Abstract: Systems and methods of protecting an initial NAS message are described. Depending on whether a security context for a serving PLMN is stored, the UE uses either a public key from the serving PLMN or a key from the security context to encrypt parts of the initial NAS message. An initial NAS message containing the encrypted parts is then sent to an AMF of the serving PLMN. The serving PLMN public key is transmitted via a SIB. Prior to transmission of the initial NAS message or in parallel with it, an RRC message is sent to the base station. The RRC message contains the UE identifier and/or a NSSAI encrypted using the serving PLMN public key.

Abstract: A network based hyperlocal authentication system and method is described. After establishing communications between a gateway and a remote network component, and after establishing communications between a wireless client device and the remote network component, the wireless client device requests an exclusive local key from the remote network component. The remote network component generates and transmits the exclusive local key to the gateway. The gateway then transmits the exclusive local key to the client device application with a gateway short range gateway transceiver. The wireless client device receives the exclusive local key from the gateway and then requests and receives a cryptographic material from the remote network component. The wireless client device communicates with the remote network component with the exclusive local key, received from the gateway, and the cryptographic material, received from the network component.

Abstract: A command to load or unload data at a storage location is received. In response to the command, a storage integration object associated with the storage location is identified. The storage integration object identifies a cloud identity object that corresponds to a cloud identity that is associated with a proxy identity object corresponding to a proxy identity granted permission to access the storage location. The data is loaded or unloaded at the storage location by assuming the proxy identity.

Abstract: A cyber security risk assessment system is described. In an example implementation, the system may generate an input feature space including data associated with a computing system by collecting the data from a plurality of computer sources. The system may compute a likelihood of data-security breach incidents based on the input feature space using a first computer model, recognize events based on the input feature space using a second computer model, and determine a severity of the data-security breach incident or the event using a third computer model. In some instances, the system may generate risk factor scores based on the determined severity, data-security breach incident, and the event, where the risk factor scores indicate a computer security risk of a certain computer security aspect of the computing system. The system may then perform an action based on the risk factor scores.

Abstract: The subject matter describes devices, networks, systems, media, and methods to create secure communications between wireless devices and cellular networks, where the wireless devices communicate with the cellular networks via multi-hopping methods in wireless networks.

Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: A method for tracing function execution includes instantiating, by at least one hardware processor of a computing node, a user code runtime configured with access to an operating system (OS) kernel of the computing node. The user code runtime is configured with a first set of filtering policies associated with a first set of allowed system calls. The OS kernel is configured with a second set of filtering policies associated with a second set of allowed system calls. A system call initiated by the user code runtime is detected to violate one or both of the first set of allowed system calls and the second set of allowed system calls. A trace of the system call is initiated based on the detecting.

Abstract: Various example embodiments relate to identifying an electric vehicle charging station. An authentication method applicable with any electric vehicle charging station may be provided. In an embodiment, an alert or quarantine of an electric vehicle charging may be triggered based on invalid authentication. Advantageously, improved security may be provided for communication in a charging management system. A computing device, a method and a computer program are disclosed.

Abstract: Methods and systems are also described for an integrated cyber incident management system that may store native data corresponding to fields of cyber incident management system (or other non-integrated systems) and integration data (e.g., viewable through a user interface of the integrated cyber incident management system), which describes a relationship of the native data to the integrated cyber incident management system, at a structure node in the architecture of the integrated cyber incident management system. The structure node may correspond to the convergence of two structures in the architecture of the integrated cyber incident management system. Each structure may itself correspond to a native hierarchal relationship in a non-integrated cyber incident management system.

Abstract: A device may receive training data simulating different types of software-defined network (SDN) attacks or anomalies and may train a machine learning model with the training data to generate a trained machine learning model. The device may receive SDN data from multiple SDN controllers and multiple SDN devices of an SDN network and may perform natural language processing on the SDN data to clean the SDN data and generate clean SDN data. The device may process the clean SDN data, with the trained machine learning model, to identify an attack on the SDN network or one or more anomalies in the SDN data and may perform one or more actions based on the attack on the SDN network or the one or more anomalies in the SDN data.

Abstract: Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.

