Abstract: A method and system for secure remote digital interactions through the use of biometric templates is disclosed. In one example, the method includes an interaction that prompts the use of obtaining a first biometric template and comparing it to a second biometric template to determine if they match. The match process is performed on a portable device.

Abstract: Systems and methods relating to establishment of a Packet Data Unit, PDU, session over a Non 3GPP Access to a 3GPP network and transmitting IP data and non-IP data are provided. A method of operation of a wireless device is provided and comprises sending to an AMF over an N3IWF a PDU session request to establish a PDU session to transport one of IP data or non-IP data over an established first IPsec, Security Association, SA, establishing an IPSec Child SA, for the PDU session and associating the IPSec Child SA to a PDU session then encapsulating the data using ESP encapsulation or GRE encapsulation associated with the IPSec Child SA and indicating the type of data that is being transmitted (e.g., non-IP data that comprises raw application data). In this manner, an IoT device is able to securely transmit to the 3GPP network IP data/non-IP data/raw application data over an unsecure non 3GPP access network such as Wireless Local Area Network.

Abstract: Systems and methods for processing tokenization requests to facilitate safe storage of tokens. An epoch is identified as a current epoch based on a current system time of a node. A seed value is computed by the node based on a start time of the epoch and a secret. A plurality of ephemeral tokens is generated by a randomization service of the node for a set of sensitive data based on the seed value. Each ephemeral token of the plurality of ephemeral tokens has a usable life defined by the epoch. Each sensitive data instance in the set of sensitive data is associated with a particular ephemeral token of the plurality of ephemeral tokens to create a mapping structure in a main memory of the node. A tokenization service of the node is configured to process tokenization requests using the mapping structure.

Abstract: Methods, apparatus, systems and articles of manufacture manage credentials in hyper-converged infrastructure s are disclosed. An example method includes establishing, by executing an instruction with at least one processor, a communication between a software defined data center manager of the hyper-converged infrastructure and a component of the hyper-converged infrastructure using first credentials included in a known hosts file. The example method also includes generating, by executing an instruction with the at least one processor, second credentials at the component in response to a power-on event detected by the software defined data center manager. The example method also includes recording, by executing an instruction with the at least one processor, the second credentials at the known host file.

Abstract: A network appliance may be coupled to a network tool configured to monitor the traffic within a computer network. Often, the network tool is operable in two modes (i.e., an inline mode and an out-of-band mode). Before the network tool is deployed as an inline device, however, it is desirable to verify that the network tool is secure. Described herein are systems and techniques for verifying network tools prior to deployment as inline devices. More specifically, the network appliance may be configured to modify the content of a data packet (e.g., by altering a bit) and transmit the modified data packet downstream to a network tool. The network appliance can monitor the network tool to make sure the network tool drops or returns the modified data packet. These techniques allow the network appliance to controllably simulate the receipt of malicious traffic by the network tool.

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

Abstract: Implementations described herein disclose a platform configuration register (PCR) attestation system using a trusted platform module (TPM) of a device. The PCR attestation system provides one or more computer executable instructions to create a non-volatile (NV) index in a TPM of the computing device, with a PCR policy specifying that the values of PCRs on the TPM are equal to predetermined set of values, and if the PCR policy is satisfied, setting a value of an NVWritten attribute to specify that the PCR policy was satisfied since the last time the device booted.

Abstract: A root key (K_iwf) is derived at a network and sent to MTC UE (10). The K_iwf is used for deriving subkeys for protecting communication between MTC UE (10) and MTC-IWF (20). In a case where HSS (30) derives the K_iwf, HSS (30) send to MTC-IWF (20) the K_iwf in a new message (Update Subscriber Information). In a case where MME (40) derives the K_iwf, MME (40) sends the K_iwf through HSS (30) or directly to MTC-IWF (20). MTC-IWF (20) can derive the K_iwf itself. The K_iwf is sent through MME (40) to MTC UE (10) by use of a NAS SMC or Attach Accept message, or sent from MTC-IWF (20) directly to MTC UE (10). In a case where the K_iwf is sent from MME (40), MME (40) receives the K_iwf from HSS (30) in an Authentication Data Response message, or from MTC-IWF (20) directly.

Abstract: Systems, methods, and apparatus for protected multi-operators payload operations are disclosed. In one or more embodiments, a disclosed method for protected multi-operators payload operations comprises transmitting, by a hosted payload (HoP) operation center (HOC), encrypted hosted commands to a host spacecraft operations center (SOC). Also, the method comprises transmitting, by the host SOC, encrypted host commands and the encrypted hosted commands to a vehicle. In addition, the method comprises reconfiguring a payload on the vehicle according to unencrypted host commands and unencrypted hosted commands. Additionally, the method comprises transmitting, by a payload antenna on the vehicle, payload data to a host receiving antenna and a hosted receiving antenna. Also, the method comprises transmitting, by a host telemetry transmitter on the vehicle, encrypted host telemetry to the host SOC.

