Abstract: Systems and methods are disclosed for a local evolved packet core (EPC) that interoperates with an eNodeB and a remote EPC.

Abstract: Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication process. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider.

Abstract: The invention relates to a method for operating an entity of a WLAN network. The method comprises the following steps. First, an access request is received from a subscriber of a mobile communications network, wherein the access request is based on a mobile network identity used in the mobile communications network to authenticate the subscriber. Then, from an authentication entity configured to authenticate a subscriber in the mobile communications network, radio resource information is received for the subscriber which comprises subscriber specific information how radio resources of a radio network part of the mobile communications network should be used. Furthermore, a radio resource usage of the subscriber in the WLAN network is determined taking into account the received radio resource information.

Abstract: A method for storing data on a storage entity (SE) includes: computing a file identifier for a file to be stored on the SE; checking if the file has already been stored using the file identifier; generating a user-specific private and public identifier; updating or computing tags of the file by the client such that the updating or computing is homomorphic in the user-specific private identifier and in parts of the file; providing the user-specific public identifier, the updated tags and a proof of possession of the secret identifier to the SE; verifying the proof-of-possession; verifying validity of the tags; upon successful checking, storing a public identifier for the file incorporating the user-specific public identifier and the updated tags by the SE; and upon a case where it is determined that the file has not already been stored, storing the file.

Abstract: Various systems and methods are provided that retrieve raw data from issuers, reorganize the raw data, analyze the reorganized data to determine whether the risky or malicious activity is occurring, and generate alerts to notify users of possible malicious activity. For example, the raw data is included in a plurality of tables. The system joins one or more tables to reorganize the data using several filtering techniques to reduce the processor load required to perform the join operation. Once the data is reorganized, the system executes one or more rules to analyze the reorganized data. Each rule is associated with a malicious activity. If any of the rules indicate that malicious activity is occurring, the system generates an alert for display to a user in an interactive user interface.

Abstract: A method for anonymously identifying a security module by a server. The method includes: receiving, from the module, a request for the address of a server managing subscription data of an operator, the request including a current identification value of the module, which depends on an identifier of the module and a current date; searching for the current identification value in at least one set of identification values, the set being associated with an operator and including, for a given module, a plurality of identification values, which are calculated depending on the identifier of the module and a date, the date varying for the plurality of identification values of the set between a start date and an end date; and sending, to the security module, the address of the server managing subscription data associated with the operator when the current identification value appears in the set of identification values.

Abstract: Apparatus and methods of operation of the apparatus that create a virtual machine and enable an Agent within the virtual machine to another Agent via a digital communications network and establish a communication channel for logical communications via the digital communications network. Communications transmitted and received according to the present invention proceed directly from a PeN agent to a second Agent without any storage or recordation of the transaction on an intermediate server. In some embodiments, the digital communications according to the present invention remain essentially imperceptible to network operators.

Abstract: Aspects of the disclosure relate to processing systems perform dynamic asset adjustment. A computing platform may split a parent element of a stored element chain into sub-elements, containing a fixed parameter and a variable parameter and each linked to the parent element through the stored element chain. The computing platform may determine a change in the variable parameter, resulting in a modified variable parameter. Based on a comparison of the modified variable parameter to a plurality of predetermined discrepancy thresholds, the computing platform may determine a number of quorum approvers for approval of the change to the variable parameter. The computing platform may receive quorum approval inputs corresponding to the number of quorum approvers for the approval of the change to the variable parameter. Based on the plurality of quorum approval inputs received, the computing platform may determine that a quorum approval threshold is satisfied.

Abstract: A managed directory service receives a request from a first service to link a directory of a contractor service to the first service's directory. The managed directory service identifies a group within the directory of the contractor service and links the directories using this group. Through the link, the managed directory service enables users in the group to authenticate to the first service's directory using credentials for the directory of the contractor service.

Abstract: A method is provided that protects electronic Identity information based on key derived operation. The method includes using an electronic Identity server to send an application derived identifier of the application and user electronic Identity code to a host security module that randomly generates an application master key, encrypts the application derived identifier with the application master key, and gets an application encryption key. The host security module encrypts the user electronic Identity code with the application encryption key, and gets an encryption document. The electronic Identity server codes the encryption document and an application identity code, and gets an application electronic Identity code. The electronic Identity server uses the application electronic Identity code as the user identifier.

