Abstract: A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; intercept a system call indicating mounting, and construct a first correspondence between a container file path and a host file path having mounting correspondence; intercept a system call of the container indicating opening of the policy file, and construct a second correspondence between the container file path and the violation of the container file path; aggregate the first and second correspondences to obtain a correspondence between the host file path and the violation; and monitor file integrity of the container by detecting violation of the host file path.

Abstract: A system includes at least two buses including a first bus and a second bus, an encryption and decryption system corresponding to each bus, at least one signal processing module corresponding to each bus, and a bus converter coupled between the first bus and the second bus. According to the system provided in embodiments of the present invention, because data transmitted on a bus is encrypted data, even though an attacker obtains bus data by means of a probe attack, it is quite difficult to break a key, and an anti-attack capability of the system can be improved.

Abstract: Various embodiments are provided for nullifying commands in an Internet of Things (IoT) computing environment by a processor. One or more authorized commands may be defined for each authorization level in a hierarchy of authorization levels for accessing data, services, or resources in the IoT computing environment via an IoT device. One or more users may be assigned to one of the authorization levels in the hierarchy of authorization levels. A command issued to the IoT device from the one or more users may be nullified according to the assigned authorization level.

Abstract: The present disclosure relates to techniques for helping targeted users determine whether it is safe to supply personal information requested by a web site. In one embodiment, a method generally includes extracting textual content from a web page that requests information from a user and determining, based on the textual content, the type of information requested. A service type the web page provides is also determined based on the textual content. The service type and the information type are then compared to a set of predefined rules to determine a risk level associated with the web page. A visual indicator of the risk level is then displayed with the web page.

Abstract: Embodiments of the present disclosure relate to vaultless format-preserving tokenization systems and methods. Some methods include encoding a first data set to produce encoded input data; generating a secure tweak for the encoded input data based on a token format schema by: encoding a tweak input to produce an encoded tweak input; and hashing the encoded tweak input along with a unique hashing key to generate the secure tweak; applying a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output; and generating a token from the ciphertext output.

Abstract: An information processing apparatus includes a touch panel and a control unit. The control unit includes a processor that executes a control program. The control unit functions as a first setting section that, when a number of character types in a password for registration is more than a predetermined number of character types, sets a number of times of password re-entry to be more than that of a case where the number of character types in the password for registration is less than or equal to the predetermined number of character types. In addition, the control unit functions as a display control section that performs display control of a display unit, and as a practice mode execution section that causes the display unit to display a password re-entry screen on which a plurality of keys are arranged for the number of times set by the first setting section.

Abstract: In an implementation, user identity authentication in a virtual reality (VR) environment is described. A user identity authentication request is received by a VR terminal device. A prompt interface configured to notify a user to complete collection of an eye physiological feature in the VR environment is presented by the VR terminal device. The prompt interface comprises a virtual eye model. The presentation of the virtual eye model is changed by the VR terminal device to correspond to eye movement of the user. Multiple cameras are invoked by the VR terminal device to collect eye images of the user. The eye images are processed by the VR terminal device to extract the eye physiological feature of the user. An identity authentication on the user is performed by the VR terminal device based on the eye physiological feature.

Abstract: A method includes sending, from a mobile device management (MDM) server, a group list to a mobile device, the group list indicating a plurality of MDM groups that are available to the mobile device for enrollment. The method also includes receiving, at the MDM server, a join group request from the mobile device. The join group request indicates a group of the plurality of MDM groups. The method also includes, in response to receiving the join group request, updating, at the MDM server, group membership data to indicate that the mobile device is added to the group. The method further includes identifying, based on the group membership data at the MDM server, an action associated with the group. The method also includes sending a command from the MDM server to the mobile device to perform the action.

Abstract: A method and system for performing an operation on protected sensitive data. A processor of a data processing system receives, from a computing system: (i) the protected sensitive data, (ii) an identification of an operation that accesses and utilizes the protected sensitive data during performance of the operation, and (iii) a request to perform the operation, wherein the computing system is external to the data processing system. The processor de-protects the received protected sensitive data, which generates unprotected sensitive data from the protected sensitive data. The processor performs the operation, which includes accessing and utilizing the unprotected sensitive data and generating a result. After the operation is performed, the processor re-protects the unprotected sensitive data, which restores the protected sensitive data. The processor sends the result to the computing system.

Abstract: Systems and methods which provide reliable and resilient control channels for communicating control information with vehicle onboard systems using a control channel plane supporting migration of a control channel among various networks forming the control channel plane are described. The control channel plane of embodiments includes at least one data delivery network of a data network and at least one out-of-band network of a security network. Embodiments introduce an in-vehicle system into vehicles facilitating secure data communication between a centralized mobility management platform and the vehicles using a data network for data content communication and a security network for security enhancement with respect to the data network.

