Abstract: A network node may receive a control plane message. The control plane message may include an indication that the control plane message is a control plane message, an indication that the control plane message is associated with security, an indication of a security key to be associated with a secure zone (SZ) of an in-vehicle communication network, and an indication of a freshness value. The network node may perform a cryptographic operation for a data plane message associated with the SZ using the security key.

Abstract: Systems, computer program products, and methods are described herein for generating and monitoring digital certificate rights in a distributed network. The present invention may be configured to receive a first request for certification of a first user, cause a first user device to display a first interface including one or more input fields for receiving information associated with the first user, receive data input by the first user to the one or more input fields of the first interface, and determine, based on the data, whether the first user satisfies requirements for the certification. The present invention may be configured to generate, based on determining that the first user satisfies the requirements for the certification, a non-fungible token certifying the first user, store the non-fungible token on a distributed ledger, and record, on the distributed ledger, the first user as owner of the non-fungible token.

Abstract: Novel tools and techniques might provide for implementing application, service, and/or content access control. Based at least in part on a consumer's choice of applications, services, content, and/or content providers-particular in exchange for a subsidy on content and/or network access fees provided to the consumer by chosen content providers-, a computing system may determine whether access to applications, services, and/or content not associated with the chosen content providers (“other content”) should be allowed or restricted. If restricted, the computing system might utilize various network access techniques and/or technologies to block the consumer's access to the other content, to allow access to the other content on a charge per access basis, or to allow access to the other content at reduced network access speeds. In some embodiments, an access provider (e.g., an Internet service provider, etc.) might perform both determination and implementation of content access and restriction.

Abstract: Creating and using device orientation fingerprints can include detecting a request to create an orientation fingerprint for a user device, where the orientation fingerprint defines an orientation of the user device and includes a machine learning model that models, for the user device and a known user of the user device, multiple orientations of the device for multiple activities. Operational data that includes orientation data, identity data, and activity data can be obtained. The operational data can be provided to machine learning to output the orientation fingerprint and the orientation fingerprint can be stored with data that associates the orientation fingerprint with the known user.

Abstract: A method for managing virtual desktop management placement comprises obtaining, by a virtual desktop management placement service, a request for assigning a virtual desktop service manager to one of a plurality of management environments based on a security profile of the management environment, in response to the request: performing a security profile analysis on the plurality of management environments to assign a management environment to implement the virtual desktop service manager, and initiating a deployment of the virtual desktop service manager on the management environment based on the security profile analysis.

Abstract: Adaptive online system access control includes obtaining, by a system access control monitor of a client system, from a network interface unit of the client system, a protocol data unit sent to the client system by an external device, wherein the protocol data unit is associated with a communication context. Obtaining the protocol data unit includes, prior to other components of the client system accessing the protocol data unit, identifying, as a current access score for the protocol data unit, a sum of a previous access score associated with the communication context and a modifier value determined for the protocol data unit, and responsive to determining that the current access score is less than an access threshold value, preventing the other components of the client system from accessing the protocol data unit.

Abstract: Systems, devices, and methods are described herein for calculating a trust score. The trust score may be calculated between entities including, but not limited to, human users, groups of users, organizations, or businesses/corporations. A system trust score may be calculated for an entity by combining a variety of factors, including verification data, a network connectivity score, publicly available information, and/or ratings data. A peer trust score targeted from a first entity to a second entity may also be calculated based on the above factors. In some embodiments, the peer trust score may be derived from the system trust score for the target entity and may take into account additional factors, including social network connections, group/demographic info, and location data. Finally, a contextual trust score may be calculated between the first and second entities based on a type of transaction or activity to be performed between the two entities.

Abstract: Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.

Abstract: A method by one or more network devices implementing a scrubbing center for mitigating distributed denial of service attacks, where the scrubbing center is communicatively coupled to a plurality of clients and one or more servers. The method includes determining a set of packet fingerprints seen in a set of packets sent between the plurality of clients and the one or more servers, assigning a risk value to each packet fingerprint in the set of packet fingerprints based on analyzing previous security decisions made for packets having that packet fingerprint, and responsive to detecting an occurrence of a potential distributed denial of service attack, activating a security measure for each of one or more packet fingerprints in the set of packet fingerprints based on the risk value assigned to that packet fingerprint.

Abstract: A method of protecting an endpoint against a security threat, wherein the endpoint includes an OS and a separate software entity included in memory pages of the endpoint, includes the steps of: preventing the OS from scheduling any tasks on vCPUs of the endpoint by transferring control of the vCPUs from the OS to the separate software entity; while the OS is prevented from scheduling any tasks on the vCPUs, scanning, by the separate software entity, at least one of a list of processes of the endpoint and a subset of the memory pages of the endpoint, and upon receiving an identification of a malicious process, terminating, by the separate software entity, the malicious process; and after the separate software entity terminates the malicious process, allowing the OS to schedule tasks on the vCPUs by transferring control of the vCPUs from the separate software entity to the OS.