Abstract: A system, method and computer-readable medium for generating a data masking syntactic definition for a data element of an unknown data type, including generating one or more alphabets corresponding to one or more element member positions of the data element based at least in part on element members occurring at each element member position in a plurality of data elements of the unknown type, each alphabet comprising a set of one or more sequential element members that have occurred in the plurality of data elements at an element member position and generating a positional map describing a syntactic structure of the data element by mapping at least one of the one or more alphabets to each element member position of the data element.

Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.

Abstract: A method for new wireless extender onboarding in a wireless network includes scanning a machine readable indicia on the new wireless extender, transmitting an identifier represented by the machine readable indicia to a network gateway of the wireless network, computing a secure hash of the identifier provided into a proprietary information element, transmitting the secure hash to existing wireless extenders in the wireless network, communicating beacons comprising the secure hash to the new wireless extender, determining a strongest received signal strength indication from received signal strength indications associated with the network gateway and the existing wireless extenders, and initiating a Wi-Fi Protected Setup (WPS) pairing session with one of the network gateway and the existing wireless extenders associated with the strongest received signal strength.

Abstract: A random value generator is provided that comprises a carbon nanotube structure that generates a random output current in response to a voltage input. The random value generator includes a random value output circuit coupled to the carbon nanotube structure that receives the random output current from the carbon nanotube structure and generates a random output value based on the received random output current from the carbon nanotube structure.

Abstract: A system and methods for providing and reclaiming a single use imaging device for sterile environments is disclosed and described. The system may include a single use high definition camera used for general purpose surgical procedures including, but not limited to: arthroscopic, laparoscopic, gynecologic, and urologic procedures, may comprise an imaging device that is a sterile and designed to ensure single use. The imaging device may have a single imaging sensor, either CCD or CMOS, encased in a housing.

Abstract: A mobile communication device. The mobile communication device comprises a processor, a non-transitory memory, a subscriber identity module (SIM), wherein the SIM stores an encryption key, and a client application stored in the non-transitory memory. When executed by the processor, the client application transmits a server application authentication token request comprising an identity of the SIM, receives a message comprising a value, requests the SIM to encrypt the value using the encryption key stored by the SIM, receives an encrypted value from the SIM, transmits the encrypted value in a message, receives a server application authentication token, stores the server application authentication token in the non-transitory memory, transmits a server application access request comprising the server application authentication token, and conducts a communication session with the server application.

Abstract: Systems and methods for NAC access policy creation and reconfiguration of access points to enforce same are provided. A NAC device maintains (i) an access point model that maps logical networks to a corresponding enforcement action implementation for each access point associated with a private network and (ii) access policies each specifying a current state of a particular endpoint device and an enforcement action, specified with reference to a logical network. Responsive to an event associated with an endpoint, the NAC device receives an attribute of the endpoint. A matching access policy is identified based on the attribute. The corresponding enforcement action implementation for the access point to which the endpoint is connected is retrieved based on the logical network specified in the matching access policy. Finally, the access point is reconfigured by the NAC device to perform the enforcement action based on the retrieved enforcement action implementation.

Abstract: In response to communications between one or more given networks and one or more other networks, a network protection appliance discovers one or more computing resources of the one or more given networks from a plurality of protocol layers of the received communications. The network protection appliance also gleans properties of the one or more discovered computing resources of the one or more given networks from the plurality of protocol layers of the received communications. The network protection appliance maps the gleaned properties of the one or more discovered computing resources of the one or more given networks to a plurality of network protection policies. The network protection appliance also determines an applicable network protection policy for processing a corresponding received communication from the mapping of the gleaned properties of the one or more discovered given computing resources of the one or more given networks to the plurality of network protection policies.

Abstract: An electronic control unit for a vehicle, the electronic control unit comprising a processor comprising: a processor core; storage, the storage storing data comprising instructions for the processor core; a tamper-resistant hardware security module which is coupled to the storage for reading and writing; and an external interface; the electronic control unit further comprising further storage connected to the processor through the external interface and containing further data; in which the hardware security module is arranged to cause a determination whether the data in the storage has been tampered with and, on a determination that the data has been tampered with, to cause the further data to be loaded into the storage from the further storage over the external interface. Other apparatus and methods for improving the security of electronic control circuits are disclosed.

Abstract: Disclosed are various approaches for providing authentication of a user and a client device. A user's credentials can be authenticated by an identity provider. In addition, a device posture assessment that analyzes the device from which the authentication request originates is also performed. An authentication request can be authenticated based upon whether the device posture assessment reveals that device to be a managed device that is in compliance with compliance rules.