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

Abstract: A method of actions and permissions ownership (APO) for managing applications of an enterprise is provided. The method includes: receiving a request from an owner of a role to modify an action or permission of the role or to add the action or permission to the role. The action or permission controls access to a corresponding one of the applications. In response to receiving such a request, the method includes looking up an owner of the corresponding application in a non-transitory electronic APO database, requesting an approval from the corresponding application owner to modify or add the action or permission, receiving the approval to modify or add the action or permission, and, in response to receiving the approval, updating a non-transitory electronic role database to modify the action or permission of the role or to add the action or permission to the role.

Abstract: Systems and methods for verifying the rendering of video content on information resources are provided herein. A server can transmit a video content element having a first bit stream corresponding to a predesignated frame to a client device. The client device can identify the first bit stream as corresponding to the predesignated frame. The client device can decode the first bit stream corresponding to the predesignated frame of the video content element to generate a second bit stream. The client device can transmit, to the server, a tracking message including the second bit stream. The server can compare the second bit stream included in the tracking message from the client device with a third bit stream maintained at a database. The server can determine that the video content element is rendered at the client device responsive to the second bit stream matching the third bit stream.

Abstract: Systems and methods receive a first indication that an Internet of Things (IoT) device is attempting to access a home network; determine that the IoT device is a trusted device; store an identifier associated with the IoT device to a blockchain in response to determining that the IoT device is a trusted device; receive a second indication that an event has occurred with respect to the IoT device; determine whether the event is a major event; and verify the identifier associated with the IoT device by storing an identity and information associated with the event to the blockchain in response to determining that the event is a major event.

Abstract: A multi-tenant, elastically scalable cache as a service is disclosed. Embodiments of the cache service eliminate the need for applications to manage their own cache tier. The multi-tenant cache service is implemented by maintaining/creating multiple named caches in a cache cluster and mapping each tenant's cache to a named cache in the cluster. Strict quotas are enforced on cache sizes This allows caches with different replication attributes to co-exist on the same cache server, allows migration of a cache from one cluster to another for load balancing purposes, and allows a cache to inflate/deflate to meet business needs. A network load balancer is used to route cache items to servers.

Abstract: A vehicle anomaly detection server includes: a communicator that communicates with a vehicle to receive a log of an in-vehicle network in the vehicle; a processor; and a memory including at least one set of instructions that, when executed by the processor causes the processor to perform operations including: selecting, when information indicating that an anomaly is occurring to a first vehicle among vehicles is obtained by the processor, an anomaly-related vehicle from among the vehicles based on the anomaly, the first vehicle being the vehicle that communicates with the communicator; transmitting, to the anomaly-related vehicle via the communicator, a first request to transmit a log of an in-vehicle network in the anomaly-related vehicle; and determining whether an anomaly is occurring to the anomaly-related vehicle, based on information indicated by the log transmitted from the anomaly-related vehicle and received by the communicator.

Abstract: A host port is enabled for security. In response to a determination by the host port that authentication or security association negotiation with a storage port cannot be completed successfully, the host port determines whether an audit mode indicator has been enabled in a login response from the storage port. The host port preserves input/output (I/O) access to the storage port based on determining whether the audit mode indicator has been enabled in the login response from the storage port.

Abstract: A verification code generation method is performed at a computing device.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example system includes encoding circuitry configured to generate, based on a first set of quantum bases, a set of qbits, and transmit the set of qbits over a quantum line, wherein the encoding circuitry is further configured not to transmit the first set of quantum bases. The example system further includes decoding circuitry in communication with the encoding circuitry over the quantum line, the decoding circuitry configured to receive, over a quantum line, the set of qbits, and decode, based on a second set of quantum bases, the set of qbits to generate a decoded set of bits. The example system further includes session authentication circuitry configured to generate a session key based on the decoded set of bits.

Abstract: Systems and methods are described herein for extrapolating trends in trust scores. A trust score may reflect the trustworthiness, reputation, membership, status, and/or influence of the entity in a particular community or in relation to another entity. An entity's trust score may be calculated based on data from a variety of data sources, and this data may be updated periodically as data is updated and new data becomes available. However, it may be difficult to update a trust score for an entity due to a scarcity of information. The trust score for such entities may be updated based on trends observed for the updated trust scores of other entities over a similar period of time. In this manner, trust scores may be updated for entities for which updated data is not available.

Abstract: A system for machine learning that is configured to receive an input having a plurality of features and predict one or more attributes of the input. The system includes a security mechanism, which determines an initial value for each of the features; determines a perturbation value for each of the features, the perturbation being randomly selected; adds the perturbation value to the initial value to determine a perturbed value for each of the features; and quantizes the perturbation value for each of the features to determine a quantized value for each of the features. The system also includes a classifier that receives the quantized value for each of the features and predict the one or more attributes of the input based on the quantized value for each of the features.