Abstract: A host port is enabled for security. In response to a determination by the host port that authentication or security association negotiation with a storage port cannot be completed successfully, the host port determines whether an audit mode indicator has been enabled in a login response from the storage port. The host port preserves input/output (I/O) access to the storage port based on determining whether the audit mode indicator has been enabled in the login response from the storage port.

Abstract: Embodiments of this application provide a security protection method in an in-vehicle system and a device, relate to the field of internet of vehicles technologies, to deploy a first security protection module on an electronic control unit, deploy a second security protection module on a domain controller, and deploy a third security protection module on a gateway based on security level requirements of the gateway, the domain controller, and the electronic control unit, so that the gateway, the domain controller, and the electronic control unit have different security levels. A security level of the first security protection module is a first security level, a security level of the second security protection module is a second security level, and a security level of the third security protection module is a third security level.

Abstract: A computer-implemented method is disclosed.

Abstract: In some implementations, a system includes a set of servers configured to establish a set of virtual machines to provide a computing environment; a set of compute express link (CXL) interface components configured to communicate with the set of servers via a set of CXL interconnects; and a controller configured to at least one of: encrypt protocol data against a CXL interposer security threat associated with the set of CXL interconnects or a malicious extension security threat, provide a secure handshake verification of an identity of the set of CXL interface components, enforce a chain of trust rooted in hardware of the set of CXL interface components; restrict access to an area of memory of the set of CXL interface components that stores security data for verified or secured processes; or perform a security check and set up a set of security features of the set of CXL interface components.

Abstract: According to the present disclosure, a handwritten signature to be authenticated is received, a plurality of pieces of signature behavioral characteristic information are extracted, all of the plurality of the pieces of the extracted signature behavioral characteristic information are applied to each of first and second signature authentication algorithms using different techniques to analyze a degree of matching between the received handwritten signature and a registered handwritten signature, results of analysis performed by the first and second signature authentication algorithms are combined to adjust a false rejection rate and a false acceptance rate, and whether handwritten signature authentication succeeds is finally determined.

Abstract: Systems, apparatuses and methods may provide for technology that detects one or more non-compliant nodes with respect to a timing schedule, detects one or more compliant nodes with respect to the timing schedule, and identifies a malicious node based on positions of the one or more non-compliant nodes and the one or more compliant nodes in a network topography. The non-compliant node(s) and the compliant node(s) may be detected based on post-synchronization messages, historical attribute data and/or plane diversity data.

Abstract: In some implementations, a first device may connect to a network, wherein the first device is associated with a first application that is associated with a service provider. The first device may detect that a second device connected to the network is associated with a second application that is associated with the service provider. The first device may receive, from the second device, identification information associated with the second device. The first device may transmit, to a third device associated with the service provider, the identification information associated with the second device. The first device may receive, from the third device, authentication information permitting the first application to operate on the network based on the third device receiving the identification information associated with the second device.

Abstract: A network environment includes a message-processing resource that receives a communication originated by a communication device and transmitted from the communication device over a wireless communication link. By way of non-limiting example, the communication can be a request for retrieval of content from server resource disposed in the network environment. The message-processing resource processes the communication transmitted over the wireless communication link to identify a network address assigned to the communication device. The message-processing resource maps the network address to corresponding status information associated with the communication device.

Abstract: A network device may receive a redundant identifier certificate associated with a redundant routing module, and may provide, to a bootstrap device, a primary identifier certificate associated with a primary routing module associated with the network device. The network device may establish a secure connection with the bootstrap device based on the bootstrap device verifying an authenticity of the primary routing module via the primary identifier certificate. The network device may provide, to the bootstrap device via the secure connection, a redundant routing module identifier associated with the redundant routing module and may receive, from the bootstrap device via the secure connection, a signed certificate chain associated with the redundant routing module. The network device may verify the signed certificate chain and may verify the redundant identifier certificate, associated with the redundant routing module, based on verifying the signed certificate chain.

Abstract: An apparatus for secure multiparty computations for machine-learning is presented. The apparatus includes at least a processor and a memory communicatively connected to the at least a processor. The memory contains instructions configuring the at least a processor to submit a secure multiparty computation request onto an immutable sequential listing, wherein the secure multiparty computation request includes a contingent payment and an authenticity commitment of a first private dataset, receive at least a participant commitment from each participating device of a quorum of participating devices, generate a first localized model as a function of the first private dataset, and perform a joint training protocol as a function of the first localized model and a second localized model from the quorum of participating devices, wherein the joint training protocol includes generating a joint training datum.