Abstract: Examples described herein provide for a first core to map a measurement of packet processing activity and operating parameters so that a second core can access the measurement of packet processing activity and potentially modify an operating parameter of the first core. The second core can modify operating parameters of the first core based on the measurement of packet processing activity. The first and second cores can be provisioned on start-up with a common key. The first and second cores can use the common key to encrypt or decrypt measurement of packet processing activity and operating parameters that are shared between the first and second cores. Accordingly, operating parameters of the first core can be modified by a different core while providing for secure modification of operating parameters.

Abstract: A system and method includes receiving, via a fiber optic cable, an analog fiber optic signal that preserves native radio frequency (RF) energy characteristics of at least one first RF signal associated with at least one wireless device, and converting, by a light-to-RF converter, the received analog fiber optic signal into at least one second RF signal. The system and method can further comprise analyzing, by a processor, the at least one second RF signal and generating, by the processor, at least one digital signature associated with the at least one wireless device, respectively, based on the analysis of the at least one second RF signal. The system and method yet further comprise determining, by the processor, if the at least one wireless device associated with the at least one digital signature, respectively, is one of an authorized device and an unauthorized device.

Abstract: A computer-implemented method includes monitoring file access activity and generating an audit log based on the file access activity. The method also includes collecting samples of file usage activity, running a pattern recognition algorithm on the samples of the file usage activity for detecting malware activity, and, in response to detecting malware activity, restoring at least one file based on the audit log. A computer program product includes one or more computer readable storage media and program instructions collectively stored on the one or more computer readable storage media. The program instructions include program instructions to perform the foregoing method. A system includes a processor and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor. The logic is configured to perform the foregoing method.

Abstract: A session management function of a 5G system receives information that a secondary authentication is to be done for a given user equipment for authorising user equipment to use a data network; and responsively to the received information, communicates with the data network and receives from the data network an indication; and allows a 5G access to the user equipment so that the user equipment can communicate with the data network according to the indication either without cryptographic protection or with cryptographic protection depending on the indication.

Abstract: A user provides retailer-specific consents for access and use to private/sensitive information of the user. The private/sensitive information is centrally stored in a privacy vault. Retail services (retailer) that the user subscribes to are provided a user-specific and consent-specific token representing the user and consents to usage of specific private/sensitive information of the user. When the retailer has a need for user-specific private/sensitive information, the retailer presents the user-specific and consent-specific token to the privacy vault. Assuming, the retailer was given access to the requested private/sensitive information defined in the token, the privacy results returns the requested information to the retailer; otherwise, an unauthorized message is returned from the privacy vault to the retailer. The user defines the consents to each retailer and a record of the consents is maintained in the privacy vault.

Abstract: A method for providing restricted access to hardware component interfaces of a network device by one or more software components of the network device, wherein an access to a hardware component interface requested by a software component is permitted by a mandatory access control, MAC, mechanism implemented as part of the network device's operating system on the basis of a MAC security policy including access rights defined as access relations between software component security labels assigned to software component types and hardware component interface security labels assigned to hardware component interface types.

Abstract: Systems, methods, and devices are disclosed for preventing relay attacks. A user device may receive (e.g., when proximate to the first access device), from an intervening device, device identification data for a first access device. A message may be received from a second access device via the intervening device. The message may include a digital signature generated based at least in part on second access device identification data. The user device may validate the message utilizing the digital signature and a public key. If the message is invalid, the user device may discard the message. If the message is valid, (e.g., unaltered), the user device may determine that the user has not confirmed an intent to interact with the second access device and may terminate an further interaction with the second access device accordingly.

Abstract: Systems and methods for restricting content inserted into information resources are provided herein. A computing device can identify a content element included in an information resource. The computing device can identify a bit stream corresponding to the content element included in the information resource. The computing device can hash the identified bit stream to generate an element identifier corresponding to the content element. The computing device can access a restricted content database using the element identifier. The computing device can modify, responsive to finding the element identifier in the restricted content database, the presentation of the content element on the information resource in accordance with the content restriction policy.

Abstract: A method and device for retransmitting data are provided. The method includes: receiving, by a first device, on a DRB, a first PDCP PDU transmitted by a second device; performing, by the first device, on a PDCP layer, an IP verification for the first PDCP PDU; transmitting, by the first device, a PDCP status report to the second device when the IP verification for the first PDCP PDU is failed and a trigger condition is met, where the triggering condition is used for triggering the first device to transmit the PDCP status report to the second device. Thus, it can be ensured that the first PDCP PDU transmitted by the second device is received on the DRB again by the first device when the IP verification for the first PDCP PDU is failed, thereby effectively solving the problem of data packet loss caused by a failure of IP verification.

