Abstract: Disclosure are techniques for allocating aggregation devices in a lawful intercept system. In an embodiment, a method includes maintaining a list of point of interception aggregation (PAG) functions in a network function repository function (NRF) of a cellular network upon instantiation of the PAG functions; receiving a lawful intercept (LI) request; querying the NRF to determine a respective PAG function; and associating a point of interception (POI) function with the respective PAG function.

Abstract: One or more first servers can implement an example method including storing, at a memory accessible by the first one or more servers, a primary email address for a user. The method further includes detecting a request, from a client device associated with the user, to access a network resource hosted at a second one or more servers, wherein the network resource is associated with an online service. The method also includes automatically generating a secondary email address for the user that is unique to the online service; and transmitting the secondary email address to the second one or more servers such that the online service receives the secondary email address for the user without receiving the primary email address for the user, thereby enabling the online service to transmit emails to the user despite not receiving the primary email address for the user.

Abstract: A system for providing updatable secure content resource. A content server may pay a content resource on the content author for an access by a requester. The content server receives a session request call from the requester prior to accessing the content resource. In response to the session request, the content server generates a session for the requester. The content server generates a payload that includes a location identifying the content resource on the content author and embeds the embedded cryptographic content. The content server transmits the generated payload to the requester. A resource server may receive an authentication access request in response to the embedded cryptographic content. In response to authenticating the authentication access request, the resource server provides the access to the requester.

Abstract: Embodiments of the present disclosure provide a method, a system and a non-transitory computer-readable medium to securely pass a message. The method includes executing, by a processing device, a floating persistent volumes service (FPVS) to allocate and attach persistent volume (PV) to a first node in a mesh network to pass a payload in the PV to the first node; and sending a first message to the first node to inform the first node to read data from the payload in the PV.

Abstract: The invention is related to security systems and methods for proactively informing a user about an artifact associated with a clickable object on a user interface with which the user is interacting, where such information is provided to the user prior to selection of the clickable object. The information includes a safety assessment of the clickable object, details about the underlying artifact, such as the contents of an archive file, and general information helpful in assisting the user with making a decision as to whether to select the clickable object.

Abstract: An information processing apparatus includes: an acquisition unit configured to acquire learning data containing a plurality of items, the learning data being assigned a first level and a second level whose threat level is higher than the first level; a first feature value detection unit configured to detect a first feature value of a specific character string from learning data belonging to the first level; a second feature value detection unit configured to detect a second feature value of the specific character string from learning data belonging to the second level; a difference detection unit configured to detect a difference between the first and second feature values; and a selection unit configured to select, when there is the difference, learning data of an item to which the specific character string belongs.

Abstract: An integrated method for uploading data on a blockchain comprising: receiving an editable text data or an editable form data by the data source computer device; determining whether a file update time of the editable text data or the editable form data is later than a last change time stored by the service server and corresponding to the data by the data source computer device; sending the data to the service server when the data source computer device determined that the file update time is later than the last change time by the data source computer device; executing a corresponding service that is able to access data of a blockchain and upload the data to the blockchain according to the data from the data source computer device by the service server. Therefore, the data can be efficiently and quickly uploaded to the blockchain.

Abstract: A quantum block-chained authentication solution with quantum authentication processes for data transmissions passing through a peer-to-peer (P2P) network including a plurality of agent nodes comprises a system that is capable of not only performing a smart contract on a block-chained virtual-machine mechanism for transmitting a data from an agent node to another agent node passing through a plurality of paths in a secure way implemented via proprietary quantum authentication processes, but also detecting and reacting to a malicious behavior within a transmission in time.

Abstract: Methods, systems, and devices for wireless communications are described for physical layer signature feedback to enhance security in wireless communications. A user equipment (UE) and a network entity may apply a physical layer signature, such as an artificial physical layer impairment, to one or more physical layer signals that may be measured to identify a physical layer signature of the associated physical layer signal. The UE, upon receipt of a physical layer signal, may check if the identified signal includes a physical layer signature of a set of valid physical layer signatures. If the received physical layer signature matches a valid physical layer signature, the UE may operate in accordance with procedures associated with the signal. If the received physical layer signature does not match a valid physical layer signature, the UE may transmit a message to the network entity that indicates an unmatched physical layer signature.

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

Abstract: Techniques are presented for physically incapacitating data storage functionality of a computer data storage device for preventing access of data stored on the device. A security breach can be detected of a device housing a component communicable with a computer and where digital data is storable on the component. A mechanism can be activated for physically disabling the component in the device, in response to the detecting of the security breach. The incapacitating of the component can be a result of the mechanism physically contacting the component, in response to the activation of the mechanism, and the incapacitating of the component renders digital data stored on the component unretrievable by a computer.

