Abstract: System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.

Abstract: Wireless network specific (WN-specific) key can be used to provide access protection over the radio access link. A WN-specific key may be associated with (or assigned to) a wireless network, and distributed to access points of the wireless network, as well as to user equipments (UEs) following UE authentication. The WN-specific key is then used to encrypt/decrypt data transported over the radio access link. The WN-specific key can be used in conjunction with the UE-specific keys to provide multi-level access protection. In some embodiments, WN-specific keys are shared between neighboring wireless networks to reduce the frequency of key exchanges during handovers. Service-specific keys may be used to provide access protection to machine to machine (M2M) services. Group-specific keys may be used to provide access protection to traffic communicated between members of a private social network.

Abstract: Provided are a mobile terminal, information processing method, information processing program, and computer-readable recording medium storing the program whereby, when in a locked state, a specific function is unusable but another function is usable, thereby improving user convenience. When this mobile terminal is in a state where lock function is enabled, a function where a terminal function unit accesses an IC chip to perform settlement processing using electronic money is unavailable, but a function where the terminal function unit accesses the IC chip to perform auto-charge process using electronic money is available. As a result, when the mobile terminal is locked, a function to perform settlement processing as a specific function is unusable but a function to perform auto-charge process as another function is usable, thereby improving user convenience.

Abstract: System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.

Abstract: According to examples, network sampling based path decomposition and anomaly detection may include evaluating computer-generated log file data to generate a master network graph that specifies known events and transitions between the known events, and decomposing the master network graph to generate a representative network graph that includes a reduced number of paths of the master network graph. A source may be monitored to determine a cyber security threat by receiving incoming log file data related to the source, comparing the incoming log file data related to the source to the representative network graph, and determining, based on the comparison of the incoming log file data related to the source to the representative network graph, an anomaly in the representative network graph. Further, based on the monitoring, a report indicative of the cyber security threat may be generated based on the anomaly in the representative network graph.

Abstract: The apparatus includes a management unit configured to manage an access right that is assigned to each of a plurality of users, and a storage unit configured to store a plurality of scenarios including the adjusting operation of the apparatus and a first access level that is assigned to each of the scenarios. Furthermore, the apparatus determines whether or not a scenario can be executed with the access right given to a user, by comparing the access right of the user with the first access level stored in the storage unit, and displays, before the scenario is executed, at least one of the plurality of scenarios on a display unit such that the determination result can be displayed identifiably.

Abstract: Methods and apparatuses for located-based content access control have been disclosed. A method may comprise: receiving, at a mobile device, from a short distance communication node, an identifier of the node; generating a device key for the mobile device based on the identifier of the node and an identifier of the mobile device; sending to the node the device key and the identifier of the mobile device, at least based on which the mobile device may be authenticated; and receiving, at the mobile device, from the node, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the mobile device.

Abstract: Various systems, mediums, and methods herein describe aspects of personal information platforms accessible with client devices over communication networks in data infrastructures. A system may determine data associated with a user. The system may determine a personal information platform (PIP) based on the data associated with the user, where the PIP is configured to identify a number of data types from the data associated with the user. The system may determine accesses for one or more entities to the number of data types based on one or more services provided by the one or more entities to the user. The system may cause a client device to display an indication of the PIP, where the indication provides the one or more accesses of the one or more entities.

Abstract: The disclosed computer-implemented method for detecting suspicious microcontroller messages may include (1) observing a typical interval at which messages are sent over a network by a microcontroller, (2) identifying a message sent over the network by the microcontroller, (3) determining that the interval between the message and the previous message sent by the microcontroller does not comprise the typical interval, and (4) categorizing the message as a suspicious message in response to determining that the interval does not comprise the typical interval. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: According to some embodiments, a method for training a malware detector comprising a deep learning algorithm is described, which comprises converting a set of malware files and non malware files into vectors by using a feature based dictionary, and/or by using a conversion into an image, and providing prospects that the files constitute malware. Various features and combinations of features are described to build a feature based dictionary and adapt its size. According to some embodiments, a method for detecting a malware by using a malware detector comprising a deep learning algorithm is described, which comprises converting a file into a vector by using a feature based dictionary, and/or by using a conversion into an image, and providing prospects that the file constitutes malware. Methods for providing a plurality of prospects and aggregating these prospects are provided. Additional methods and systems in the field of malware detection are also described.

Abstract: The present disclosure provides a user verifying method, a terminal device, a server and a storage medium. The method may include: receiving, by a terminal device, a motion instruction from a server, and displaying the motion instruction on a display interface of the terminal device; obtaining sensed data of a gyroscope equipped in the terminal device and sending the sensed data to the server; determining, by the server, whether a motion trail of the terminal device constructed according to the sensed data meets a requirement of the motion instruction; and determining, by the server, that a user of the terminal device passes a user verification if the motion trail of the terminal device constructed according to the sensed data meets the requirement of the motion instruction. The method ensures that only human can accomplish the verifying process, which promotes the security of the user verification and improves the user experience.