Abstract: A method provides an origin certificate that can be issued as a digital certificate online. The method includes receiving an origin digital certificate and an encrypted client device private key from an offline certificate authority wherein the client device private key is encrypted according to a private key encryption key PrKEK. The method further includes receiving from the client device, a request for a client device digital certificate and the encrypted client device private key, selecting a digital certificate template for the client device, the digital certificate template having attributes that vary according to the client devices, building the client device digital certificate from the origin digital certificate and the selected digital certificate template, signing the client device digital certificate with an online certificate authority signing key, and transmitting the signed client device digital certificate and the encrypted device private key.

Abstract: A system comprises an enterprise network system and engine. The engine has a discovery module coupled to a switch device, an AI and machine learning based monitoring and detection module coupled to the switch device, and a remediation module coupled to the switch device. The remediation module is configured to initiate a remediation process based upon the detection of at least one of the anomalies from the flow of data.

Abstract: Example selector derived encryption methods and systems include creating a hashed and encrypted database, as well as performing a query against the hashed and encrypted database using an encrypted selector exchange protocol to prevent the exposure of extraneous data from the hashed and encrypted database.

Abstract: The present invention relates to methods, network devices, and machine-readable media for an integrated environment for automated processing of reports of suspicious messages, and furthermore, to a network for distributing information about detected phishing attacks.

Abstract: A system for determining an entity's security rating may include a ratings engine and a security database. The security database may include a manifest and a distributed index containing security records. Each of the security records may have a key (e.g., a network identifier of a network asset) and a value (e.g., security information associated with the network asset identified by the key). The keyspace may be partitioned into multiple key ranges. The manifest may contain references to segments of the distributed index. Each segment may be associated with a key range and may index a group of security records having keys within the key range. The manifest and the segments may be stored in an object storage system. The ratings engine may determine the security rating of an entity based on security records of the entity's network assets, which may be retrieved from the database.

Abstract: A method for setting a permission to view an operation record based on a time range is disclosed in the present invention, including: selecting a grantee; setting one or more viewed objects for each grantee, wherein said grantee and said viewed object are the same type as a role, a user, and an employee; and setting a viewing-permission time range for each grantee, wherein said grantee obtains the permission to view the operation records of its corresponding viewed object within the viewing-permission time range of the grantee.

Abstract: In one example, a method comprises: receiving, at a gateway of a Controller Area Network (CAN) bus on a vehicle and via at least one of a wireless interface or a wired interface of the vehicle, a plurality of messages targeted at electronic control units (ECU) on the CAN bus; generating one or more input vectors based on the plurality of messages; generating, using one or more machine learning models, an output vector based on each of the one or more input vectors, each input vector having the same number of elements as the corresponding output vector; generating one or more comparison results between each of the one or more input vectors and the corresponding output vector; and based on the one or more comparison results, performing one of: allowing the plurality of messages to enter the CAN bus or preventing the plurality of messages from entering the CAN bus.

Abstract: A plurality of blocks of a first storage device are monitored. The first storage device is related to a computer system. A subset of blocks of the plurality a compared to a first storage signature of the first storage device. Based on the comparing of the subset of blocks to the first storage signature, a security anomaly is determined on the computer system. In response to the security anomaly, a security action is performed. The security action is related to the computer system.

Abstract: A generation method includes identifying, as paths that are abstraction candidates, dynamically generated paths among paths in a profile that is used to determine whether each request to a server is an attack, and counting numbers of path variations corresponding to the respective paths that are abstraction candidates, and abstracting paths contained in the profile when a number of variations counted at the counting satisfies a certain condition, by processing circuitry.

Abstract: A method performed by a system includes instantiating a vulnerability-risk-threat (VRT) service for a security edge protection proxy (SEPP) element of a 5G telecommunications network. The system intercepts and parameterizes network traffic of the SEPP element to identify network functions (NFs) or associated services that requires cybersecurity protection and selects security resources for protecting the identified NFs or associated services. The system prioritizes an NF or associated service that is most frequently used (MFU) or most recently used (MRU) and then allocates the security resources in accordance with the prioritization.

Abstract: Embodiments are direct to monitoring communication between computers may be using network monitoring computers (NMCs). Network packets that are communicated between the computers may be captured and stored in a data store. If the NMCs identify a secure communication session established between two computers, the NMCs may obtain key information that corresponds to the secure communication session that includes a session key that may be provided by a key provider. Correlation information associated with the secure communication session may be captured by the NMCs. The correlation information may include tuple information associated with the secure communication session. And, the key information and the correlation information may be stored in a key escrow. The key information may be indexed in the key escrow using the correlation information.