Abstract: A method for creating a secure channel for updating a digital currency hardware wallet application: upon receiving a security operation execution instruction, obtaining a public key and a certificate number of a host computer from within the security operation execution instruction, obtaining a corresponding certificate of the host computer according to the certificate number, and verifying the certificate of the host computer using the public key of the host computer; when receiving a verification instruction, obtaining the public key of the host computer according to a key version number and a key ID in the verification instruction, generating a receipt according to a temporary public key of the host computer, the public key of the host computer and a generated session key which are in the verification instruction, and sending the receipt to the upper computer; upon receiving the application update instruction, using the session key to decrypt application data ciphertext in the application update instructio

Abstract: Provided in the present disclosure are an electronic device and a control method therefor. An electronic device of the present disclosure comprises a memory in which a kernel and at least one application are stored, and a processor, which generates a first rule for determining a time at which the application calls a system in order to execute a process, determines, on the basis of the first rule, whether the application corresponds to an application for which security is verified, and generates a second rule for skipping an audit on the basis of a plurality of pre-defined rules, if the application corresponds to the application for which security is verified.

Abstract: Systems, computer-readable media, and methods for improving data privacy/anonymity and data value, wherein data related to a data subject can be used and stored, while minimizing re-identification risk by unauthorized parties and enabling data related to the data subject to be disclosed to an authorized party by granting access only to the data relevant to that authorized party's purpose, time period, place, and/or other criterion via the obfuscation of specific data values. The techniques described herein maintain this level of privacy/anonymity, while still empowering Data Subjects, e.g., consumers or customers of such authorized parties, by enabling them to request or specify their desired level of engagement with various business entities. Data Subjects may then receive privacy-respectful, trusted communication, e.g.

Abstract: A data communication network serves a user application in User Equipment (UE) over a Virtual Private Network (VPN) Gateway (GW), Application Function (AF), and Network Exposure Function (NEF). The user application in the UE transfers user data to a VPN application in the UE. The VPN application in the UE transfers the user data over a VPN to the VPN-GW for delivery to the NEF. The VPN-GW receives user data over the VPN and transfers the user data to the AF for delivery to the NEF. The AF receives the user data for delivery to the NEF and generates an Application Programming Interface (API) call with the user data. The AF transfers the API call to the NEF. The NEF receives the API call and responsively exposes the user data. The user data may comprise user signaling, and the UE may exchange user data with external systems over the VPN GW responsive to the user signaling.

Abstract: A method includes monitoring web traffic until a threshold of network traffic is collected. The method further includes determining a number of location characteristics corresponding to the network traffic. The method further includes monitoring traffic information corresponding to the number of location characteristics until a threshold of traffic information is collected. The method further includes determining a number of location content flags corresponding to the traffic information. The method further includes generating, by a processing device, a location profile based on the number of location characteristics and the number of content flags. The method further includes blocking impermissible web traffic from reaching a client device based on the location profile.

Abstract: A method for enforcing entitlements includes configuring a wide variety of entitlements at a server; determining applicable combination of entitlements for a given client request; sending entitlements to the requesting client securely; handling entitlement information securely on a plurality of client devices at run time; storing entitlement information securely on a plurality of client devices for offline use; and enforcing entitlements on a plurality of client devices. The method employs manipulation of manifest files by a proxy that may be included in the client device or located in the network.

Abstract: Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

Abstract: A method of establishing security monitoring functionality on a device on retail display includes obtaining, by a processor of a server computer, a mobile device management (MDM) startup message from the device, determining, by the processor, whether the device is enrolled for MDM supervision, and if the device is enrolled for the MDM supervision, downloading, by the processor to the device, configuration data to support the MDM supervision and implementation of the security monitoring functionality.

Abstract: The present invention provides a security system, and methods useful for vehicle CAN bus communication mapping and attack originator identification, comprising: a CAN Bus Monitor, (CBM), configured to monitor the CAN bus communication comprising one or more frames, to and/or from at least one Electronic Control Unit, (ECU); a characterization module in communication with the CBM, configured to generate at least one characteristic for the monitored communication from each the ECU and at least one characteristic for each communication frame; (c) a comparator unit in communication with the characterization module, configured to compare one or more the characteristics of at least one frame against characteristics of each the ECU communication in order to detect at least one anomaly; and, (d) one or more Identification module in communication with the comparator, configured to identify at least one ECU originating an attack on the CAN bus.

Abstract: A computer system can automatically generate a directed graph interface for use in detecting and mitigating anomalies in entity interactions. For example, the system can receive interaction data describing a set of interactions at two entities. The system can then generate a directed network graph based on the interaction data. To do so, the system can identify pairs of interactions associated with the two entities in the set of interactions. The system can classify the pairs of interactions as outbound and/or inbound interaction pairs. The system can then generate one or more directed links in the directed network graph to represent the outbound and/or inbound interaction pairs. The system can further determine a characteristic of the outbound and/or inbound interaction pairs, automatically detect an anomaly that may be suggestive of malicious activity by one or both entities based on the characteristic, and output an indicator of the detected anomaly.

