Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

Abstract: Some aspects of the present disclosure relate to systems and methods for identifying potential violation conditions from electronic communications. In one embodiment, a method includes receiving data associated with an electronic communication and detecting, from the received data, and using a trainable model, an indicator of a potential violation condition, where the violation condition is associated with an activity that is a violation of a predetermined standard. The method also includes, responsive to detecting the indicator of the potential violation condition, marking the electronic communication as being associated with a potential violation condition, and presenting the potential violation condition to a user for review.

Abstract: An anchor key generation method, device, and system, where the method includes generating, by a user equipment, an intermediate key based on a cipher key (CK), an integrity key (IK), and indication information regarding an operator; generating, by the user equipment, an anchor key based on the intermediate key; generating, by the user equipment, a key (Kamf) based on the anchor key; and deriving, by the user equipment, a 3rd Generation Partnership Project (3GPP) key based on the Kamf.

Abstract: Implementations of the present disclosure relate to methods, systems, and computer program products for security management. In one implementation, a computer-implemented method is disclosed. In the method, a message sequence associated with a user may be obtained from a list of historical messages that are logged in a data system. A candidate operation may be determined based on the obtained message sequence and an association model, where the association model indicates associations between message sequences and operations that are supported in the data system. A security level of the candidate operation may be evaluated based on at least one historical operation that has been performed by the user in the data system. In other implementations, a computer-implemented system and a computer program product for security management are disclosed.

Abstract: A verification server provides certificate verification services to users of third-party application sites. In some embodiments, a verifier component of a user's client device provides the verification server with a certificate of a third-party application site, and the verification server indicates whether the certificate is successfully verified. In response to successful verification, the verifier component of the user's client device takes an action such as permitting the user's credentials to be provided to the third-party application site. In some embodiments, verifier components of numerous client devices provide certificates to the verification server, based on which the verification server learns which certificates are valid for a given third-party application site.

Abstract: The disclosed technology teaches distributed routing and load balancing in a dynamic service chain: receiving and processing a packet, with added header including stream affinity code, at a first service instance and based on processing determining a second service, among available services, that should next handle the packet. The technology teaches accessing a flow table using the stream affinity code in the header to select a service instance performing the second service in the service chain, and routing the packet to the second service instance upon egress from the first service instance. When the flow table lacks an entry for the second service corresponding to the stream affinity code, the disclosed technology teaches accessing a consistent hash table of service instances performing the second service, selecting an available instance, and updating the flow table to specify the second service instance as providing the second service for packets sharing the header.

Abstract: Systems and methods for identifying a security risk include a security group analyzer that identifies a first set of users belonging to a security group such as a local administrators' group. A privileges analyzer identifies a second set of users having one or more privileges gained from user rights assignments that may pose a security risk. An autostart extensibility point (ASEP) access analyzer identifies a third set of users by identifying users having access to an ASEP entry or an image path identified by an ASEP entry. A security risk identifier identifies security risks by identifying users that are in the second or third set of users but are not in the first set of users. A security handler performs a responsive action in response to the identification of the security risk. A security graph builder uses the identified interrelationships to build a security graph that illustrates the security risks.

Abstract: A Content Delivery Network (CDN) includes one or more cache servers communicatively coupled to end users for providing content thereto; and one or more origin servers communicatively coupled to the one or more cache servers through a plurality of nodes, the one or more cache servers are configured to receive traffic related to the content from the one or more origin servers through the one or more nodes of the plurality of nodes, based on one or more of a push technique and a pull technique, and the plurality of nodes are configured to monitor the traffic between the one or more origin servers and the one or more cache servers in an inline manner, process the traffic for malware and data leakage based on policy, and block the traffic responsive to detection of one or more of the malware and the data leakage, prior to traffic entering the CDN.

Abstract: Embodiments for rendering content by a processor are provided. A request to render content is received. A score is assigned to each of a plurality of rendering browsers based on a plurality of factors associated with the content and the plurality of rendering browsers, the score used in determining a selection of the rendering browser and weighted according to each of the plurality of factors which include: a security risk of the content, and language support, performance characteristics and a user preference of the plurality of rendering browsers. The selected rendering browser is automatically instantiated and the content is rendered by the selected rendering browser on the computing device.

Abstract: A method includes receiving a user indication to create an online collaborative team within an online chat environment. The method further includes receiving a user selection of members for the online collaborative team. The online collaborative team enables the selected members of the online collaborative team to communicate with one another. The online chat environment maintains communication of the members and activities of the members of the online collaborative team. The online chat environment makes the activities and the communication available to the members when the members are within the online chat environment. The method further includes accessing attributes associated with the members of the online collaborative team. The method, responsive to the accessing the attributes associated with the members, determines a privacy setting of the online collaborative team.

