Abstract: Methods and systems are provided for a multi-factor authentication technique that includes inputs of a physical key possessed by the user as a factor. Such a key may be a physical object that the user possesses and that includes truly random features not easily reproducible. The key may be custom to the user and may include inclusions or anomalies that affect a signal transmitted through the key. Such effects may impart a unique effect on signals transmitted through the key, producing a unique fingerprint to identify whether the key is authentication. An input from the user may be an additional factor within the authentication process.

Abstract: A facility controlling a communication device to create a disconnected ad hoc network and then to rejoin an internetwork is described. The communication device makes a direct or indirect wireless connection with a participant in a network in which the communication device was formerly a participant. In response to making the connection, the communication device: (1) communicates with a registration authority of the network to synchronize a provisional registration authority state established by the first communication device during a period after the communication device was formally a participant in the network and before the connection was made; and (2) communicates with a security authority of the network to synchronize a security authority state established by the communication device during the period.

Abstract: A method and a system for dynamically scanning, filtering, and blocking harmful database queries that would otherwise consume significant resources and adversely impact overall system performance are provided. The method includes: receiving a user request for data from a database, the first request including a query; applying database access rules to the query in order to determine whether the query is potentially harmful; when the query is determined as not potentially harmful, forwarding the request to a server configured to respond to the request; and when the first query is determined as being potentially harmful, transmitting a warning message to the user. The database access rules may include a maximum memory consumption rule and a maximum CPU consumption rule. Machine learning techniques are used for adjusting the database access rules based on historical data.

Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.

Abstract: An electronic device is disclosed that includes a camera, a display, and a processor.

Abstract: Systems and methods for operating a cryptographic system. The methods comprise: obtaining ciphertext by the cryptographic system; performing operations by the cryptographic system to determine whether a given sequence of values exits within the ciphertext; and synchronizing the cryptographic system with another cryptographic system using the ciphertext as a bitrate portion of an initialization value for a cryptographic algorithm and zero as a capacity portion of the initialization value for the cryptographic algorithm, when a determination is made that the given sequence of values exist within the ciphertext.

Abstract: Methods, systems, and devices for security descriptor generation are described. An end device may be authenticated based on a certificate and a device key based on a security descriptor. The security descriptor may be generated based on publicly-available information such as time of day information, geographical information, or a default set of information. The security descriptor may be used for generation of a certificate accessible by a server used for authenticating the device and also may be used by an end device to generate a device key for verification by the server authenticating the device.

Abstract: A communication system configured to provide blockchain-driven certification of iterative electronic communications such as e-mail-based communications. The system provides blockchain-driven certification by storing the hash of an e-mail thread in a blockchain each time the message or its elements are modified. This allows the system to verify whether or not the thread has been tampered with since it was last modified, when the last verified message was added to the thread. The system creates a baseline that is used towards creating trust certificates ensuring the recipients of such iterative electronic communications that the message has not been breached during its iterations that are shared between two or more parties, e.g., communications participants including senders and recipients.

Abstract: A touch-based method for user authentication includes a training stage and an authentication stage. The training stage includes: generating, by a touch interface, a plurality of training touch parameters; and generating, by a processor, a training heat map according to the plurality of training touch parameters. The authentication stage includes: generating, by the touch interface, a plurality of testing touch parameters; generating, by the processor, a testing heat map according to the plurality of testing touch parameters; comparing, by the processor, the testing heat map with the training heat map to generate an error map; and generating, by the processor, one of pass signal and fail signal according to the error map.

Abstract: A method and system for a one-time authentication interaction to conduct electronic financial transactions using a wearable smart ring device is described. In one embodiment, a method includes detecting, by a mobile device, that a wearable smart ring device is being worn by a user. The method also includes receiving, by the mobile device, authentication information associated with the user, and comparing the received authentication information with stored authentication information associated with the user. Upon determining that the received authentication information matches the stored authentication information, the wearable smart ring device is authorized to conduct electronic financial transactions. Additionally, the wearable smart ring device remains authorized to conduct electronic financial transactions as long as it is worn by the user. Once removed from the user's finger, the wearable smart ring device is de-authorized.

