Abstract: A method may include transmitting, from a browser application of a client system, a request for a webpage to a server system using a general execution environment of the client system; receiving the webpage, the webpage including a secure execution request to execute a computation in a trusted isolated execution environment of the client system; in response to the secure execution request, establishing a secure enclave within the trusted isolated execution environment with respect to the browser application; receiving, within the trusted isolated execution environment, an attestation request from the server system for an attestation associated with the secure enclave; transmitting, from the trusted isolated execution environment, an attestation response based on a physical property of a processing unit in the client system; subsequent to transmitting the attestation response, receiving, from the server system, a data file; and storing the data file in the secure enclave.

Abstract: A method for associating and authenticating a station (STA) with a coordinated access point (AP) group may include generating a pairwise master key (PMK) between the STA and a coordinator of the coordinated AP group, and maintaining an association and authentication state between the STA and the coordinated AP group based on the PMK. The method may further include generating one or more temporal keys between the STA and the coordinator based on the PMK. The method may further include distributing the PMK from the coordinator to a first member AP and a second member AP of the coordinated AP group. The method may further include generating a first temporal key between the STA and the first member AP, and generating a second temporal key between the STA and the second member AP.

Abstract: A fraud detection system obtains a number of known fraudulent end-user profiles and/or otherwise undesirable end-user profiles. Using statistical analysis techniques that include clustering the end-user profiles by attributes and attribute values and/or combinations of attributes and attribute values, the fraud detection system identifies on a continuous, periodic, or aperiodic basis those attribute values and/or attribute value combinations that appear in fraudulent or otherwise undesirable end-user profiles. Using this data, the fraud detection system generates one or more queries to identify those end-user profiles having attribute values or combinations of attribute values that likely indicate a fraudulent or otherwise undesirable end-user profile.

Abstract: An example computing platform is configured to detect a request on behalf of a given user, the request comprising a parameter of a given type; determine that the parameter requires a permission verification; apply to the request a verification status indicator that indicates whether or not a permission verification has been successfully performed for the given user with respect to the parameter; perform a permission verification for the given user with respect to the parameter; either (i) leave the verification status indicator set to a first value if the given user does not have permission to embed scripts into the given type of parameter, or (ii) update the verification status indicator from the first value to a second value if the given user has permission to embed scripts into the given type of parameter; and grant or deny the request based at least in part on the verification status indicator.

Abstract: A wireless system can be used to authenticate a user device via proximity information of wireless network devices. The system can include the user device, the wireless network devices, and a server. At least some of the wireless network devices can be wirelessly connected to the user device and at least some other wireless network devices can be wirelessly unconnected to the user device. The server can use proximity information about the user device with respect to the wireless network devices to authenticate a user.

Abstract: Methods and systems for authenticating devices using 3GPP network access credentials for providing MEC services. A device is configured to receive MEC services from an EAS through 5G S A or NSA architecture. The device is authenticated by an ECS, which involves validating a MAC generated by the device. The MAC is validated using an edge authentication key, which is generated based on 3GPP network access security credentials of the device. The device is authorized by an EES to receive MEC services, which involves successful registration of the device with the EES and the EES providing credentials to the device for accessing an EAS providing desired MEC services. The EAS provides the desired MEC services to the device if the device provides credentials to the EAS, which are same as those provided to the device by the EES.

Abstract: Mitigation of return stack buffer side channel attacks in a processor. Detecting a side channel attack or a fault in a return from a function call in the processor includes receiving a return exception level indication (or e.g., a return security level indication) indicating the exception level associated with the return and comparing the exception level associated with the return to the exception level (or security level) associated with the return address. The return exception level indicator may be received in conjunction with a return indication. The processing circuit accesses the first entry of the return stack buffer, which indicates the return address of the function call, and also accesses an exception level associated with the return address. The processing circuit compares the exception level associated with the return address to the exception level associated with the return to determine whether to use the return address in a prediction of instruction flow.

Abstract: Information relating to a non-qualified digital identifier in a context of a digital service being provided is received. The non-qualified digital identifier is associated with one or more qualified digital identifiers. It is determined that the one or more qualified digital identifiers would be authorized for the digital service. The non-qualified digital identifier is authorized to access to the digital service as a result of the association of the nonqualified digital identifier with the one or more qualified digital identifiers.