Abstract: An anchor key generation method, device, and system, where the method includes generating, by a unified data management network element (UDM), an intermediate key based on a cipher key (CK), an integrity key (IK), and indication information regarding an operator; sending, by the UDM, the intermediate key to an authentication server function (AUSF); receiving, by the AUSF, the intermediate key; generating, by the AUSF, an anchor key based on the intermediate key; sending, by the AUSF, the anchor key to a security anchor function (SEAF); and generating, by the SEAF, a key (Kamf) based on the anchor key, where the Kamf is used to derive a 3rd Generation Partnership Project (3GPP) key.

Abstract: An approach is described for securely and automatically handling credentials when used for accessing endpoints, and/or applications and resources on the endpoints, and more particularly accessing web endpoints and/or web applications and resources on the web endpoints. The approach involves selecting and injecting credentials at an endpoint by an accessor and/or protocol agent to log into the endpoint, running applications, or gaining access to resources on the endpoint, without full credential information traversing the accessor's machine.

Abstract: A method and system for implementing risk-based cyber security. Specifically, the disclosed method and system entail evaluating risk as a decision threshold for conducting cyber security assessments of system images within cloud computing environments. Further, the disclosed method and system pivot on intelligence pertaining to the latest cyber threats and/or vulnerabilities found worldwide.

Abstract: Systems and methods are disclosed for computing network operations. For example, methods may include identifying one or more partial matches between a value associated with a configuration item and a value associated with one or more computing resource types from a set of computing resource types; forming a search query based on the one or more partial matches; invoking a search of one or more information sources using the search query to obtain ranked search results; selecting one computing resource type from the set of computing resource types based on a ranking of the search results; and updating the configuration item to associate the configuration item with the selected computing resource type.

Abstract: The present disclosure provides a computer-implemented method for processing dynamic data by dynamic data processing device. The device comprises a homomorphic encryption module and a plurality of computing modules running in parallel. The method comprises carrying out, by the homomorphic encryption module, fully homomorphic encryption to dynamic data received from an object which generates the dynamic data; updating, by the computing module which is not in bootstrapping, the encrypted state variable; and carrying out, by the computing module which completes bootstrapping, the first update to the encrypted state variable. The first update to the encrypted state variable after completion of bootstrapping is carried out by x(t+Nboot)?ANbootx(t)+?j=0Nboot?1ANboot?1?jB(r(t+j)?y(t+j)).

Abstract: Methods and apparatuses for using certificates using a positive list are provided. This involves a message, wherein the message includes a certificate for a device, the certificate has a signature for checking an authenticity of the certificate and a piece of admissibility information for ascertaining an admissibility of the certificate using a positive list, being taken as a basis for carrying out authorization for the device subject to the check and the ascertainment. The disclosed can be used in industrial or medical environments.

Abstract: A system and method is provided for determining whether an electronic file is malicious. An exemplary method includes extracting resources from an electronic file; forming a first rule that establishes a functional dependency between the extracted resources; identifying, in a database of malicious file resources, a second rule associated with one or more of the extracted resources; comparing the formed first rule with the identified second rule to calculate a degree of similarity between first and second rules; and determining the electronic file to be a malicious file when the calculated degree of similarity exceeds a predetermined threshold value.

Abstract: The present invention relates to a method for encryption or decryption of a data block from a secret key, wherein the method comprises: generating a first round key kr dependent on the secret key, selecting each of a first mask (?br) and a second mask (?br+1) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key kr? from the first round key kr and the first mask (?br) as follows: kr?=kr?(?br) wherein ? is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key kr? so as to produce two second data, after producing the first masked key kr?, generating a second round key kr+1 dependent on the secret key, calculating a second masked key kr+1? from the second round key kr+1 and the second mask (?br+1) as follows: kr+1?=kr+1?(?br+1), calculating two third data Lrbr+1, Rrbr+1 as follows: Rrbr+1=Rrbr?(?br?1)?(?br) Lrbr+1=Lrbr?(?br?1)?(?br) and executing a secon

Abstract: Described herein is a system in which an electronic record is stored on a distributed environment with respect to an item. In this system, transactions may be conducted for an item in an anonymous fashion. In some embodiments, a first user may input an item identifier associated with an item as well as an indication of an action to be performed with respect to that item. The identifier may be transmitted to a blockchain network, which may use that identifier to locate a blockchain associated with the item. A blockchain may include a series of transaction records associated with the item, each of which is signed using a private key. Upon performance of the indicated action, the blockchain network may generate a new transaction record, append that transaction record to the blockchain, and sign the transaction record.

Abstract: One embodiment provides a method, including: accessing, on a mobile end user device, a media file; processing, using a processor of the mobile end user device, the media file to characterize the media file; detecting, using the processor, at least one privacy-sensitive characteristic of the media file; and setting an indicator, using the processor, denoting the media file as privacy-sensitive prior to permitting the media file to be stored on a cloud account device. Other embodiments are described and claimed.