Abstract: Systems and methods are disclosed for detecting certain online activities associated with a digital identity. A Digital Identity Network may be monitored for potentially fraudulent activities (such as new account openings and certain transactions) related to an enrolled User identification (User ID) without requiring personally identifying information (PII). Corresponding alerts may be generated and sent to inform the associated user of such suspicious activity so that fraudulent account access or transactions may be prevented.

Abstract: A method for a mobile station (STA) is described. The method may be performed to use an identifiable medium access control (MAC) random (IRM) address (IRMA) to associate to an access point (AP). The method includes exchanging one IRM key (IRMK) with the AP for each association of a plurality of associations; determining an IRM hash using the IRMA and the IRMK exchanged with the AP at an immediately previous association of the plurality of associations and/or a temporal element; associating to the AP using the IRMA as a transmitted address (TA); and transmitting an association request including the IRM hash. The transmitted association request triggers the AP to one or both of check a list of stored IRMKs to find one stored IRMK that together with the IRMA produces the IRM hash included in the association request and identify the STA by the one IRMK.

Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

Abstract: A security management device includes a management unit, a determination unit, and an output unit. The management unit is configured to manage an anomaly location of an anomaly in a system in which a plurality of electronic controllers are connected through a network, and an anomaly amount in the anomaly location. The determination unit is configured to determine whether or not to implement countermeasures against the anomaly based on the anomaly location and the anomaly amount. The output unit is configured to output an instruction based on a determination result by the determination unit.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution. Methods and systems for mitigating Denial of Service (DOS) attacks in wireless networks, by performing admission control by verifying a User Equipment's (UE's) registration request via a Closed Access Group (CAG) cell without performing a primary authentication are provided. Embodiments herein disclose methods and system for verifying permissions of the UE to access a CAG cell based on the UE's Subscription identifier, before performing the primary authentication. The method for mitigating DOS attacks in wireless networks includes requesting a public land mobile network for accessing a non-public network (NPN) through a CAG cell, verifying the permissions of a UE to access the requested NPN through the CAG cell, and performing a primary authentication.

Abstract: This disclosure provides an anonymization method and apparatus, a device, and a storage medium, and pertains to the field of communications network technologies. The method includes: receiving a data obtaining request of a first terminal, and obtaining requested target data based on the data obtaining request; determining behavior data generated when the target data is obtained; determining, based on the behavior data, a first permutation character sequence corresponding to the target data; and anonymizing, based on the first permutation character sequence, a to-be-anonymized character string in the target data, and outputting the anonymized target data. In this disclosure, because the behavior data is different each time and is not easy to crack, anonymization is implemented without relying on plaintext information, thereby improving anonymization security and meeting anonymization requirements specified by laws.

Abstract: A method for secure path discovery in a mesh network at a destination device is disclosed. The method includes receiving a path discovery request from an originator device and selecting a path selection in response to the path discovery request. The method also includes transmitting the path selection to the originator device and receiving a random seed from a provisioner device. The method also includes generating an authentication code based on the random seed, transmitting an authentication code message to an originator device and receiving communications from the originator device only if the originator device receives a verification response message from the provisioner device which confirms that the destination device has been verified.

Abstract: A method performed by a network node that generates a schedule of communication exchanges between the network node and a small cell of a telecommunications network. The schedule is unique for the small cell among multiple small cells and sets times for sending status signals to the small cell and receiving counterpart response signals from the small cell. When the network node detects non-compliance with the schedule, the network node can begin to monitor the small cell for anomalous activity. Upon detecting that the anomalous activity includes malicious activity, the network node can communicate with the small cell wirelessly to deauthorize the small cell.

Abstract: This disclosure relates to remote control of dialysis machines. In certain aspects, a method includes receiving a request for a network connection from a dialysis machine and establishing the network connection with the dialysis machine. The method also includes receiving, from a client device, a request to access the dialysis machine, authorizing the client device to access the dialysis machine, receiving, from the dialysis machine, information pertaining to an operation of the dialysis machine, and providing, to the client device, the received information.

Abstract: Disclosed embodiments relate to a system having a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.

Abstract: Disclosed herein are methods, systems, and processes to facilitate and perform dynamic best path determination for penetration testing. An action path that includes a kill chain that involves performance of exploit actions for a phase of a penetration test is generated by identifying the exploit actions based on a penetration parameter, a detection parameter, and/or a time parameter associated with the exploit actions. Performance of the identified exploit actions permits successful completion of the phase of the penetration test and designates the action path for inclusion as part of a best path for the penetration test.

