Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for providing security postures for a service provided by a heterogenous system. A method for verifying trust by a service node includes receiving a request for a security information of the service node from a client device, wherein the request includes information identifying a service to receive from the service node, identifying a related node to communicate with the service node based on the service, after identifying the related node, requesting a security information of the related node, generating a composite security information from the security information of the service node and the security information of the related node, and sending the composite security information to the client device. The composite security information provides security claims for a service implemented by a heterogenous devices that have different trusted execution environments.

Abstract: A communication apparatus determines whether to use, for connection to another communication apparatus forming a wireless network, an identifier different from a service set identifier (SSID) of the wireless network and a password of the wireless network, based on one of a Beacon, a Probe Response, or a Simultaneous Authentication of Equals (SAE) Commit received from the other communication apparatus, and controls a display unit in such a manner that, in a case where it is determined not to use the identifier for connection to the other communication apparatus, the display unit does not display a screen for inputting the identifier and, in a case where it is determined to use the identifier for connection to the other communication apparatus, the display unit displays the screen for inputting the identifier.

Abstract: The present disclosure provides a graphical watermark, a method and an apparatus for generating a graphical watermark, and a method and an apparatus for authenticating a graphical watermark. The graphical watermark includes: a plurality of graphical markers carrying position and pose information, and identity information of the graphical watermark; and a watermark pattern provided between a pair of graphical markers.

Abstract: Systems, devices, media and methods are presented for detecting anomalous resources and events in social data. The systems and methods receive a plurality of events associated with a plurality of resources, wherein the plurality of events includes a plurality of features. The systems and methods detect a set of anomalous resources from the plurality of resources and identify a set of anomalous events associated with the set of anomalous resources. The systems and methods cause an interface to be displayed on a computing device, wherein the interface includes the set of anomalous resources and the set of anomalous events.

Abstract: In a wireless access network, a false base station (FBS) may imitate a legitimate base station by repeating the transmissions of the legitimate base station at a higher power level such that one or more user equipment (UEs) synchronize with the FBS instead of the legitimate base station. The present disclosure provides a UE that detects an FBS. The UE may estimate a time of arrival of different multipath components of a downlink signal corresponding to a physical cell identity. The UE may determine an existence of FBS based on a difference between the times of arrival of two of the different multipath components exceeding a threshold amount of time. The UE may perform a mitigation operation in response to determining the existence of the FBS.

Abstract: A system comprises a memory and a processing apparatus. The memory stores a collection of personal information data and a data catalog of the collection of personal information data. The processing apparatus executes generating the machine learning model according to a designated machine learning logic, based on personal information data, corresponding to designated metadata in the data catalog and a designated data range. And the processing apparatus, executes calculating a personal identification risk which shows a risk of a person being identified based on an output of the machine learning model. Then the processing apparatus executes outputting the machine learning model when the personal identification risk, does not exceed a predetermined threshold.

Abstract: Techniques for using an end-to-end policy controller to utilize an inventory of enforcement points to generate a chain of enforcement points having capabilities to enforcement individual operations of an intent-based security policy associated with an entity accessing a resource. A network controller may intelligently split an intent-based security policy and send portions thereof to enforcement points along a path configured for an entity to access a resource. For example, a portion of a security policy corresponding to an operation may be mapped to and implemented by an enforcement point having a capability to perform the operation. Once each operation of a security policy has been mapped to an enforcement point, a chain of enforcement points may be generated.

Abstract: Disclosed herein are system, method, and computer program product embodiments for managing and tracking the deployment of a cloud control within a cloud network where creation of the cloud control may be distributed between different user devices in the cloud network. A cloud control is implemented using a control policy which is composed of one or more components that provide functions for executing a functionality of the cloud control. A component workflow manager delegates control of the one or more components to different user devices and tracks the development workflow of the components as they progress through workflow states until they are ready for deployment within the cloud network.

Abstract: Disclosed is a physical unclonable function generator circuit and method.

Abstract: A device includes interface circuitry to receive requests from at least one host system, a primary processor coupled to the interface circuitry, and a secure processor coupled to the primary processor. In response to a failure of the primary processor, the secure processor is to: verify a log retrieval command received via the interface circuitry, wherein the log retrieval command is cryptographically signed; in response to the verification, retrieve crash dump data stored in memory that is accessible by the primary processor; generate a log file that comprises the retrieved crash dump data; and cause the log file to be transmitted to the at least one host system over a sideband link that is coupled externally to the interface circuitry.