Abstract: An information processing apparatus includes first processing means for performing a setting for performing encrypted communication on the information processing apparatus in response to a command based on a first communication procedure, second processing means for performing a setting for performing encrypted communication on the information processing apparatus in response to a command based on a second communication procedure, and transmitting means for transmitting information indicating that the setting for performing the encrypted communication is made in response to the command based on the first communication procedure to a reception apparatus if the command based on the second communication procedure is received from the reception apparatus after the first processing means performs the setting for performing the encrypted communication on the information processing apparatus in response to the command based on the first communication procedure.

Abstract: Data transfer between a first computer system and a second computer system utilize parallel servers of the second computer system. A plurality of data chunks collectively comprise a data object. The data chunks may be encrypted and sent over parallel channels to the second computer system, which may be a data storage service of a computing resource service provider. The data object, or a portion thereof, may be downloaded from the data storage system in parallel.

Abstract: The present invention provides a method for authenticating distributed peripherals on a computer network using an array of physically unclonable functions (PUF). As each PUF is unique, each PUF is able to generate a plurality of challenge response pairs that are unique to that PUF. The integrated circuits of the PUF comprise a plurality of cells, where a parameter (such as a voltage) of each cell may be measured (possibly averaged over many readings). The plurality of cells in the PUF may be arranged in a one, two or more dimensional matrix. A protocol based on an addressable PUF generator (APG) allows the protection of a network having distributed peripherals such as Internet of things (IoT), smart phones, lap top and desk top computers, or ID cards. This protection does not require the storage of a database of passwords, or secret keys, and thereby is immune to traditional database hacking attacks.

Abstract: A computer-implemented method for generating digital media tasks, authorizing digital media associated with the digital media tasks, and evaluating the digital media is provided. In an embodiment, a server computer creates a digital media task and sends it to one or more mobile computing devices. When the server receives digital media from a mobile computing device, the server computer determines whether it is authorized to provide other computing devices with access to the digital media. Determining whether the server computer is authorized to provide other computing devices with access to the digital media may comprise determining whether the server computer has current waivers for the digital media or whether supervisory computing device has provided authorization.

Abstract: A method of transacting medical information includes receiving medical information from a medical sources, identifying, mapping, and consolidating the received medical information by a back-end medical processor, providing access to specific relevant data, based on a user's security privileges, within the identified, mapped, and consolidated medical information, based on user-specific functions or roles by a front-end medical processor, and generating user-customized processed medical information to a plurality of users, with at least a portion of the user-customized processed medical information being provided to each of the plurality of users based on its relevancy to each user's specific function or role and each user's associated security privileges.

Abstract: Techniques to use operating system redirection for network stream transformation operations are described. In one embodiment, an apparatus may comprise a network stream component operative to receive a network stream, the network stream associated with an application on a device; modify the network stream to generate a modified network stream; and send the modified network stream through an operating system for the device; and a local virtual private network component operative on the processor circuit to: receive the modified network stream from the operating system as a plurality of modified network stream packets; determine a network connection policy based on the application; and send the plurality of modified network stream packets to a destination network address via the network interface controller when the network connection policy indicates sending. Other embodiments are described and claimed.

Abstract: Briefly, in accordance with an embodiment, a method of managing, without human intervention, at least one private network is disclosed. For example, managing the at least one private network includes connecting the at least one private network to the Internet. Furthermore, the at least one private network communicates selected signal packets from at least one network device in one of at least two separate logical broadcast domains transmitted to at least one network device in another of at least two separate logical broadcast domains as if the logical broadcast domains are not separate. The selected signal packets are transmitted between the network devices of the at least two separate logical broadcast domains via a tunnel server.

Abstract: A method includes first encoding first data into a first plurality of sets of encoded data slices, wherein the first encoding is in accordance with a first dispersed error encoding function. The method further includes second encoding second data into a second plurality of sets of encoded data slices, wherein the second encoding is in accordance with a second dispersed error encoding function. The method further includes creating a plurality of mixed sets of encoded data slices from the first and second plurality of sets of encoded data slices in accordance with a mixing pattern. The method further includes outputting the plurality of sets of mixed encoded data slices to storage units of the DSN for storage therein.

Abstract: A system, method, and computer program product are provided for implementing a virtual obfuscation service in a network. In use, an obfuscation service component is initiated in a network system including one or more virtual services, the obfuscation service component including at least one of: at least one first obfuscation service component associated with a physical portion of the network system or at least one second obfuscation service component associated with a cloud-based virtual portion of the network system. Further, communication to be sent from the physical portion of the network system to the cloud-based virtual portion of the network system is identified. Additionally, the communication is directed from the physical portion of the network system to the first obfuscation service component associated with the physical portion of the network system.