Abstract: Boot status markers record historical boot processes performed by a computer system. Each time the computer system boots, an operating system performs a boot process and interfaces with an antimalware driver. The antimalware driver determines the boot status markers that were set during previous boot processes. The antimalware driver may then classify other drivers based on the boot status markers set during the previous boot processes. The antimalware driver may then report driver classifications to the operating system. The operating system may then block, or allow, the drivers based on the driver classifications.

Abstract: Systems and methods for prioritization of reported messages and rewarding reporting users are disclosed. The systems and methods leverage knowledge and security awareness of the most informed users in an organization to protect an organization from serious harm from new malicious messages, give credit to the most informed users, and optimize threat triage and analysis. The system converts a reported malicious message to a defanged message. The system communicates the defanged message to a plurality of users. The system determines an impact score for the user based on interactions with the defanged message by the plurality of users, and with the impact score gives credit to the reporter and optimizes threat triage and analysis.

Abstract: The information providing system includes a mobile terminal and a server device that communicates with the mobile terminal. The mobile terminal includes: a sensor that reads a facility ID used to identify at least one facility; and a communication device that transmits, to the server device, the facility ID read by the sensor and a user ID used to identify a user of the mobile terminal. The server device includes: a memory that stores a plurality of types of facility-related information; a processor that extracts, from the plurality of types of facility-related information stored in the memory, facility-related information corresponding to the facility ID and the user ID transmitted from the mobile terminal; and a communication device that transmits, to the mobile terminal, the facility-related information extracted by the processor. The mobile terminal includes a display on which the facility-related information transmitted from the server device is displayed.

Abstract: Systems and techniques are provided for establishing a connection. For instance, a process may include receiving, by a first root of trust (C-ROT) of a first chiplet of a plurality of chiplets from a second C-RoT of a second chiplet, a second certificate along with security state information and debug information for the second chiplet; authenticating a security state and a debug state of the second chiplet based on the security state information and the debug information; authenticating the second certificate; and establishing a security boundary with the second chiplet.

Abstract: Embodiments of the present disclosure relate to wireless communication in an IAB network. According to some embodiments of the disclosure, a method may include: ciphering an uplink (UL) packet with a cipher configuration associated with a destination of the UL packet, wherein the UE is connected to a first integrated access and backhaul (IAB) donor and a second IAB donor via an IAB node, and the destination of the UL packet is either the first IAB donor or the second IAB donor; providing the ciphered UL packet with the destination of the UL packet; and transmitting the ciphered UL packet to the destination of the UL packet via the IAB node. By employing the solutions in the present disclosure, a UE can determine that the DL packet is from which IAB donor and thus can process the DL packet accordingly. Moreover, an IAB node can determine that the UL packet is to which IAB donor and can route the UL packet to the corresponding IAB donor.

Abstract: The present disclosure relates to an authentication method. An example method includes: a first authentication device obtaining first signal feature information according to a first wireless signal sent by a second authentication device, receiving second signal feature information from the second authentication device, and determining whether authentication is successful according to the first signal feature information and the second signal feature information.

Abstract: The present disclosure describes a system and method for secure energy harvesting. An access point includes a memory and a processor communicatively coupled to the memory. The processor receives, from a wireless device, a token and an identifier for a first access point that generated the token and requests the first access point to validate the token. The processor also, in response to the first access point validating the token, wirelessly communicates a first charging frame to the wireless device.

Abstract: Systems, methods, and computer-readable storage media for compliance verification and validation of cyber resilience in a distributed entity or third-party network (DETPN). Some methods can include generating or identifying, by one or more processing circuits, one or more compliance parameters for a plurality of entities or third-parties on the DETPN. Some methods can include determining, by the one or more processing circuits, at least one compliance level. Some methods can include receiving or identifying, by the one or more processing circuits, environmental data of the DETPN. Some methods can include determining, by the one or more processing circuits at a second timing phase, an updated at least one compliance level for at least one of the plurality of entities or third-parties based at least on the environmental data. In some implementations, some methods can include generating and storing, by the one or more processing circuits, one or more tokens.

Abstract: A secured virtual container is enabled to securely store personal data corresponding to a user, where such data is inaccessible to processes running outside the secured virtual container. The secured virtual container may also include an execution environment for a machine learning model where the model is securely stored and inaccessible. Personal data may be feature engineered and provided to the machine learning model for training purposes and/or to generate inference values corresponding to the user data. Inference values may thereafter be relayed by a broker application from the secured virtual container to applications external to the container. Applications may perform hyper-personalization operations based at least in part on received inference values. The broker application may enable external applications to subscribe to notifications regarding availability of inference values. The broker may also provide inference values in response to a query.

Abstract: Systems and methods that provide NAS security protection for mobile networks. In one embodiment, a network element of a mobile network performs a NAS procedure in multiple phases to establish a NAS communication session with User Equipment (UE) when no NAS security context exists. For a first phase, the network element receives an initial NAS message from the UE populated with a subset of NAS protocol Information Elements (IEs) designated for security-related handling, selects a NAS security algorithm for the NAS security context, and sends a response to the UE that indicates the NAS security algorithm. For a second phase, the network element receives a subsequent NAS message from the UE having a NAS message container that contains the initial NAS message populated with each of the NAS protocol IEs for the NAS procedure, and decrypts the NAS message container of the subsequent NAS message using the NAS security algorithm.

