Abstract: A system and method for generating a limited use login credential associated with an account maintained by an institution, where the credential facilitates secure access to the account.

Abstract: A method includes receiving a user indication to create an online collaborative team within an online chat environment. The method further includes receiving a user selection of members for the online collaborative team. The online collaborative team enables the selected members of the online collaborative team to communicate with one another. The online chat environment maintains communication of the members and activities of the members of the online collaborative team. The online chat environment makes the activities and the communication available to the members when the members are within the online chat environment. The method further includes accessing attributes associated with the members of the online collaborative team. The method, responsive to the accessing the attributes associated with the members, determines a privacy setting of the online collaborative team.

Abstract: A method for maintaining security in a distributed augmented-reality (AR) system is provided. The method may include generating a database that includes a list of objects associated with sensitive information. The method may include receiving requests from a plurality of user devices to participate in an AR session, and determining an authorization level to associate with each of the plurality of user devices. The method may include receiving, from a first one of the plurality of user devices, an image that was scanned in via a camera of the first user device. The method may include processing the image to determine if the image includes one of the objects. When the image includes one of the objects, the method may include masking the object in the image.

Abstract: A key management is provided that enables security activation before handing over a user equipment from a source 5G wireless communication system, i.e., a Next Generation System (NGS), to a target 4G wireless communication system, i.e., a Evolved Packet System (EPS)/Long Term Evolution (LTE). The key management achieves backward security, i.e., prevents the target 4G wireless communication system from getting knowledge of 5G security information used in the source 5G wireless communication system.

Abstract: An assessment query may be received and analyzed to identify relevant assessment attributes and select a set of associated assessment resources. Assessment information may be extracted from the set of associated assessment resources. The extracted information may be used to identify additional relevant assessment attributes that may be utilized to extract additional assessment information. The extracted information may be used to generate a comprehensive threat assessment report. The threat assessment report, and the threat assessment, may be updated based on user feedback.

Abstract: According to an embodiment, a computer-implemented method can comprise: inspecting, using a processor, a set of container images respectively associated with pods; identifying, using the processor, a first subset of the pods that contain a vulnerability; classifying, using the processor, the first subset of the pods as primary-infected pods; generating, using the processor, a first list of namespaces in which the primary-infected pods are deployed within a network; checking, using the processor, network policies in connection with the first list of namespaces to determine secondary-suspect pods that have ability to communicate with the primary-infected pods; generating, using the processor, a list of secondary-suspect namespaces in which the secondary-suspect pods are deployed within the network; identifying, using the processor, one or more secondary-suspect pods that communicated with one or more primary-infected pods; and generating, using the processor, a list of secondary-infected pods.

Abstract: Described herein is a system in which an electronic record is stored on a distributed environment with respect to an item. In this system, transactions may be conducted for an item in an anonymous fashion. In some embodiments, a first user may input an item identifier associated with an item as well as an indication of an action to be performed with respect to that item. The identifier may be transmitted to a blockchain network, which may use that identifier to locate a blockchain associated with the item. A blockchain may include a series of transaction records associated with the item, each of which is signed using a private key. Upon performance of the indicated action, the blockchain network may generate a new transaction record, append that transaction record to the blockchain, and sign the transaction record.

Abstract: An anchor key generation method, device, and system, where the method includes generating, by a unified data management network element (UDM), an intermediate key based on a cipher key (CK), an integrity key (IK), and indication information regarding an operator; sending, by the UDM, the intermediate key to an authentication server function (AUSF); receiving, by the AUSF, the intermediate key; generating, by the AUSF, an anchor key based on the intermediate key; sending, by the AUSF, the anchor key to a security anchor function (SEAF); and generating, by the SEAF, a key (Kamf) based on the anchor key, where the Kamf is used to derive a 3rd Generation Partnership Project (3GPP) key.

Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.

Abstract: A method for identifying security vulnerabilities in a third party software component includes generating a test application for the third party software component. The test application is generated such that every externally accessible data path in the third party component is called. The test application and the third party software component are analyzed using a static application security testing (SAST) code analyzer. One or more test results are obtained from the SAST code analyzer. The one or more test results are used to identify security vulnerabilities in the third party component.

