Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server trains a machine learning-based behavioral model for the particular node based on the redirected traffic. The server controls whether a particular redirected traffic flow associated with the node in the LAN is sent to a destination of the traffic flow using the trained behavioral model.

Abstract: This disclosure relates to techniques for performing Wi-Fi authentication in a wireless communication system. Public key cryptography may be used to enhance the confidentiality of the user's permanent identity in transit. In some embodiments, a RSA-OAEP(SHA-256) encryption scheme may be used to protect the permanent identity when the EAP client needs to send the user's permanent identity to the server in the absence of pseudonym or fast re-authentication identity. In some embodiments, a server certificate is used to authenticate a iWLAN tunnel to protect an IMSI during setup of a Wi-Fi call. Using the methods described herein on both or either of the EAP client and server side may offer improved privacy protection.

Abstract: A computer system is provided. The computer system includes a memory and a processor coupled to the memory. The processor is configured to receive a first message from an identity provider, the first message including an arbitrary identifier generated by the identity provider, the arbitrary identifier being incompatible with a dependent process that is reliant upon the identity provider; encode, in response to reception of the first message, the arbitrary identifier into an encoded identifier that is compatible with the dependent process; and transmit a second message including the encoded identifier to the dependent process.

Abstract: Bayesian continuous user authentication can be obtained by receiving observed behavior data that collectively characterizes interaction of an active user with at least one computing device or software application. A sequence of events within the observed behavior data can be identified and scored using a universal background model that generates first scores that characterize an extent to which each event or history of events is anomalous for a particular population of users. Further, the events are scored using a user model that generates second scores that characterizes an extent to which each event or history of events is anomalous for the particular user who owns the account. The first scores and the second scores are smoothed using a smoothing function. A probability that the active user is the account owner associated with the user model is determined based on the smoothed first scores and the smoothed second scores.

Abstract: Methods, systems, and apparatus are described for transferring application data. In one aspect, a method includes causing, by a first component on a first device to establish a wireless connection with a second device; receiving, from a second component on the second device, data specifying one or more applications that are installed on the second device and supported by the second component, each of the applications being separate from the second component; determining, by the first component, that a first application installed on the first device matches one of the applications installed on the second device, the first application being separate from the first component; receiving, by the first component, first application data from the first application; and causing, by the first component, the first device to send the first application data to the second component running on the second device using the wireless connection.

Abstract: A memory device comprises a memory array including memory cells, a communication interface to a host device, and a memory control unit operatively coupled to the memory array and the communication interface. The memory control unit is configured to encrypt write data received via the communication interface to produce encrypted data, program a portion of the memory cells of the memory array with the encrypted data, read the encrypted data from the portion of the memory cells in response to a memory read request, decrypt the read encrypted data to produce read decrypted data only for portions of the read encrypted data not stored in purged regions of the memory array.

Abstract: According to one embodiment, a storage device includes a nonvolatile storage medium and a controller. The controller encrypts data with an encryption key, writes encrypted data into the storage medium, and manages a first and second encryption keys. The first encryption key encrypts data to be written into a first area and a second encryption key encrypts data to be written into a second area. The controller updates, if the first area is write protected and the second area is not write protected, the second encryption key without updating the first encryption key when receiving an initialization command from a host.

Abstract: To implement a security assessment system capable of assessing an attack path including an air gap path, there is provided an information processing apparatus including a system configuration detector that detects at least two hosts included in a system and a communication link between the at least two hosts, an air gap path detector that detects, among the at least two hosts, a pair of hosts between which there is no communication link but data movement can occur, a calculator that calculates a score concerning a possibility that the pair of hosts detected by the air gap path detector is used for an attack, and a security assessment unit that performs security assessment using the hosts, the communication link between the hosts, information of the pair of hosts, and the score.

Abstract: A method of operating a user device includes: detecting whether the user device is located within a restricted zone by a monitoring entity of the user device; and limiting access to the user device by the monitoring entity in response to detecting the user device as being outside the restricted zone.

Abstract: Techniques are provided for predicting a time to complete a data protection operation. One method comprises obtaining metadata for (i) a given data protection appliance, and/or (ii) a cluster of similar data protection appliances comprising the given data protection appliance; evaluating first level features using the obtained metadata; evaluating a second level feature using some of the evaluated first level features; and processing one or more of the first level features, and the second level feature, using a model that provides a predicted time to complete a data protection operation with respect to data of a protected device associated with the given data protection appliance. The predicted time may comprise a tolerance based on a robustness factor. The predicted time may be based on a number of protected devices that are concurrently undergoing a data protection operation with the protected device for one or more time intervals.

Abstract: An anomalous user session detector is disclosed. A sequence of operations in a logon session for an authorized user is gathered. A supervised learning model is trained to identify the authorized user from the sequence of operations. An anomalous session is detected by querying the supervised learning model.

