provided. The method includes requesting a first at least one user credential, determining if the requested first at least one user credential matches a second at least one user credential used when the user accessed previously accessed content, and generating a list of content providers requiring the second at least one user credential for access when the first at least one user credentials matches a second at least one user credential. The method also includes requiring the user to select a content provider from the list of content providers, allowing the user to access the content if the selected content provider corresponds to the content being accessed by the user, and preventing the user from accessing the content if the selected content provider does not correspond to the content being accessed by the user.