Abstract: In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.

Abstract: In some examples, an analyzer manager configured to select one of a program code analyzer, a static data analyzer, and an unused memory location analyzer for malware detection within memory of a system. The program code analyzer can be executed to evaluate instruction data for executing a computer program at a first set of memory locations within the memory for malware in response to being selected by the analyzer manager. The static data analyzer can be executed to evaluate static data for use by the computer program at a second set of memory locations within the memory for the malware in response to being selected by the analyzer manager. The unused memory location analyzer can be executed to evaluate null data indicative of unused memory locations at a third set of memory locations within the memory for the malware in response to being selected by the analyzer manager.

Abstract: A System and Method is provided that enable identifying cyber security attacks using observation and monitoring of end point activity. By following and monitoring the wireless connection related activities of endpoint devices as they cycle through various steps leading to establishing a connection to the secure network, a knowledge base is established in the cloud by analysis of the actions, and communication to build the confidence that the users of the network are where they should be. In one embodiment, no access is provided until a user presents valid credentials. Based on these credentials the network then builds a specific path based on access controls, tunnels or other techniques to control the user’s communication and access to specific targets within the network.

Abstract: A method for execution by an analysis unit includes obtaining a collection of data for a particular evaluation of a system aspect. The method further includes acquiring data analysis parameters regarding the particular evaluation of the system aspect. The method further includes determining one or more evaluation perspectives based on the data analysis parameters. The method further includes determining one or more evaluation modalities based on the data analysis parameters. The method further includes determining one or more evaluation metrics based on the data analysis parameters. The method further includes evaluating the collection of data in accordance with the one or more evaluation metrics, the one or more evaluation perspectives, and the one or more evaluation modalities to produce one or more evaluation outputs.

Abstract: Techniques for threat scanning transplanted containers are described. A method of threat scanning transplanted containers may include generating a container map of running containers on a block storage volume mounted to a scanning instance of a threat scanning service, scanning the block storage volume by a scanning engine of the scanning instance, identifying at least one threat on the block storage volume, and identifying at least one container associated with the at least one threat using the container map.

Abstract: A method for execution by an analysis unit includes obtaining a collection of data for a particular evaluation of a system aspect. The method further includes acquiring data analysis parameters regarding the particular evaluation of the system aspect. The method further includes determining one or more evaluation perspectives based on the data analysis parameters. The method further includes determining one or more evaluation modalities based on the data analysis parameters. The method further includes determining one or more evaluation metrics based on the data analysis parameters. The method further includes evaluating the collection of data in accordance with the one or more evaluation metrics, the one or more evaluation perspectives, and the one or more evaluation modalities to produce one or more evaluation outputs.

Abstract: A method, performed by one or more processors, including receiving a plurality of system event records; processing the plurality of system event records using a set of event detectors to determine that a suspicious system event has occurred; sending, to a client device, a plurality of properties associated with the suspicious system event; receiving, from the client device, a selection indicator indicating a selected one or more properties of the plurality of properties; generating one or more new event detectors based on the selected one or more properties; and adding the one or more new event detectors to the set of event detectors.

Abstract: A method for execution by an analysis unit includes obtaining a collection of data for a particular evaluation of a system aspect. The method further includes acquiring data analysis parameters regarding the particular evaluation of the system aspect. The method further includes determining one or more evaluation perspectives based on the data analysis parameters. The method further includes determining one or more evaluation modalities based on the data analysis parameters. The method further includes determining one or more evaluation metrics based on the data analysis parameters. The method further includes evaluating the collection of data in accordance with the one or more evaluation metrics, the one or more evaluation perspectives, and the one or more evaluation modalities to produce one or more evaluation outputs.

Abstract: Systems and methods for authenticating requests to use an Application Programming Interface (“API”) are described. In some embodiments, a request to use an API is received. Based on a comparison of the request to use the API with a pattern of activity associated with the client, a determination is made whether the client deviates from an expected behavior. Once a determination that the client deviates from the expected behavior is made, an authentication challenge is generated and issued. In some embodiments, the comparison of the request to use the API with a pattern of activity involves comparing transactional attributes of the request to use the API with past client behavior.

Abstract: An access point for a private network onboards a wireless device obtaining a connection request from the wireless device and detecting a standardized identifier that indicates the wireless device is unprovisioned for access to the private network. The access point disables an authentication protocol for granting access to the wireless device on the private network and limits access of the private network by the wireless device to accessing a provisioning server. The access point provides a connection response to the wireless device that indicates limited access to the private network.