Abstract: A method, apparatus and system for anomaly detection in a processor based system includes training a deep learning sequence prediction model using observed baseline behavioral sequences of at least one processor behavior of the processor based system, predicting baseline behavioral sequences from the observed baseline behavioral sequences using the sequence prediction model, determining a baseline reconstruction error distribution profile using the baseline behavioral sequences and the predicted baseline behavioral sequences, predicting test behavioral sequences from observed, test behavioral sequences using the sequence prediction model, determining a testing reconstruction error distribution profile using the observed test behavioral sequences and the predicted test behavioral sequences, and comparing the baseline reconstruction error distribution profile to the testing reconstruction error distribution profile to determine if an anomaly exists in a processor behavior of the processor based system.

Abstract: A device may generate a synthetic knowledge graph based on a true knowledge graph, may partition the synthetic knowledge graph into a set of synthetic data partitions, and may determine, using a plurality of teacher models, an aggregated prediction. The aggregated prediction may be based on individual predictions from corresponding individual teacher models included in the plurality of teacher models. The device may determine, using a student model and based on the synthetic knowledge graph and noise, a student prediction. The student model may be trained based on historical synthetic knowledge graphs and historical aggregated predictions associated with the plurality of teacher models. The device may determine an error metric based on the aggregated prediction and the student prediction, and may perform an action associated with the synthetic knowledge graph based on the error metric.

Abstract: An example terminal includes a communication circuitry configured to communicate with a server; and a data processor configured to request the server to include a second user in a relationship group of a first user and to extend, to the relationship group, a range of authorization for an Internet of Things (IoT) apparatus registered as an apparatus of the first user.

Abstract: Methods and systems described herein provide for protecting user information in an overlay service. Protecting user information may include redacting personally identifiable information (PII) from information that may be exposed to third parties. Additionally, protecting user information may include opening a second account on behalf of the user using a plurality of unique identifiers in lieu of information identifying the user. This protects users' identities and privacy as their assets are transferred between various institutions.

Abstract: A method and apparatus with provider information access authorization are provided. The method includes receiving a single sign-on (SSO) token from a provider apparatus for a validated login request by a client device for a user account, wherein the SSO token is indicative of the provider apparatus having authorized secure protocol access with the provider apparatus to access information at the provider apparatus associated with the user account, retrieving customer information from the provider apparatus using the SSO token, receiving information from the client device, confirming whether, based on the information and the customer information that a user of the user account is eligible to complete a data exchange, and in response to a result of the confirming being that the user of the user account is confirmed eligible to compete the data exchange, cause the provider apparatus to process the data exchange corresponding to the information.

Abstract: A memory system includes a nonvolatile memory including user areas, a volatile memory, a battery, and a controller configured to, when the volatile memory maintains first information indicating an access to a user area is permitted and a verification value upon startup of the system, determine whether the information is validated by the value, and upon determining that the information is validated, permit an access to the user area and prohibit the access to any other area, and when the volatile memory does not maintain the information and value, or the information is not validated, prohibit an access to any user area, and thereafter, upon receipt of a command and authentication information from the host, permit an access to the user area requested by the command, and generate and store in the volatile memory the information and the value for validating the generated information.

Abstract: A data-processing device is provided. The data-processing device includes: a flash memory, a computation unit, and a flash-memory controller. The flash-memory controller is electrically connected to the computation unit, and configured to control access to the flash memory. The flash-memory controller allocates a first execute-only memory (XOM) setting and a second XOM setting in a first memory bank and a second memory bank of the flash memory, respectively. The flash-memory controller allocates one or more XOM spaces in the flash memory according to the first XOM setting or the second XOM setting.

Abstract: A regulator system (24) of a regulator regulates administration of subscription identifiers. The regulator system (24) is configured to receive, from either an operator system (10) of a wireless communication network operator or an enterprise system of an enterprise, a record that includes information about administration of a subscription identifier associated with the wireless communication network operator. The regulator system (24) is also configured to verify whether administration of the subscription identifier as indicated by the record conforms to one or more rules (34) governing administration of subscription identifiers. The regulator system (24) is further configured to, depending on the verification, approve or reject the record for addition to a permissioned distributed database (26) (e.g., a permissioned blockchain) that is distributed at least in part between the regulator system (24) and either the operator system (10) or the enterprise system.

Abstract: An apparatus includes integrated circuitry (IC) and a further circuit. The IC includes internal circuits having sensitive/secret data (SSD) to be maintained as confidential relative to a suspect Hardware Trojan (HT) and including access ports through which information associated with the internal circuits is accessible by external circuitry associated with the HT. The further circuit to learn behavior of the internal circuits that is unique to the integrated circuitry under different operating conditions involving the internal circuits, involving the SSD and involving other data that is functionally associated with an application of the integrated circuitry.