Abstract: Methods, systems, computer-readable media, and apparatuses for an authentication-based communication link with a peripheral device are presented. In some embodiments, the peripheral device receives, from a host device, and stores, in a memory of the peripheral device, registration data including, for instance, a user credential, a user identifier, and/or a device identifier. Upon a request to pair the peripheral device with the same or a different host device, the peripheral device requests and receives, from such a host device, authentication data including a user credential, a user identifier, and/or a device identifier. The peripheral device determines whether a match exists between the received authentication data and the registration data. If so, a communication link is established with the host device.

Abstract: An authentication system, a user information extraction apparatus, and a user information migration method. The authentication system acquires user information for authenticating a user who uses a device and transmits the acquired user information to the information processing system and the information processing system stores in one or more memory common user information for authenticating a common user who uses the device and another device different from the device, receives the user information from the user information extraction apparatus, and adds the received user information to the common user information stored in the one or more memory.

Abstract: A system for storing an object includes a card reader configured to receive a card from a user and to determine an identity of the user based on information on the card. The system also includes a secure storage area configured to store a plurality of physical boxes. The plurality of physical boxes includes a first physical box that is assigned to the user. The first physical box is configured to be dispensed from the secure storage area to the user outside of the secure storage area in response to the user requesting to physically receive the first physical box. Dispensing the first physical box includes moving the first physical box along a predetermined path in the secure storage area and presenting the first physical box for removal from the secure storage area.

Abstract: A plant control system and communication method are capable of immediately dealing with wrong address settings created due to a human error during the execution of an opening procedure. In the plant control system, a higher-level device and a plurality of communication terminal devices are connected to each other through a communication path. Prior to the start of communication, a communication opening process of sequentially transmitting a call signal from the higher-level device to the terminal devices and acknowledging response signals therefrom is executed, which is followed by sequentially transmitting a call signal from the higher-level device to the terminal devices and receiving response signals from the terminal devices. The communication terminal devices compare addresses of the response signals returned from the other terminal devices to the higher-level device against an address set for local terminal devices. If a duplicate address exists, communication from the local terminal device is locked.

Abstract: Disclosed herein are system, method, and computer program product embodiments for identity obscuration of a station (STA) connected to a wireless network to prevent the tracking of the STA. Embodiments include a STA configured to establish a security association with an access point (AP) based on an original long term identity for the station and an identity of the AP. The STA can transmit a new long term identity for the STA to the AP based on the security association. The STA can then transmit a request frame to change the original short term identity assigned to the STA to the AP. The STA can receive a response frame from the AP. The response frame can include a new short term identity assigned to the station by the AP. The STA can then map its new long term identity to its new short term identity assigned by the AP.

Abstract: In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.

Abstract: A computer system (100) for distributed shared execution of one or more shared processes, comprising: first program code for the one or more shared processes that comprises one or more shared code segments (142, 144, 146) shared between a first authorizing node (102) and a second authorizing node (104), wherein the one or more shared code segments (142, 144, 146) are executable by one or more executing nodes (102, 104, 106); a distributed ledger (152, 154, 156) that provides a record of valid code segments of the program code; and second program code comprising instructions that, when executed by the first and/or second authorizing nodes, validates that an anticipated execution result of the one or more shared code segments (142, 144, 146) satisfies shared authorization conditions and, if satisfied, authorizes the execution of the one or more shared code segments by the one or more executing nodes.

Abstract: A method for detection and use of device identifiers to enhance the security of data transfers between electronic devices. A first electronic device can transmit access data to a second electronic device. The access data can be associated with a first access code that can be generated based at least in part on data representing a device identifier of the first electronic device. A device identifier can uniquely identify the first electronic device from a plurality of electronic devices. Transferring the access data can involve transforming the first access code into a second access code that can include data representing a device identifier associated with the second electronic device. Transforming the first access code into the second access code can facilitate access to a resource associated with the access data for a second user, but not for a first user.

Abstract: Systems and methods are disclosed for detecting certain online activities associated with a digital identity. A Digital Identity Network may be monitored for potentially fraudulent activities (such as new account openings and certain transactions) related to an enrolled User identification (User ID) without requiring personally identifying information (PII). Corresponding alerts may be generated and sent to inform the associated user of such suspicious activity so that fraudulent account access or transactions may be prevented.