Abstract: The present invention provides a crypto-information creation device, etc., with which it is possible to create information that enables a safer collation process between information that is the subject of collation and information to be referenced. This crypto-information creation device 501 has: a range encryption unit 502 for calculating a first value included in a range based on a threshold value and encrypting the calculated first value in accordance with a homomorphic encryption scheme, thereby creating a first cryptogram in which the first value is encrypted; and a computation unit 503 for applying a computation according to the encryption scheme to the first cryptogram and to a second cryptogram in which a second value representing the degree of similarity is encrypted in accordance with the encryption scheme, thereby creating a third cryptogram in which a value obtained by adding together the first value and the second value is encrypted.

Abstract: Novel tools and techniques are provided for implementing scaling and distribution of blockchains without ledger limitations. In various embodiments, a computing system might access many instances of a blockchain from many distributed peers. The computing system might parse a first instance of the blockchain accessible from a first distributed peer, to produce a first sample segment of a hash value of one of many blocks of the blockchain. The computing system might compare the first sample segment with a corresponding hash value portion of a second instance of the blockchain accessible from a second distributed peer, without comparing hash values of the entire first instance with those of the entire second instance. Based on a determination that the first sample segment and the corresponding hash value portion do not match, the computing system might send a notification to a user indicating that the first instance and/or second instance is invalid.

Abstract: An example operation may include one or more of receiving edge data that has been captured by one or more edge devices in an Internet of Things (IoT) network, encrypting the received edge data and storing the encrypted edge data as one or more transactions within a blockchain, determining, by a blockchain node, that an event has been captured by the received edge data based on metadata of the received edge data, and in response to determining that the event has been captured, generating a notification associated with the event being captured and outputting the generated notification for display on a user device.

Abstract: Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated with a CIoT device; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

Abstract: A security agent implemented on a monitored computing device is described herein. The security agent has access to parametric behavioral pattern definitions that, in combination with canonical patterns of behavior, configure the security agent to match observed behavior with known computing behavior that is benign or malignant. This arrangement of the definitions and the pattern of behavior allow the security agent's behavior to be updated by a remote security service without updating a configuration of the security agent. The remote security service can create, modify, and disseminate these definitions and patterns of behavior, giving the security agent real-time ability to respond to new behaviors exhibited by the monitored computing device.

Abstract: Described herein are systems and methods for creating and managing a device profile on a mobile device for continued authentication of the mobile device. The device profile includes a state assigned to a mobile device. The state of the device can be managed through the device profile. The mobile device is allowed to conduct payments based on the current state assigned to the mobile device. In response to a request to conduct a payment transaction using the mobile device, the state information in the mobile device profile is checked. The payment transaction using the mobile device is allowed when the state information indicates a trusted state. The payment transaction using the mobile device is limited when the state information indicates a suspended state. The payment transaction using the mobile device is prevented when the state information indicates an untrusted state.

Abstract: In one example, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.

Abstract: Provided is a vehicle-mounted relay device, a vehicle-mounted communication system, and a relay program configured to prevent an unauthorized message from being relayed between networks. A vehicle-mounted relay device includes a plurality of communication units to which a plurality of CAN buses are connected and determines whether a message transmitted by any ECU connected to the CAN buses are authorized. If a message is unauthorized, then the vehicle-mounted relay device 10 gives, to the respective CAN bus connected to the communication unit receiving the message, a notification that the unauthorized message has been transmitted. The vehicle-mounted relay device prohibits further relaying of a message that has the same CAN-ID as the CAN-ID contained in the message determined to be unauthorized. Concurrently, the vehicle-mounted relay device gives, to the other communication lines connected to a communication unit, a notification that relay of the message is prohibited.

Abstract: A method for creating a smart contract detailing an ordered set of events is disclosed. A smart contract can include information about multiple events and responses for each event. The events and response can be arranged in a predefined order. The responses can include adding new records to a blockchain.

Abstract: A system may include a first automated teller machine (ATM) and a second ATM, wherein the first ATM and the second ATM are in communication via a local area network. The first ATM obtains a user input value, generate an encryption key based on the user input value, and generates encrypted authentication information based on the encryption key. The first ATM also obtains a first biometric reading, updates a user record based on the first biometric reading, and stores the encrypted authentication information at the first ATM in association with the user record. The second ATM obtains a second biometric reading and a duplicate value, retrieves the encrypted authentication information associated with the user record based on the second biometric reading, generates a decryption key based on the duplicate value, and decrypts the encrypted authentication information to retrieve the authentication information.