Abstract: This disclosure describes systems and techniques for using controlling access to user information using ephemeral user identifiers. In one aspect, a method includes determining, for a given domain, engagement by a user with content provided by the given domain for display by an application at a client device of the user. A determination is made, based on the engagement by the user, to extend, for the given domain, a linkage between user identifiers for a user of the application. In response to determining to extend, for the given domain, the linkage between the user identifiers for the user of the application, one or more future domain-specific ephemeral user identifiers for the user and the given domain are obtained. An attestation record that includes a current domain-specific ephemeral user identifier and the one or more is generated and sent to the given domain.

Abstract: The present disclosure relates to a method for providing a service for security of a web-browser-based content which increases security of an original content by inserting garbage characters into a text constituting an HTML-based original content, which can be opened through a web browser, to secure the original content, and by enabling only authenticated functions to be executed when calling functions for removing the garbage characters and performing functions related to the original content. The present disclosure, without installing a specific program linked to the web browser, can easily prevent a user who does not have the right to open an original content on a web browser from abnormally accessing the original content by constructing a certain function which is not authenticated. Thereby a copyrighted product infringement for a web browser-based original content can be prevented.

Abstract: Examples of file analytics systems are described that may obtain metadata data and events data from a virtualized file server. The file analytics systems may detect one or more events from the events data matching a criteria indicating malicious activity. The file analytics systems may validate the detection of malicious activity. The validation may be performed by comparing the file type, such as the MIME type, of sample files before and after the suspected malicious activity. The systems may recover a share of the distributed file server including the one or more affected files by replacing the one or more affected files with stored versions of the one or more affected files from a snapshot of the share taken prior to the detected malicious activity.

Abstract: Methods, systems, and computer-readable storage media for verification of identity of individuals based on images obtained by two cameras. A first stream of images of an individual are obtained from a first camera. Gamma correction is applied to images of the first stream of images. A second stream of images of the individual is obtained simultaneously with the first stream of images from a second camera, where gamma correction is not applied to images of the second stream of images. An identity of the individual is verified by providing the first stream of images and the second stream of images for independent automated matching with an authentication image. The authentication image is an image of the individual from a verified source.

Abstract: A zero-watermarking method and device for BIM data, and a medium are provided, which relate to the field of watermarking information security technologies. Aiming at existing zero-watermarking method for the BIM data cannot resist primitive attacks, vertical stability of a model is used to construct a mapping relationship between primitive clusters and watermarking bits, calculate norms of primitives in each primitive cluster of the primitive clusters, take positivity and negativity of norm skewness measurement of the primitives as eigenvalues to construct a binary sequence, and performs an XOR process on the binary sequence and an original watermarking sequence to construct the zero-watermarking for the BIM data. Experimental results indicate that the zero-watermarking method has uniqueness, robustness and security.

Abstract: A method including obtaining, by a virtual private network (VPN) server, an initial operating system from a memory associated with the VPN server; transmitting, by the VPN server while executing the initial operating system, a request to obtain a VPN operating system to enable the VPN server to provide VPN services; receiving, by the VPN server based at least in part on transmitting the request, the VPN operating system; and executing, by the VPN server, the VPN operating system to provide the VPN services based at least in part on storing the VPN operating system on a volatile memory associated with the VPN server is disclosed. Various other aspects are contemplated.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Embodiments herein provide a method for determining whether a base station is genuine or rouge in a wireless network. If a received authentication key matches with the authentication key generated in the UE, the method includes identifying a base station as genuine base station and carrying out a normal procedure. If the received authentication key does not match with the generated authentication key, the method includes identifying the base station as a rouge base station.

Abstract: A physical object having a programmable, electronically readable tag can be identified and tracked in a given third party system with the aid of an identity services platform. When the owner of the object is about to place it in the custody of a third party system, the owner can use a client device to instruct the identity services platform to generate a nonce, for programming into the object's tag. Devices in the third party system read and use the nonce to identify and track the object and to make decisions about how it is handled. When the object exits from the control of the third party system for return to the owner, the identity services platform is asked to provide a proof of ownership to the third party system, which enables accurate return of the object to its proper owner.

Abstract: An Internet Protocol (IP) address assignment method in a cloud-based multi-tenant system for assigning unique IP addresses to a plurality of client devices of a plurality of users. Network traffic including a data request from a client device to a cloud provider via an ingress tunnel is monitored by a mid-link server. A user of the client device is identified from the data request. A policy is identified based on the tenant of the user and a plurality of applications for the client device. An IP address is assigned to the client device of the user based on the policy. Each client device is assigned a unique IP address. The network traffic egresses via an egress tunnel from the mid-link server. The data request is routed from the client device to the cloud provider using the IP address of the client device.