Abstract: A communication system including a host computer is provided herein. The host computer may include processing circuitry configured to provide user data and a communication interface configured to forward the user data to a cellular network for transmission to a user equipment (UE). The cellular network comprises a base station having a radio interface and base station processing circuitry. The base station processing circuitry configured to store a previously active security context for the UE, receive from the UE an RRCResumeRequest message including a security token, generate a temporary security context for the UE, use the temporary security context to verify the security token, send an RRC message to the UE, if no response to the RRC message is received from the UE, discard the temporary security context and retrieve the previously active security context. Thereafter, the base station transmits the user data for a host application.

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: Example methods and systems for application security enforcement are described. In one example, a computer system may detect, from a client device, a packet requiring processing by a first server pool; and determine whether the packet is associated with a security attack. In response to determination that the packet is not associated with the security attack, the packet may be steered towards the first server pool to cause processing of the packet by one of multiple first application servers. Otherwise, the packet may be steered towards a second server pool to cause processing of the packet by one of multiple second application servers and to learn attack information associated with the security attack. The multiple second application servers in the second server pool may be capable of mimicking behavior of the multiple first application servers in the first server pool.

Abstract: A communication system is provided, the communication system including an authenticating unit that authenticates a plurality of communication terminals based on a single user ID, and keeps the plurality of communication terminals logged into an information providing service. A storing unit that stores therein provider registration information including a plurality of pieces of provider information that indicate providers of respective pieces of data being displayed on each communication terminal among the plurality of communication terminals. A receiving unit receives designation information that designates the provider registration information. A transmitting unit transmits each piece among the plurality of pieces of provider information to each communication terminal among the plurality of communication terminals so as to cause each communication terminal among the plurality of communication terminals to display data provided by a provider indicated by a plurality of pieces of provider information.

Abstract: Disclosed in some examples are methods, systems, devices, and machine-readable mediums which utilize authentication tokens recorded to a blockchain to identify and/or authenticate participants of a network-based communication session such as a network-based meeting. When joining the meeting, the participant may provide a token recorded on a blockchain to the communication service from the blockchain. The communication service may then identify and/or authenticate the user based upon the provided token. Various user-specific customizations and settings may then be applied and the user may be admitted to the meeting without having to enter a waiting room and be explicitly let in.

Abstract: Some implementations include methods for generating a portable entitlement for a digital asset and may include generating a portable entitlement to a digital asset based on a request initiated by a first user having an entitlement to the digital asset, the portable entitlement to enable the first user to access the digital asset using a second computing device of a second user, the request initiated using a first computing device of the first user, the portable entitlement having a limited lifetime; and terminating the second computing device from accessing the digital asset based on one or more of determining that a proximity between the first and second computing devices violate the distance threshold and the lifetime of the portable entitlement has expired.

Abstract: Some embodiments described herein include a system that collects and learns reference side-channel normal activity, process it to reveal key features, compares subsequent collected data and processed data for anomalous behavior, and reports such behavior to a management center where this information is displayed and predefine actions can be executed when anomalous behavior is observed. In some instances, a physical side channel (e.g. and indirect measure of program execution such as power consumption or electromagnetic emissions and other physical signals) can be used to assess the execution status in a processor or digital circuit using an external monitor and detect, with extreme accuracy, when an unauthorized execution has managed to disrupt the normal operation of a target system (e.g., a computer system, etc.).

Abstract: A system for controlling access to cluster resources is provided. The system includes one or more processors; and memory operatively coupled to the one or more processors, wherein the one or more processors and the memory form a cluster of computer resources that includes an admission controller configured to receive requests and determine if the request is authorized, a request history database that stores the request information received by the admission controller from a plurality of users, a role design advisor that is configured to adjust permissions for the plurality of users based on a pattern of usage identified from the request history database, and an alert system that communicates an alert to an administrator that a request outside the pattern of requests for the user has been received by the admission controller, wherein the admission controller, request history database, and role design advisor control access to the cluster resources.