Abstract: Methods, system, and non-transitory processor-readable storage medium for a policy proposal system are provided herein. An example method includes applying at least one policy to data stored on a storage system to identify matched data, where the matched data is data to be moved from the storage system to a secondary storage system. The policy proposal system identifies unmatched data stored on the storage system, where the unmatched data is data that is not identified as the data to be moved from the storage system to the secondary storage system. The policy proposal system trains a machine learning system with the matched data and the unmatched data. The policy proposal system predicts at least one new policy, where application of at least one new policy identifies at least a subset of the unmatched data to be moved from the storage system to the secondary storage system.

Abstract: The present disclosure provides solutions to registration and discovery of NFs in the vertical 5G networks, at the operator network, as well as handling tasks such as authentication of connecting end terminals at the operator network level. In one aspect, a method includes receiving, at network controller of an operator network and from an end terminal, a request for access to a network function (NF) of a vertical network, the request including a type of the NF in the vertical network; authenticating, at the network controller, the end terminal; upon authenticating the end terminal, identifying, at the network controller, the NF requested by the end terminal based at least on the type of the NF included in the request; and facilitating, by the network controller, access to the NF in the vertical network by the end terminal.

Abstract: An authentication request message from a user conducting an interaction at a resource provider computer is received. It is determined that data representing an indication that the resource provider is trusted by the user and including a trusted marker is present in a database. Authentication to the user is provided, and information indicating that the user has been authenticated and the trusted marker are sent so that authorization request message for the interaction that includes the trusted marker is generated. The trusted marker is validated, and the authorization request message including information related to the interaction and the validated trusted marker is sent to an authorizing entity computer.

Abstract: A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.

Abstract: An interactive sports apparel that includes a scannable code forming part of the apparel, and a server configured to simultaneously deliver static media content and streaming media content to content placeholders residing on a scanner that scans the code on the apparel. The static and streaming media each have content based on proximity of the scanner to the apparel, and a user profile associated with the scanner.

Abstract: Methods and systems for managing the operation of data processing systems are disclosed. The data processing systems may provide computer implemented services to any type and number of other devices and/or users of the data processing systems. To improve the likelihood of the data processing systems being able to provide the computer implemented services, a system may proactively attempt to identify and remediate attempts to limit access to data stored in the data processing systems. To do so, multiple layers of monitoring may be deployed to the data processing systems. A first deployed layer of monitoring may identify information regarding encryption types and/or characteristics of encryption being performed. A second deployed layer of monitoring may identify telemetry for storage devices on which data subject to encryption is deployed. The information collected via theses layers may be used to infer whether any encryption being performed is authorized or unauthorized.

Abstract: An apparatus for validating a rendered object using non-fungible tokens comprises a processor associated with a server. The processor is configured to determine one or more parameters associated with a rendered object in a virtual environment, wherein the rendered object is a visual display operable for engagement in an interaction within the virtual environment. The processor is further configured to generate a non-fungible token (NFT) for assignment to the rendered object and to receive a request to establish an interaction session to conduct an interaction between a first avatar associated with a first user and the rendered object. The processor is further configured to receive a request to validate the generated NFT and to conduct the interaction between the first avatar and the rendered object in response to validating the generated NFT.

Abstract: Embodiments provide methods and systems for verifying digital data. A method performed by server system to verify the digital data is disclosed. A request is received to verify information associated with a user. The request includes the credentials of the user for a digital platform. It is determined whether the information is present in a database associated with the digital platform. The information is verified by comparing the information with datasets stored in the database upon determining that the information is present in the database. Thereafter, a report is generated based on the verification. The report includes an output of the verification.

Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Abstract: An electronic device includes a control unit and a communication unit that is capable of communicating with a power supply device. The control unit determines whether or not a predetermined message relating to an authentication communication is received from the power supply device via the communication unit, and controls the electronic device to limit operation of the electronic device in a case where the predetermined message is received from the power supply device via the communication unit.

Abstract: Provided is a method to operate a secure chip card for connecting to a user equipment operating in a cellular network comprising a plurality of network slices, wherein for at least one network slice a slice authentication server is operational, the secure chip card comprising a secured memory with at least one slice authentication application.

Abstract: A system for verifying unique components are installed in an end user information handling system comprises a manufacturing facility collecting component information into a data structure, encrypting the data structure, creating a secured component verification (SCV) certificate, signing the SCV certificate and communicating the SCV certificate to a repository, the repository storing the signed SCV certificate. A copy of the signed SCV certificate is saved onto the information handling system. When the information handling system is delivered, the copy of the SCV certificate is compared with the SCV certificate stored in the repository. If they match, the information handling system is verified. If a unique component is replaced, a delta certificate is created and stored with the original SCV certificate in the repository such that all changes to unique components in the information handling system are tracked.