Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.

Abstract: A communication session may be broken up into many smaller packet bundles over many tunnels and over different routes in order to obfuscate the entire data stream. Apparatuses may dynamically build hop-by-hop tunnels in a backbone telecommunications network, segment data into packet bundles at the customer edge, or break up data traffic of a communication session along multiple routing or switching paths in order to obfuscate the data traffic of the communication session.

Abstract: The present disclosure relates to a problem management method for a user system. A method may include detecting an error in the user system. A signed package may be provided in accordance with the detected error, wherein the package comprises at least a script. The user system may verify the authenticity of the package using a signature of the package, and may execute the script if the package is authentic.

Abstract: Methods and systems for secure authentication in an extended reality (XR) environment are described herein. An XR environment may be output by a computing device and for display on a device configured to be worn by a user. A first plurality of images may be determined via the XR environment. The first plurality of images may be determined based on a user looking at a plurality of objects, real or virtual, in the XR environment. The first plurality of images may be sent to a server, and the server may return a second plurality of images. A public key and private key may be determined based on different portions of each of the second plurality of images. The public key may be sent to the server to register and/or authenticate subsequent communications between the computing device and the server.

Abstract: A system and method of implementing an API of an authentication service includes implementing a confirmation API, wherein the implementing includes: initiating a confirmation API request based on receiving an access request, wherein the confirmation API request operates to perform an authentication of a requestor making the access request; identifying the requestor based on a search of the requestor via the confirmation API; identifying, by one or more API endpoints of the remote authentication service: (i) a subscriber account of the subscriber maintained by the remote authentication service and (ii) identifying a user device of the requestor that is enrolled with the subscriber account based on the confirmation API request; transmitting a confirmation request to the user device; obtaining from the user device a response to the confirmation request and presenting the response to the confirmation request to the subscriber; and granting or denying the access request.

Abstract: A memory controller and a storage device including the same are disclosed. A memory controller for controlling a nonvolatile memory includes: a security access control module configured to convert biometric authentication data received from a biometric module into security configuration data having a data format according to a security standard protocol and perform, based on the security configuration data, at least one of authority registration and authority authentication of a user authority set for an access control of a secure area of the nonvolatile memory, encrypted user data being stored in the secure area; and a data processing unit configured to, based on an access to the secure area being permitted, encrypt user data received from a host device or decrypt the encrypted user data read from the secure area.

Abstract: Multiple, separately administrated computer systems storing slices of the cipher text of a Personally Identifiable Information (PII) data item that is represented by a token. The token is used as a substitute of the data item. The data item is encrypted using a public key. To recover the data item, a complete set of the slices is retrieved from the separate computer systems and decrypted using the private key corresponding to the public key. Instances and circumstances of the usages of the data item can be recorded under the token in a blockchain ledger in connection with the retrieval and/or decryption of the cipher text. A data item owner may use the data item and the public key to recreate the cipher text, retrieve the token stored with the cipher text in the separate computer systems, and then query the ledger for a usage history of the data item.

Abstract: A method, a device, and a non-transitory storage medium are described in which an blockchain-based network information management service is provided. The service provides blockchain mechanisms that allows for the management and disbursement of network information among network devices of a RAN, a core network, and an application layer network. The service may define a structure for the network information that may be used by RAN devices, core devices, and application layer devices of different vendors and third parties.

Abstract: A one-time password (OTP) is transmitted to an authorized wireless device for use an authentication factor, even though the OTP may be intercepted or otherwise viewed with an unauthorized device. When a secure request is initiated that requires entry of an OTP as an authentication factor, a hyperlink is transmitted to a wireless device from which the secure request is initiated. When the hyperlink is selected, a connection is established with an entity that determines mobile number information associated with the SSL connection. Comparison of the determined mobile number information and the mobile number of the wireless device to which the hyperlink was intended to be sent indicates whether the wireless device that has established the SSL connection is the authorized wireless device. The OTP is displayed on the wireless device after that device has been verified as the authorized wireless device.

Abstract: A user may view a device with augmented reality glasses which may have a camera that views and collects data on the screen of the user device. When the user desires to access an account for which multifactor authentication is required, a one-time password may be sent to the user. The glasses may recognize the one-time password and determine if the one-time password originated from the user device. If the glasses verify that the one-time password originated from the user based on context of the user device display or the geographic locations of the devices, then the glasses will send the password to the service associated with the one-time password. The glasses may send the password back to the user device, send it to an intermediate server, or send it directly to the server associated with the service that provided the one-time password.