Abstract: An enterprise organization may operate a central network and one or more remote networks, each comprising a plurality of computing devices. For protection against malicious actors, the central network may be configured to filter network traffic associated with the computing devices based on identified threats. Traffic corresponding to computing devices connected to the remote network may be tunneled to the central network for filtering by the central network. A tunnel gateway device, associated with the remote network, may efficiently identify which communications are associated with Internet threats, and tunnel such identified traffic to the central network, where actions may be taken to protect the enterprise network.

Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. The ESS may also generate a trust score for the user based on activity information related to the user's actions with respect to the ESS and/or other factors. The trust score may be used to recommend authentication mechanisms to use with respect to electronic signature transactions.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: Exemplary embodiments relate to the secure storage of security questions through an immutable log, such as a blockchain. The security questions may be stored in a centralized location, accessible from an application or browser tab running on the user's device. When a security question is required, such as to perform a password reset on a website, the website may interact with the application or browser tab, which retrieves the question(s) from the blockchain. The user may enter their answers to the question(s), which may be hashed by the application or tab. The hashed answers may be entered into the original requesting website, which may verify with the blockchain that the correct answers have been provided. Thus, the requesting website sees neither the questions nor the answers. Additional security features may include logging requests for questions, so that a user can determine if a security question may have been compromised.

Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.

Abstract: Examples described herein include systems and methods for controlling access to a server, such as an email server or a gateway, in situations where the identity of the requesting device is unknown or where the user device accesses the server using an unknown or unmanaged application. In one example, the system can utilize a user authentication credential included in the request to identify other devices belonging to the user that happen to be enrolled with the system. An out-of-band message can be sent to those enrolled devices, requesting confirmation from the user and, in conjunction with an authentication token, allowing the system to trust the previously unknown device. In the example of an unmanaged application attempting to access an email server, the system can confirm compliance of the requesting device and issue an authentication token that, along with an appropriate command sent to the email server, provides access.

Abstract: Systems and methods for generating and tracking molecular digital signatures to ensure authenticity and integrity of NA molecules are disclosed. In some embodiments, a NA authentication system includes a NA authentication device coupled to one or more user devices. Methods for generating a signed NA sequence, validating a signed NA sequence, and detecting/correcting potential errors within a user allowable limit using a NA authentication system are disclosed. Methods for associating a signed NA sequence with a digital representation of the NA sequence, using a NA authentication system, are disclosed.

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: System generating real-time gathering partner credentials. Processor provides network-based access to user interface registering and maintaining first and second users' accounts. Processor communicates with first and second mobile communication devices in possession of users. Processor executes processor commands of users. Data repository is coupled with processor for storing first and second account data of user accounts. Account data include URIs to be accessed for dynamic collection of real-time first and second user credentials information. Account data are associated with first and second unique usernames of users. Processor includes geolocation facility determining indication of real-time geolocation proximity between mobile communication devices. Processor includes account data-collection facility responsive in real-time to processor command of first user dynamically collecting real-time second user credentials information.

Abstract: Systems and methods for providing cryptographic services. A cryptography service obtains a request to provision a computing device to perform cryptographic operations. The cryptography service generates executable code for a protected execution environment. The computing device obtains and executes the executable code. The computing device fulfills requests for cryptographic operations in the protected execution environment.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: An efficient search of a target string by a query string in homomorphically encrypted space. The target string may be encoded by reordering its characters into a plurality of target substrings, each encoding non-sequential characters of the target string separated by a periodic stride K and different target substrings having stride sequences offset relative to each other. The query string may be encoded into a plurality of query substrings, each defining a repeating sequence of a different respective character value in the query string. Each of the substrings may be homomorphically encrypted and hashed. The plurality of hashed encrypted target substrings and plurality of hashed encrypted query substrings may be compared to determine if there is a search result match. A rolling hash may iteratively update the plurality of hashed encrypted target substrings by one target string slot and the comparison may be repeated for each iterative update.