Abstract: In one embodiment, a management service for a network that is executed by one or more devices establishes a trust relationship with an entity associated with an endpoint in the network. The management service receives, via a Manufacturer Usage Description (MUD) file for the endpoint, an indication that the entity desires remote access to the endpoint in the network. The management service configures, based on the indication, the network to provide a remote access connection between the entity and the endpoint in the network. The management service provides, to the entity, credentials to the entity for the remote access connection.

Abstract: Device-side, translator functions may be authenticated by elements of a 5G core network before communications involving such functions are allowed to occur, or continue to occur.

Abstract: A computerized method for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway is disclosed. The computerized method includes operations of the controller of transmitting an authentication request to an identity provider based on receipt of a resource request from the VPN client, receiving an authentication response from the identity provider, generating an authentication token based on the authentication response and transmitting the authentication token to the VPN client, wherein the controller further stores the authentication token.

Abstract: The present disclosure provides systems, methods, and computer readable storage devices for validating that a software release has successfully completed multiple development stages of a development process without alteration. To illustrate, as software (e.g., one or more files or artifacts) completes at least a portion of a development process including the development stages, data components are generated. Digital signatures are generated based on the data components and a private key, and the digital signatures are stored in a secure data structure, such as a blockchain or a tree structure. Upon receipt of the data components (e.g., as validation data of a software release) by a node device, the node device generates validation signatures based on the data components and a public key and compares the validation signatures to the digital signatures stored in the secure data structure to validate the software before processing the software.

Abstract: A System Platform establishes a Genuine User ID (“GUID”) (based upon input received from an Identity Management Source), creates a user profile for an Intended User, generates a unique data set based upon input associated with the user profile and a digital device it has registered to the Intended User, which is securely provisioned on the digital device. The output of the GUID in combination with the output of an algorithm in a provisioning application enables the digital device to respond to Access Requests at an Access Point. The response from the genuine Intended User's application on their genuine digital device produces a unique data package which combines the GUID, a device ID for the digital device and the output of the algorithm using the payload obtained from one or more data management sources.

Abstract: A method for storing data on a storage entity (SE) includes: computing a file identifier for a file to be stored on the SE; checking if the file has already been stored using the file identifier; generating a user-specific private and public identifier, wherein generating the user-specific private identifier is based on using an oblivious key generation protocol between the client and a trusted entity, and wherein the user-specific private identifier is a deterministic private identifier; updating or computing tags of the file by the client such that the updating or computing is homomorphic in the user-specific private identifier and in parts of the file; and providing the user-specific public identifier, the updated tags and a proof of possession of the secret identifier to the SE to enable the SE to store information associated with the file.

Abstract: Provided are a method and an apparatus for analyzing a malicious code by accurately and rapidly analyzing source code extracted from a set of a plurality of malicious codes, calculating a first degree of complexity of each of a plurality of malicious code binaries, select a root binary initially generated, by using the calculated first degree of complexity, and inferring an evolutionary order of the plurality of malicious code binaries, except for the root binary, based on the calculated first degree of complexity and a degree of distance between the plurality of malicious code binaries.

Abstract: A system for utilizing behavioral features to authenticate a user entering login credentials. The system includes an electronic processor configured to receive a request to access a user account and compare behavioral features included in the request to behavioral features included in a user behavior profile associated with the user account. The electronic processor is also configured to, based on the comparison, generate one or more scores. The electronic processor is further configured to, for each of the one or more scores, compare the score to a predetermined threshold and, based on the comparison of the score to the predetermined threshold, adjust a match value. The electronic processor is also configured to compare the match value to one or more predetermined thresholds to determine whether the behavioral features included in the request to access the user account authenticates the user, does not authenticate the user, or is inconclusive.

Abstract: A routing device and an unauthorized communication coping device are provided. The routing device is a device that performs routing of a packet in conformance with a wireless communication protocol in a wireless communication section which is a communication section that connects a base station and a core network device, and the routing device performs network tapping on a packet as a routing target and transmits the network-tapped packet to the unauthorized communication detection device (the device that performs unauthorized communication determination which is determination of whether or not communication is unauthorized communication based on a packet).

Abstract: A private information detector for data loss prevention is described.