Abstract: According to an embodiment, an image forming apparatus forms an image on paper on the basis of image data. A processor of the image forming apparatus performs authentication and authorization with an authorization server to acquire a token and then stores the token in a storage device. When transmitting and receiving an e-mail, the processor of the image forming apparatus transmits and receives an e-mail to and from a mail server by using the token read from the storage device.

Abstract: The present invention provides a WAPI trusted wireless local area network device, and relates to the field of WAPI local area network devices. The WAPI trusted wireless local area network device includes a data obtaining module, an information obtaining module, a key module, an encryption module, a data transmission module, a data receiving module, a decoding module, a storage module, a data check module, an alarm module, and a data output module. Different keys are generated based on a sending time of initial data, primary encryption is performed on the initial data by using a key, and then secondary encryption is performed based on a preset encryption protocol. The key has a self-updating ability according to the time, which can make an encryption manner of each group of initial data different, and improve the security of data transmission.

Abstract: Systems and methods are provided for obtaining policy data associated with a private network implemented at least partly within a cloud provider network; establishing, based on the policy data, a first segment within the private network, wherein in a first geographic region of the cloud provider network, traffic associated with the first segment is isolated from traffic associated with a second segment of the private network, and wherein in a second geographic region of the cloud provider network, traffic associated with the first segment is isolated from traffic associated with a third segment of the private network; obtaining metadata indicating an isolated network of the cloud provider network is associated with the first segment; and enabling the isolated network to communicate, over the first segment, across the first geographic region and the second geographic region.

Abstract: The disclosure provides improved methods and systems for processing, storing, sharing, retrieving, writing, and accessing data (content) on a blockchain. In particular, improved efficiency and also enhanced access control permissions are provided. An embodiment of the present disclosure comprises the step of processing at least one blockchain transaction (Tx) comprising: a protocol flag; a discretionary public key (DPK); and a discretionary transaction ID (DTxID). These are discretionary in the sense that they are not required as part of the underlying blockchain protocol but in accordance with the present disclosure. This combination of features enables portions of data to be identified, retrieved, and shared on a blockchain, and also to be linked/associated with one another when provided in a plurality of transactions. It enables a graph or tree-like structure to be constructed, which reflects the hierarchical relationships between portions of data, facilitating their processing, searching, and sharing.

Abstract: A biometric identification system may store biometric data for later assessment. Data storage parameters, such as cryptographic keys used to encrypt and decrypt the biometric data, may be determined based on the biometric data. In one implementation, the biometric data comprises embedding data in an embedding space. During enrollment and storage, the embedding data is assessed to determine nearest anchor data in the embedding space. Cryptographic parameters, such as an encryption key, are determined based on “k” anchor data that are within a threshold distance of the embedding data in the embedding space. During query, query embedding data is similarly processed to determine cryptographic parameters, such as a decryption key. The decryption key may then be used to attempt decryption of the encrypted at-rest biometric data. If successful, the decrypted biometric data may then be compared to the query embedding to assert an identity.

Abstract: A method may include receiving from a first computing device, metadata that includes a suspected malicious activity indicator and a device identifier associated with the indicator; receiving, from a second computing device, log activity data; matching the device identifier included in the metadata to a device identifier in the log activity data; and based on the matching, transmitting an alert identifying the second computing device as a source of the suspected malicious activity.

Abstract: A method, a non-transitory computer-readable medium, and a multifunction printer (MFP) that generate a signed digital document from a document generated by the multifunction printer. The method includes displaying a third-party screen for a third-party scan or fax workflow; switching to a multifunction printer vendor signing screen and obtaining signing settings for the generation of the signed digital document; calculating a document hash of the generated document using a cryptographic hashing algorithm; sending a digital signing request to a signing server, the digital signing request including the document hash of the generated document and an authenticated account identity of a user; receiving a digital signature and a public digital signing certificate for the user from the signing server; generating the signed digital document by embedding the digital signature and the public digital signing certificate of the user into the generated document; and switching to the third-party screen for the workflow.

Abstract: In some implementations, a device may obtain registration information, associated with an account, including one or more training handwriting samples of a user. The device may detect an initiation of an event associated with the account. The device may provide, to a terminal device associated with the event, the one or more authentication prompts to cause the terminal device to provide the one or more authentication prompts while the event is pending. The device may obtain, from the terminal device, one or more handwriting samples in response to the one or more authentication prompts. The device may determine, using a machine learning model, whether the user is associated with the event based on whether the one or more handwriting samples are in a handwriting of the user. The device may authenticate the event based on determining whether the one or more handwriting samples are in the handwriting of the user.

Abstract: A block of data is provided from a verifier module to an authenticator module, the size of the block being correlated with one or more desired characteristics of the authenticator module. The verifier module receives a response from the authenticator module, the response comprising data result derived from a calculation involving the challenge value and the block of data. The verifier module verifies whether the response is indicative of the one or more desired characteristics of the authenticator module.

Abstract: A method comprises a token requestor computer transmitting a first authorization request message comprising a token and first cryptogram for authorization of an interaction to a server computer. The token requestor computer receives a first authorization response message comprising a response code from the server computer, then generates a cryptogram request message comprising the token or a token identifier and the response code. The token requestor computer transmits the cryptogram request message to a token provider computer, which generates a second cryptogram. The token requestor computer receives the second cryptogram and credential and generates a second authorization request message comprising the second cryptogram and the credential. The token requestor computer transmits the second authorization request message to the server computer. A second authorization response message is received from the server computer in response to the second authorization request message.