Abstract: A verification code generation method is performed at a computing device.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example system includes encoding circuitry configured to generate, based on a first set of quantum bases, a set of qbits, and transmit the set of qbits over a quantum line, wherein the encoding circuitry is further configured not to transmit the first set of quantum bases. The example system further includes decoding circuitry in communication with the encoding circuitry over the quantum line, the decoding circuitry configured to receive, over a quantum line, the set of qbits, and decode, based on a second set of quantum bases, the set of qbits to generate a decoded set of bits. The example system further includes session authentication circuitry configured to generate a session key based on the decoded set of bits.

Abstract: Systems and methods are described herein for extrapolating trends in trust scores. A trust score may reflect the trustworthiness, reputation, membership, status, and/or influence of the entity in a particular community or in relation to another entity. An entity's trust score may be calculated based on data from a variety of data sources, and this data may be updated periodically as data is updated and new data becomes available. However, it may be difficult to update a trust score for an entity due to a scarcity of information. The trust score for such entities may be updated based on trends observed for the updated trust scores of other entities over a similar period of time. In this manner, trust scores may be updated for entities for which updated data is not available.

Abstract: A system for machine learning that is configured to receive an input having a plurality of features and predict one or more attributes of the input. The system includes a security mechanism, which determines an initial value for each of the features; determines a perturbation value for each of the features, the perturbation being randomly selected; adds the perturbation value to the initial value to determine a perturbed value for each of the features; and quantizes the perturbation value for each of the features to determine a quantized value for each of the features. The system also includes a classifier that receives the quantized value for each of the features and predict the one or more attributes of the input based on the quantized value for each of the features.

Abstract: A device can establish an identity for an individual by communicating with a first set of devices. The first set of devices can include a user device, a first server device associated with a certificate authority, or a second server device associated with an identity provider. The device can authenticate the identity of the individual by communicating with a second set of devices. The second set of devices can include the user device, or a third server device associated with a first service provider. The device can authorize the identity of the individual to be used by one or more service providers by communicating with a third set of devices. The third set of devices can include the user device, the third server device, or a fourth server device associated with a second service provider.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for quantum computing (QC) detection. An example method includes generating QC detection data. The example method further includes generating a pair of asymmetric cryptographic keys comprising a public cryptographic key and a private cryptographic key, generating encrypted QC detection data based on the pair of asymmetric cryptographic keys, and destroying the private cryptographic key. The example method further includes monitoring a set of data environments for electronic information related to the encrypted QC detection data. Subsequently, the example method may include generating a QC detection alert control signal in response to detection of the electronic information related to the encrypted QC detection data.

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

Abstract: A gateway device providing and managing interactive user voice-controlled home automation services over at least endpoint devices associated with the gateway device is described. Interfaces enable communications of the gateway device with at least one endpoint device located within a user premises and data networks. A processor coupled to the interfaces and programming in storage in the server operate a communications program for configuring the gateway to communicate with endpoint devices, associate endpoint devices with the gateway, and communicate with a remote serve to access service management center applications. A home automation control program provides operation via a home automation controller configured in the gateway with voice automation messaging protocols based on the voice commands to enable interactive voice-controlled control of endpoint devices using voice commands and automate functions associated with the endpoint devices.

Abstract: Various embodiments assess security risks of users in computing networks. In some embodiments, an interaction item is sent to an end user electronic device. When the end user interacts with the interaction item, the system collects feedback data that includes information about the user's interaction with the interaction item, as well as technical information about the electronic device. The feedback is compared to a plurality of security risk scoring metrics. Based on this comparison, a security risk score for the user with respect to a computing network.

Abstract: In a digital computing environment, a method of protecting stored and transmitted computer original files from unauthorized access, by encoding a series of physically allowed restore locations into a plurality of site-specific protected site data files, and rearranging the internal structure of the original file's byte data into a specified non-linear sequence, and storing them into the plurality of site-specific protected site data files. The protected site data files can then be individually stored across two or more physical and/or online storage sites to implement an effective form of file security. A user selects the original files they want to protect, a plurality of physical allowed restore locations, and a plurality of storage sites they wish to use to protect their original files. Each original file is processed at the bitwise level, with each successive bit from each successive byte being appended to the next successive protected site data file.

Abstract: An appliance includes one or more network interfaces To facilitate secure communications between a client device and a server. The secure communications involve secure session connections between the client device and the appliance, and between the appliance and another appliance. A secure session connection processor is configured to determine, using information in a secure session connection request received from the client device, whether client authentication is required by the server. The secure connection request is provided to the other appliance if the information indicates that client authentication is required by the server. Communications received from the client device are decrypted using a key shared with the client device, and the decrypted communications sent to the other appliance are encrypted using a key shared with the other appliance.