Abstract: Methods and systems are described for compressing a tree structure associating network packet signatures with network packet metadata, the tree structure comprising a plurality of non-leaf nodes of single bit test nodes and a plurality of leaf nodes comprising network packet metadata, the method comprising determining whether the sub-portion of the tree structure is to be compressed. If determination is made that the sub-portion of the tree structure is to be compressed, generating a compressed node data structure, the compressed node data structure comprising a path of the sub-portion of the tree structure, the path comprising a sequence of bits formed by a concatenation of the single bits associated with each one of the consecutive non-leaf nodes of the sub-portion of the tree structure, the number of bits of the sequence being equal or greater than the compression threshold.

Abstract: Implementations efficiently verify an identity claim for an entity. An example method includes receiving a query key and a property identifying an entity and identifying a possible match for the property from graph access records, the possible match being a node in an identity chain. The method also includes verifying a complete chain from the possible match to a genesis node in the chain. The query key is used to find a next node in the chain. Failure to identify the genesis node results in an unsuccessful verification. The method also includes generating a response that indicates a successful verification request responsive to locating the genesis node and generating a response that indicates an unsuccessful verification request otherwise.

Abstract: A data protection method is provided. The data protection method includes the following. A first image is obtained; at least one first object image in the first image is identified; the at least one first object image is analyzed to capture multiple first characteristic values of multiple characteristic points of the at least one first object image; and an encryption key is generated according to the first characteristic values.

Abstract: A vehicle includes: at least one memory configured to store at least one default Instruction Structure Key (ISK), a generated ISK, and a pin code of the vehicle; and at least one processor. The at least one default ISK may include a first default ISK and a second default ISK. The processor may generate a random number using the first default ISK, receive the second default ISK encrypted with the generated ISK generated based on the pin code, and determine the generated ISK as an encryption key for encryption communication of the vehicle when the generated random number and the random number corresponding to the second default ISK are the same.

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

Abstract: Federation of trusted data distribution systems is accomplished by treating an entire data distribution network as either a publisher or subscriber to a feed in another data distribution network. A first data feed is created in a first data feed management subsystem associated with a first data distribution network. A second data feed related to the first data feed is created in a second data feed management subsystem associated with a second data distribution network. A first data access policy is associated with the second data feed and a publisher for the second data feed is created in the second data distribution network. The identity and authentication of a second subscriber to the second data feed in the second data distribution network is managed by referencing the first data access policy.

Abstract: A system for applying fingerprinting/watermarking of consumer data, and analyzing “wild files” of consumer data to assign a guilt score for a particular party who may have leaked the data, allows the owner of data sources (“Data Owners”) to identify and assert ownership of textual data that has been distributed outside of their firewall in the clear (i.e., without encryption), either intentionally or unintentionally, and assign guilt to parties misusing the data. The system can be used by Data Owners who transmit, lease, or sell data to individuals or organizations (“Trusted Third Parties” or “TTPs”) to recognize and assert ownership of their data in the case where one or more TTPs leaks the data (the leaked file is defined as a “Leaked Subset”) into the hands of others (“Bad Actors”) who either knowingly or unknowingly use the data illegally.

Abstract: A user can share (show) multimedia information while simultaneously communicating (telling) with one or more other users over a network. Multimedia information is received from at least one source. The multimedia information may be manually and/or automatically annotated and shared with other users. The multimedia information may be displayed in an integrated live view simultaneously with other modes of communication, such as video, voice, or text. A simultaneous sharing communication interface provides an immersive experience that lets a user communicate via text, voice, video, sounds, music, or the like, with one or more other users while also simultaneously sharing media such as photos, videos, movies, images, graphics, illustrations, animations, presentations, narratives, music, sounds, applications, files, and the like. The simultaneous sharing interface enables a user to experience a higher level of intimacy in their communication with others over a network.

Abstract: An electronic device is provided. The electronic device includes a communication interface including circuitry, a memory, and a processor which, based on receiving ID information generated by performing a first encryption process on biometric information and password information generated by performing a second encryption process on the biometric information from an external electronic device through the communication interface, is configured to control the electronic device to: store the ID information and the password information in the memory.

Abstract: A cyber threat intelligence (CTI) gateway device may receive rules for filtering TCP/IP packet communications events that are configured to cause the CTI gateway device to identify communications corresponding to indicators, signatures, and behavioral patterns of network threats. The CTI gateway device may receive packets that compose endpoint-to-endpoint communication events and, for each event, may determine that the event corresponds to criteria specified by a filtering rule. The criteria may correspond to one or more of the network threat indicators, signatures, and behavioral patterns. The CTI gateway may create a log of the threat event and forward the threat event log to a task queue managed by a cyberanalysis workflow application. Human cyberanalysts use the cyberanalysis workflow application to service the task queue by removing the task at the front of the queue, investigating the threat event, and deciding whether the event is a reportable finding that should be reported to the proper authorities.