Abstract: Technology permitting secure storage and transmission of data stream as well as tiered access to multiple data stream according to permission. Data streams may be encrypted using symmetric encryption performed with varying symmetric keys according to a key stream of symmetric keys. Native data may be discarded for safety. Whole or partial key streams may be encrypted using the public keys of authorized entities having permission to access respective data streams or portions thereof. Only the corresponding private keys can decrypt the encrypted key streams required to decrypt the encrypted data streams. Thus rigorous access control is provided. IT personnel accessing data stream files on a server or intruders maliciously obtaining files will not be able to derive the data stream. Sensitive data streams may be stored using cloud services despite inherent risks.

Abstract: A non-transitory storage medium including software for detecting malicious objects stored at a cloud-based remote service is described. Herein, the software includes first, second and third logic modules. The first logic module is configured to (i) identify the cloud-based remote service hosting one or more objects and (ii) acquire access the one or more objects stored within the cloud-based remote service. The second logic module is configured to retrieve the one or more objects from the cloud-based remote service and submit the object(s) to a plurality of analytic engines. Each analytic engine is configured to conduct analytics on at least a first object of the object(s) and generate results based on the analytics conducted on at least the first object. The third logic is configured to conduct an analysis of meta-information associated with the first object to determine whether the first object is to be classified as malicious or benign.

Abstract: Systems and method for method for increasing security in online transfers by maintaining anonymity of transferors are described herein. In an embodiment, a label tracking system receives a request to generate labels for an account of an account holder. The system generates a plurality of labels in response to the request and send the plurality of labels to an account computing device which stores a mapping of labels to identification information. The system receives an allocation request from the account computing device and stores allocations for each of the generated labels. When the system receives a request to perform a transfer between two labels, without changing any items within the account and without receiving identification information corresponding to the labels, the system updates the labels by decrementing an amount allocated to the transferor label and incrementing an amount allocated to the transferee label.

Abstract: A method of connecting a user device anonymously to a remote operator, via an intermediate anonymizing server is described. In this way, a remote operator may control the device, without the remote operator knowing the identity of the owner or of user of the device. A remote operator might provide medical support or entertainment. The user of the device is provided with a connection key, which is then further given by the user to a desired remote operator. Both the user and the remote operator provide the anonymizing server with the connection key. The anonymizing server opens a chat room uniquely associated with the connection key. Electronic connectivity is provided by forwarding messages between the user device and the remote operator through the chat room. No other access to the chat room is permitted. The anonymizing server does not store the connection key. No user application is required.

Abstract: A vehicle communication processor includes a communication control unit that receives digitally signed information from an external device, and a first control processing unit and a second control processing unit that process information received by the communication control unit. The communication control unit or the first control processing unit includes a sign verification section that performs an authenticity verification of a digital sign of the digitally signed information. The second control processing unit includes an execution preparation section and an execution determination section. The execution preparation section performs an execution preparation process on data of the digitally signed information in parallel to the authenticity verification on the digital sign. The execution determination section determines whether the data of the digitally signed information is to be executed in a case where the digital sign of the digitally signed information is verified as being authentic.

Abstract: Aspects of the present disclosure relate to encryption management. A determination can be made whether an encryption algorithm is at-risk. In response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm can be identified. A security action can then be executed on the data protected by the encryption algorithm.

Abstract: The disclosed computer-implemented method for managing digital personas for online services may include generating a digital persona and a persona wear indicator (PWI) score for a user of an anonymized inbox with a communication alias to use for an online entity, determining, based on one or more communication messages associated with the communication alias, that the online entity has leaked information associated with the digital persona, recalculating the PWI score for the digital persona based at least in part on the determination that the online entity has leaked the information, determining that the PWI score exceeds a privacy score threshold; and in response to determining that the PWI score exceeds the privacy score threshold, performing a security action that protects privacy of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system includes at least one hardware processor of a computing node and at least one memory storing instructions that cause the at least one hardware processor to perform operations. The operations include instantiating a user code runtime to execute within a sandbox process. The sandbox process configures access by the user code runtime to an operating system (OS) kernel of the computing node. The OS kernel is configured with one or more filtering policies. A determination is performed of whether a system call received by the OS kernel violates the one or more filtering policies. The system call is triggered by at least one operation of the user code runtime. A tracing event is instantiated to trace execution of the system call based on the determination.

Abstract: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.