Abstract: A verification node in a trust management system manages, in a blockchain, a smart contract and an execution transaction of the smart contract as well as an evaluation execution transaction for the smart contract. The verification node includes and manages a verification result of the smart contract in the evaluation execution transaction, the verification result including a predetermined value for evaluation specified by a predetermined one of transaction issuing nodes and an output value obtained when the predetermined value is inputted to the smart contract, or includes and manages the output value in state information.

Abstract: Methods, apparatuses, and computer readable media for location measurement reporting in a wireless network are disclosed. An apparatus of a responder station (RSTA) is disclosed, the apparatus including processing circuitry configured to decode a null data packet (NDP) announce (NDPA) frame from an initiator station (ISTA), the NDPA frame including an indication of a temporary key and an identification of the RSTA. The processing circuitry further configured to decode a NDP from the ISTA, the NDP including long training fields (LTFs), the NDP received on a channel. The processing circuitry further configured to determine whether the NDP from the ISTA is consistent with the NDP being generated using a temporary key shared between the ISTA and RSTA based on a comparison of the channel estimates. The processing circuitry may be further configured to determine for authentication whether the indication of the temporary key was generated based on the temporary key.

Abstract: Content visibility on a computing device is controlled based at least in part on the proximity of a wearable device to the computing device. When the wearable device is in close proximity to the computing device and the computing device is unlocked, the computing device operates in a full content visibility mode. In the full content visibility mode all user-selectable content on the computing device is displayed. When the wearable device is not in close proximity to the computing device and the computing device is unlocked, the computing device operates in a reduced content visibility mode. In the reduced content visibility mode content visibility on the computing device screen is reduced, such as by limiting which applications (e.g., application icons or widgets) are displayed.

Abstract: A method for operating a network is provided. The method comprises segmenting the network into a plurality of virtual private networks, wherein each virtual private network runs on an underlying physical network; and wherein each virtual private network represents a particular context; and configuring at least some nodes within the network to send and receive traffic based on context.

Abstract: A method for detecting a web skimmer on a “Payment Page” relates to a network security, namely, a detection of a malicious code on web pages, which include fields for inputting a payment information and a user personal data, and it may be used to increase a security level in case of making online payments for goods and services. The claimed method checks elements, which are present on the web page, for a presence of the malicious code and determines an activity that is inherent to a web skimmer embedded on the web pages with a payment form, timely informs about a presence of the user characteristics and/or blocks the web page itself and provides security of the operations associated with payment of goods and services via the Internet.

Abstract: An access control apparatus includes a sensor and an authentication circuit coupled to the sensor. The sensor detects eye movement of a user. The authentication circuit stores predetermined access code data corresponding to the user. The authentication circuit compares the detected eye movement of the user to the predetermined access code data. Based on the comparison indicating that the detected eye movement matches the predetermined access code data, the authentication circuit permits access beyond an access control point.

Abstract: In some embodiments, a behavioral computer security system protects clients and networks against threats such as malicious software and intrusion. A set of client profiles is constructed according to a training corpus of events occurring on clients, wherein each client profile represents a subset of protected machines, and each client profile is indicative of a normal or baseline pattern of using the machines assigned to the client respective profile. A client profile may group together machines having a similar event statistic. Following training, events detected on a client are selectively analyzed against a client profile associated with the respective client, to detect anomalous behavior. In some embodiments, individual events are analyzed in the context of other events, using a multi-dimensional event embedding space.

Abstract: Certain embodiments described herein are generally directed to allocating security parameter index (“SPI”) values to a plurality of endpoints in a network. The SPI values may be derived using an SPI derivation formula and a plurality of parameters. In some embodiments, the SPI values may be derived by an endpoint and in other embodiments by a server. Using the SPI derivation formula and the plurality of parameters enables endpoints and servers to instantaneously derive SPI values without the need for servers to store them.

Abstract: According to one embodiment, an electronic device executes a specified software. The electronic device includes a first storage that stores the specified software, and a firmware that controls a hardware included in the electronic device. The firmware is started after the electronic device is powered on and before the specified software is executed. The firmware invalidates a password authentication when the electronic device is in a particular environment, and validates the password authentication when the electronic device is out of the particular environment.

