Abstract: A nickname management apparatus includes a speech agent configured to recognize a speech of a user to obtain nickname information of a device, and a nickname manager configured to determine a device corresponding to the nickname information from one or more devices on a network, and register the named device based on the determination.

Abstract: A method (and structure) includes receiving, as input data into a computer-implemented processing procedure, at least one listing of at least one of time series data and potential candidate periods of potential beaconing activity. The input data is processed, using a processor on a computer, to evaluate the input data as if the input data represents data points of an input analog signal subject to principles of communication theory and having determinable statistical characteristics.

Abstract: An information processing system, having one or more information processing apparatuses, includes a data input unit configured to take as input first data being multidimensional; a dimension reduction unit configured to generate, based on the first data, second data representing a characteristic of the first data, the second data having a prescribed number of dimensions fewer than a number of dimensions of the first data; and a distinguishing unit configured to distinguish whether the first data is normal data or abnormal data by a semi-supervised anomaly detection, based on the first data and the second data.

Abstract: The present disclosure relates to secure storage of a detailed set of elements relating to fingerprint features for a finger and to a method for authenticating a candidate fingerprint of a finger using said detailed set of elements, allowing for improved security and user convenience.

Abstract: Various embodiments are generally directed to techniques to form and maintain secure communications among two or more body-carried devices disposed in close proximity to the body of a person to form a body area network (BAN). An apparatus to establish secure communications includes a processor component; a signal component for execution by the processor component to compare a signal characteristic of a security test signal to a known signal characteristic of the security test signal to derive a bioelectric characteristic, the security test signal received via a tissue; and a bioelectric component for execution by the processor component to determine whether to allow transmission of data through the tissue based on the bioelectric characteristic. Other embodiments are described and claimed.

Abstract: A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal.

Abstract: New and improved techniques for a behavior analysis based DNS tunneling detection and classification framework for network security are disclosed. In some embodiments, a platform implementing an analytics framework for DNS security is provided for facilitating DNS tunneling detection. For example, an online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis.

Abstract: A system for authenticating a user and his local device to a secured remote service with symmetrical keys, which utilizes a PIN from the user and a unique random value from the local device in such a way that prevents the remote service from ever learning the user's PIN, or a hash of that PIN. The system also provides mutual authentication, verifying to the user and local device that the correct remote service is being used. At the same time, the system protects against PIN guessing attacks by requiring communication with the said remote service in order to verify if the correct PIN is known. Also, the system works in such a way as to change the random value stored on the user's local device after each authentication session.

Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented being white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. Multiplicities of sets Mxi, i=1, 2, . . . =Mx11, Mx12, . . . Mx21, Mx22, . . . are formed from the output values a of the affine mapping A.

Abstract: A system for wireless memory device authentication is provided, wherein a communications device receives a certified public key from a wireless memory device. The communications device validates the public key and send a challenge to the wireless memory device. The wireless memory device sends a signature to the communications device and the communications device validates the signature in order to authenticate the wireless memory device.

Abstract: A system of interlocking smart bricks includes a shell having at least one raised protrusion and at least one hole. A plurality of sensors is disposed within the shell. Each sensor is configured to detect a proximity of additional smart bricks. A processor receives proximity detection data from the plurality of sensors. A radio transmitter transmits the proximity detection data to a host device. The host device receives the proximity detection data, determines an arrangement of the shell therefrom, compares the determined arrangement of the shell with a known target arrangement, determines a degree of match between the arrangement of the shell and the known target arrangement based on the comparison, and authenticates a user to one of a plurality of authentication levels based on the degree of match.

Abstract: The present invention relates to a secure component for protecting data in a storage entity and a method at the secure component of protecting data in the storage entity. Further, the present invention relates to a secure domain manager for securely associating a communicating party with a storage domain and a method at the secure domain manager of securely associating the communicating party with the storage domain. Moreover, the present invention relates to a trusted third party for verifying correctness of a launch package created by a secure domain manager to securely associate a communicating party with a storage domain and a method at the trusted third party to verify correctness of the launch package created by the secure domain manager to securely associate the communicating party with the storage domain.

Abstract: Systems and methods of dynamically updating CAPTCHA challenges are provided. For instance, a request to access an online resource can be received from a user device. A verification challenge can then be provided to the user device. One or more user responses to the verification challenge can be received. Each user response can correspond to an interaction by the user with an object from the plurality of objects. One or more risk assessment scores associated with the user can be determined based at least in part on the one or more user responses. The verification challenge can then be updated based at least in part on the one or more risk assessment scores and the one or more user responses.

Abstract: A security solution can be implemented using a layering system. By using a layering system, any changes that are made to a computing system can be isolated within a separate write layer. Due to this isolation, the changes, which may even be malicious, can be evaluated without fear that the resources in other layers will be negatively affected. In this way, even security threats that are still unknown to antivirus solutions (so-called zero-day attacks) can be prevented from harming the system.

Abstract: A system and method for the secure frictionless or near-frictionless authentication of a user's identity resulting in a determination signal that the user is who they claim to be, access granted, or is not who they claim to be, access denied. In one embodiment, a user accesses the login page of a website and, after a short pause, is granted access to a restricted website resource, for example their bank account. During the short pause signals are exchanged over a triad of telecommunication networks, from the webserver to an App on the user's cellphone where credentials and probability of possession are collected, encrypted and sent over near proximity network to the device being used to make the original login request that in turn forwards the accumulated authentication tokens to the webserver for verification. Upon success of the verification the user is granted access to the restricted resource, in this example, their bank accounts.

Abstract: A method to dynamically group devices based on device information, which is associated with a system for monitoring the device information that communicates information between a device and an enterprise. Information is collected from a device information source to obtain an actual status of a device. The actual status of the device is compared to a stored status of the device. The stored status is stored on a server of the enterprise. The enterprise determines if the actual status has been changed from the stored status. When a change is detected, the method performs at least one of the acts of automatically disassociating the device from a group that reflects the stored status and automatically associating the device with a new group to reflect the actual status.

Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.

Abstract: Transfer of data between at least one supervisory control and data acquisition (SCADA) device and an advanced metering infrastructure (AMI) device via a wireless communication network is facilitated. The data is used for monitoring and/or controlling the AMI device. A protocol conversion of the data is performed to facilitate transfer of the data between the SCADA device and the AMI device as data packets via a packet data network gateway and a wireless communications network.

Abstract: Systems and methods are provided for authenticating a user. The systems and methods include receiving a request to generate a user profile from a device of a user. The systems and methods may determine first information associated with a first entity from the request, and may also determine second information associated with a second entity distinct from the first entity from the request. The systems and methods may access, using system credentials not associated with the user, multiple distinct data sources in a specified order to retrieve additional information. Accessing these multiple distinct data sources may include retrieving a first item of the additional information using the first information, and retrieving a second item of the additional information using the second information. The systems and methods may authenticate the user based on the additional information, and may generate a user profile based in part on the additional information.

Abstract: A communication apparatus receives control information of first data and a plurality of types of header information of first data, the first data being received by a first data receiver; selects a parameter from the plurality of types of header information of the first data based on a priority of a first data receiver group to which the first data receiver belongs and a storage condition, the priority being indicated by priority information, the storage condition indicating the number of entries of a whitelist that can be stored in a whitelist storage first memory; and add, to the whitelist, an entry that includes control information of the first data and at least one parameter selected above.