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: Various aspects of the subject technology relate to systems, methods, and machine-readable media for granting access to cases for users through a common data model that brings together data from multiple e-discovery applications. The method includes associating a user with a case number. The method includes assigning a case name to each case number. The method includes associating contact information of the user with the case number. The method includes receiving a request to access the case number. The method includes, in response to receiving the request, issuing an access link to the user. The method includes authenticating the user based on at least the access link. The method includes granting access to the case number based on the contact information. The method includes generating data insights regarding the case number. The method includes causing display of the data insights through a user interface.

Abstract: A wireless communication network includes a plurality of first electronic devices configured for wireless communication, at least one second electronic device configured for wireless communication, and at least one access point configured to wirelessly receive client data from, and transmit network data to, the plurality of first electronic devices and the at least one second electronic device. The wireless communication network further includes a virtual private wireless communication sub-network that includes the plurality of first electronic devices and excludes the at least one second electronic device. The virtual private wireless communication sub-network is configured to enable each of the plurality of first electronic devices to automatically connect with the wireless communication network.

Abstract: Systems and methods for creating fingerprints for devices are described herein. In various embodiments, the system includes a device management system operatively coupled to a merchant system. According to particular embodiments, the device management system: 1) receives a first payload correspond to a device from the merchant system, the first payload including data in a particular format; 2) creates a fingerprint for the device by parsing the first payload and creating a record of a section format for each of one or more distinct sections of the particular format; and 3) comparing a format of each subsequent payload that corresponds to the device to the fingerprint for the device to determine whether the device has been compromised.

Abstract: A method for providing remote programming of a supply tag of a print supply used with an authorized entity's card personalization system is provided. The method includes an issuance server authenticating remote programming of the supply tag, receiving first supply tag data of the print supply including a first digital signature, updating the first supply tag data to obtain second supply tag data, and issuing a second digital signature based on the second supply tag data. The second digital signature secures the second supply tag data.

Abstract: In general, techniques are described by which to perform secure fine time measurement for wireless communication protocols. An initiating station comprising wireless communication circuitry may be configured to perform the techniques. The wireless communication circuitry may be configured to receive, in accordance with a wireless networking protocol for communicating between the initiating station and a responding station, a first fine time measurement specifying a first time. The wireless communication circuitry may also be configured to receive, in accordance with the wireless networking protocol and for the corresponding first time, a first message integrity code. The wireless communication circuitry may next be configured to authenticate, based on the first message integrity code, the responding station to establish that the fine time measurement is from a trusted responding station.

Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

Abstract: Aspects of the disclosure relate to a system and method for securely authenticating a device via token(s) and/or verification computing device(s). A verification computing device may generate a pseudorandom number or sequence. Based on the pseudorandom number or sequence, the verification computing device may select a first plurality of parameters associated with a user of a device to be authenticated. The verification computing device may transmit, to the device, the pseudorandom number or sequence, and the device may select a second plurality of parameters. The device may generate a token based on the second plurality of parameters. The device may send the token to another device, and the other device may send the token to the verification computing device. The verification computing device may authenticate the device based on the token.

Abstract: In general, embodiments relate to a method for managing a network device, including receiving an incoming frame originating from a host, where the incoming frame includes IP address of the host and a payload specifying information associated with an external server. The further includes determining, using the IP address of the host and an IP address to segment identifier (ID) mapping, that the host is associated with a first segment, in response to the determining, forwarding the incoming frame towards a redirection server executing on the network device, where the first segment is associated with a first policy and where the first policy specifies that the incoming frame is to be forwarded to the redirection server.

Abstract: A method of detecting blockchain miner code executing in a web browser including receiving a profile for the browser identifying typical resource consumption by the browser in use; responsive to a detection of a deviation of the resource consumption by the browser from the profile, intercepting a communication with the browser including a cryptographic nonce, training a plurality of classifiers based on generated training examples, each training example being generated by applying a hashing algorithm to the nonce such that each classifier is trained with training examples generated using a different hashing algorithm; intercepting one or more second communications with the browser, each of the second communications including a hash value; executing at least a subset of the classifiers based on the hash value of each of the second communications; and identifying malicious miner code executing in the browser.