Abstract: The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices includes collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing tier is configured to control network traffic of IoT devices of a private network; generating, by the executing tier, security policies for IoT devices from PEBs of the IoT devices; and controlling, by the executing tier, network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: The disclosed computer-implemented method for controlling access to a peripheral device may include receiving an input/output request related to a process attempting to access the peripheral device. The method can also include determining an access state for the process indicative of whether the process will be allowed to gain access to the peripheral device. The access state can be based on a context property of the process. The method can further include responding to the input/output request with initiation of a virtual peripheral output from a virtual peripheral device if the access state is indicative of the process not being allowed access to the peripheral device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention relates to a methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: The present invention relates to methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: This disclosure focuses on providing a technology framework for creating secure, location-based applications. The disclosure details a technology solution that can allow users to access secure information on commodity computation devices (e.g., tablets and smartphones) without a heavy infrastructure burden. The technology consists of a collection of software services that run on end-user devices, services on network accessible servers (e.g., cloud), and a specialized device that provides high-assurance location services atop a tamper resistant, trusted computation platform.

Abstract: Techniques for location based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. A system/process/computer program product for location based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a location for a new session; associating the location with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the location.

Abstract: A mobile computing device includes one or more interfaces to connect to one or more devices, and one or more processing devices, connected with the one or more interfaces. The one or more processing devices are to establish a first wireless connection with a first device. The first device lacks resources to connect to a cloud service directly. The one or more processing devices are also to receive data from the first device, provide the data to the cloud service, and in response to detecting a migration condition, disconnect the first wireless connection to allow establishment of a second wireless connection between the first device and a second device such that the second device receives subsequent data from the first device and provides the subsequent data to the cloud service.

Abstract: Systems, methods, and software can be used to reduce network security risks in a medical care network. In some aspects, a method includes detecting, at a medical equipment monitor located in a network, an electronic device that is connected to the network; determining, by the medical equipment monitor, that the electronic device comprises a medical equipment; associating, by the medical equipment monitor, a security profile with the medical equipment, wherein the security profile includes one or more security parameters; detecting, by the medical equipment monitor, a conflict between a data transmission activity from the medical equipment and at least one security parameter in the security profile; and in response to detecting the conflict, transmitting, from the medical equipment monitor, a notification of the conflict to a medical equipment controller.

Abstract: Provided are a system and method for media content rights negotiation based on defined protocol for management of media content rights using distributed media rights transaction ledger. An initiating node determines acquisition requirement and/or receive request on behalf of other participant for media content rights of requested media content and traverses associated instance of distributed media rights transaction ledger to identify receiving entity node that has media content rights available for negotiation. Accordingly, initial media content rights negotiation transaction is issued, which includes offer for corresponding media content rights. The receiving entity node verifies an identity and signature of initiating entity from initial media content rights negotiation transaction, issues new media content rights negotiation transaction based on verification, evaluation, and/or acceptance of offer.

Abstract: A network device includes a plurality of network interfaces respectively connected to a plurality of authentication servers that reside on different communication networks; and circuitry to: in response to reception of an authentication request from an information processing apparatus, select one of the plurality of authentication servers to be a transmission destination of the authentication request, based on condition information associated with the plurality of network interfaces; transmit the authentication request to the selected authentication server using one of the plurality of networks associated with the selected authentication server, and control transmission of authentication information to the information processing apparatus, based on an authentication result received from the selected authentication server in response to the authentication request.

Abstract: A method, computer system, and computer program product that generates a whitelist for each subject device in a field area network (FAN). The whitelist includes one or more whitelist entries corresponding to one or more peer devices in the same FAN communicating with the subject device. Each whitelist entry includes one or more attribute values expected in respective traffic between the subject device and each peer device that is represented by a respective whitelist entry. The traffic in the FAN is monitored at one or more points of the FAN for anomaly by use of the whitelist.