Abstract: A method including configuring, by an infrastructure device, a transmitting device to determine an encryption key that is determined based at least in part on seed information associated with the transmitting device and a receiving device, and to encrypt one or more content messages to be transmitted during a first time interval by utilizing the encryption key; and configuring, by the infrastructure device, the receiving device to determine a decryption key that is determined based at least in part on the seed information associated with the transmitting device and the receiving device, and to decrypt one or more encrypted content messages received during the first time interval by utilizing the decryption key. Various other aspects are contemplated.

Abstract: A method including transmitting, by a transmitting device to a receiving device, a combination of messages including encrypted decoy messages and one or more encrypted content messages; determining, by the receiving device, a cryptographic decryption key based at least in part on unique seed information associated with the transmitting device and the receiving device; and determining, by the receiving device, that a message, included in the combination of messages, is a content message or that the message is a decoy message based at least in part on decrypting the message by utilizing the cryptographic decryption key. Various other aspects are contemplated.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and an anomaly detection engine including instructions encoded within the memory to instruct the processor to: periodically collect telemetry for a performance parameter; compute and maintain a local trend line for the performance parameter; receive from a cloud service a global trend line for the performance parameter for a class of devices including the computing apparatus; and perform anomaly detection including analyzing the local trend line and the global trend line to detect an anomaly.

Abstract: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.

Abstract: Disclosed is distributed routing and load balancing in a dynamic service chain, receiving a packet at a first service instance, including a NSH imposed on the by a service classifier. The NSH includes a stream affinity code consistent for packets in a stream. The method also includes processing the packet at the first instance where the instance performs a first service in a service chain that includes second and third services. The first service instance accesses a flow table using the stream affinity code to select a second service instance performing the second service from among service instances performing the second service, and the first instance routes the packet to the selected second service instance upon egress from the first service instance. The method can include hashing the stream affinity code to access the flow table and access an available instance using the hash as a key to a CHT.

Abstract: A key management is provided that enables security activation before handing over a user equipment from a source 5G wireless communication system, i.e., a Next Generation System (NGS), to a target 4G wireless communication system, i.e., a Evolved Packet System (EPS)/Long Term Evolution (LTE). The key management achieves backward security, i.e., prevents the target 4G wireless communication system from getting knowledge of 5G security information used in the source 5G wireless communication system.

Abstract: The technology disclosed relates to a DHCP server-based steering logic for policy enforcement on IoT devices. In particular, the technology disclosed provides a steering logic running on a DHCP server on a network segment of a network. The steering logic is configured to receive DHCP requests broadcasted to the DHCP server by a plurality of special-purpose devices on the network segment, access DHCP responses generated by the DHCP server for the DHCP requests, receive, from a device classification logic, a positive determination that special-purpose devices in the plurality of special-purpose devices are special-purpose devices and not general-purpose devices, modify the accessed DHCP responses by replacing the default gateway with an inline secure forwarder on the network segment, and send the modified DHCP responses to the special-purpose devices.

Abstract: A secure computing hardware apparatus includes at least a secret generator module, the at least a secret generator module configured to generate a module-specific secret, and a device identifier circuit communicatively connected to the at least a secret generator, the device identifier circuit configured to produce at least an output comprising a secure proof of the module-specific secret. Secret generator module may implement one or more physically unclonable functions to generate the module-specific secret.

Abstract: One example method includes detecting a threat in a data confidence fabric, assigning a data confidence score to data implicated by the threat, generating trust insertion metadata concerning the threat, creating a ledger entry based on the data confidence score and the trust insertion metadata, and using the ledger entry to determine an overall data confidence score for the data confidence fabric. A data threat portfolio view is generated based on the data confidence score and the trust insertion metadata, and the data threat portfolio view is presented to a user.

Abstract: The disclosed embodiments include a method performed by a wireless network to dynamically provision security resources during runtime execution of a service environment. The security resources are distributed across cell sites that provide coverage areas for multiple wireless devices (WDs) in multiple service environments. The cell sites are monitored during runtime execution of the multiple service environments to detect risk levels that indicate a vulnerability to the wireless network. When an elevated risk level is detected for a particular cell site, security resources of the security layer are dynamically provisioned for the particular cell site to safeguard the entire wireless network. Hence, the provisioned security resources can include a security resource from a different cell site.