Abstract: A communication method and a device, the method including obtaining, by a terminal device, a security key, where the terminal device performs the obtaining while the terminal device is in a state in which the terminal device has disconnected a radio resource control (RRC) connection from a first network device, and in which the terminal device retains context information for a context, in the first network device, of the terminal device, and sending, by the terminal device, a first message to a second network device, where the first message includes an identifier of the terminal device and at least one of encrypted uplink data or encrypted signaling, the at least one of encrypted uplink data or encrypted signaling is encrypted by using the security key, and where the second network device is different from the first network device.

Abstract: Disclosed are an apparatus for detecting in-vehicle external data intrusion by comparing multiple information entropy and a method of operating the same. The present invention may prevent a danger due to in-vehicle external data intrusion by providing a technology that may determine whether in-vehicle external data intrusion occurs by checking information entropy representing the amount of information for a package ID generable through an in-vehicle Controller Area Network (CAN) communication network.

Abstract: External events are correlated with patterns of characteristics in virtual assets. Upon detection of a pattern in a different asset that matches a pattern corresponding to an event, that detection is treated as a trigger event, with resulting responsive action(s) and other process operations. Security threats are managed in a similar manner, with first security threats being added to a collection of security threats. When a virtual asset detects a change in operating characteristics, a request is provided for the collection of current security threats, and the collection of security threats is provided responsive to the request.

Abstract: A sandbox component, operatively coupled to a host and a guest container, the sandbox component securely extends systems data collection software with potentially untrusted third-party code. A secure environment is enabled where plugins will run inside a sidecar container that is separate from a guest container. A container consists of an entire runtime environment: an application, plus its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. A sidecar service is not necessarily part of the application but is connected to the guest container and follows the parent application. A sidecar is independent from its primary application in terms of runtime environment and programming language. The sidecar plugin will be given a sparse/limited set of privileges required to simply perform its intended function and the Linux kernel constructs will control data access and transfer.

Abstract: An authentication system that executes user authentication processing in accordance with an authentication request includes at least one first device. The first device has a biological information acquiring unit that is configured to acquire biological information of a user, and a first authentication unit that outputs an authentication result of which the user is authenticated, based on the biological information. The authentication system includes a second device that is configured to communicate with the first device. The second device has an information acquiring-storing unit that is able to store identification information of the first device beforehand, a determination unit that is configured to determine whether the first device is registered, and a second authentication unit that is configured to perform user authentication, in accordance with an authentication result output by the first authentication unit, when the determination unit determines that the first device is registered.

Abstract: A system is configured to authorize client access to an application programming interface (API) of a host device. A proxy is configured to handle network traffic between a host and a client. Clients engage the host through the proxy to access an API of the host. An authorized client-side application permitted use of the API is distributed to clients and includes a Software Development Kit configured to generate a unique token and provide the token in association with an API request when challenged by the proxy. For example, the proxy may challenge a client to present a token in response to receiving an API request lacking a token or when a token is expired. The proxy verifies the token to authenticate the client and permits authorized clients access to the API by passing API requests received from authenticated clients on to the host for servicing.

Abstract: Shannon's equivocation, the conditional entropy of key or message with respect to a specific ciphertext, is the primary indicator of the security of any secrecy system, in that when key equivocation H E (K) or message equivocation H E (M) attain log 0 (or 1) under a brute-force attack, the system is compromised and has no security. We propose a simplistic equivocation definition of security which distinguishes between “secure/unsolvable” and “insecure/solvable” encipherments.

Abstract: Techniques for enriching encrypted traffic analytics are presented. In one embodiment, a method includes obtaining telemetry data for one or more domains within a network. The telemetry data includes both encrypted traffic analytics information and traffic flow information associated with the network traffic. For each domain of the one or more domains, the method also includes generating a model comprising a mapping from a plurality of traffic flow information features to at least one encrypted traffic analytics feature. The method includes generating a database comprising generated models for each of the domains and obtaining telemetry data for a target domain that includes traffic flow information, but does not include encrypted traffic analytics information. At least one encrypted traffic analytics feature of the target domain is determined based on a plurality of traffic flow information features of the target domain using the database.

Abstract: A method includes receiving a processor design of a processor, receiving an application to be executed by the processor, and receiving a security policy. The method includes simulating the execution of the application on the processor to identify information flow violations generated by the application based on the security policy.