Abstract: The invention relates to a secure element device comprising at least one processor, at least one communication interface, at least one memory RAM and NVM and at least one bus access controller, wherein the bus access controller defines at least a first area PBL, a second area SBL and a secure area MZ. The first area comprises a first loader program capable of loading a program package in the second area. The secure area comprises an authentication key capable of authenticating the program package loaded in the second area. After authentication of the program package loaded in the second area, the access right of the first loader program is changed in such a way that a program in the first area can no more access the second area.

Abstract: Techniques are described for enabling software applications to obtain temporary security credentials used to interact with a cloud provider network and, upon the revocation of an active set of temporary security credentials used by an application (e.g., due to concerns about the temporary credential's potential exposure to one or more unauthorized third parties), to readily obtain new temporary security credentials that the application can use to continue operation with minimal interruption. The temporary security credentials can be used, for example, to enable the cloud provider network to authenticate requests sent by software applications or users to various services or other components of the cloud provider network. An operator of a cloud provider network may provide a software development kit (SDK) that application developers can use to incorporate functionality related to the management of temporary security credentials.

Abstract: Systems and methods are disclosed for detecting certain online activities associated with a digital identity. A Digital Identity Network may be monitored for potentially fraudulent activities (such as new account openings and certain transactions) related to an enrolled User identification (User ID) without requiring personally identifying information (PII). Corresponding alerts may be generated and sent to inform the associated user of such suspicious activity so that fraudulent account access or transactions may be prevented.

Abstract: A method, system, and computer program product for privacy protection of records based on attribute-based determination of quasi-identifiers within the records is provided. The method receives a first set of records containing a first set of attributes for a set of individuals. The method receives a second set of records for the set of individuals, with the second set of records containing a second set of attributes. A first set of quasi-identifiers, based on the first set of attributes, is accessed for the first set of records. The method determines a set of new attributes of the second set of attributes based on the first set of attributes. A second set of quasi-identifiers is generated based on the first set of quasi-identifiers and the set of new attributes. The method generates an anonymized set of records from the second set of records based on the second set of quasi-identifiers.

Abstract: A scalable configurable universal complete spectrum identity testing machine is provided which includes at least one computer that utilizes necessary resources for making identity test determinations as to whether or not one specific sensor-observed tested person is the same person as one specific known person. The at least one computer may be utilized for at least one additional purpose besides being utilized as an identity testing machine. The identity testing machine makes one-time, intermittently performed, or constantly performed determinations of identity regarding any one specific tested person and it is configurable for doing so at any attainable level of accuracy including 100% accuracy.

Abstract: A system and method for controlling access to a message after communication. A sender sends an encrypted message to a recipient. The sender also sends an encryption key and the identity of the recipient to a services component. The recipient authenticates its access rights with the services component to obtain the encryption key. The key is held for a period of time for the recipient to access the encrypted message. The recipient may re-authenticate with the services component to again obtain the key to subsequently access the message. The sender may revoke or reinstate the receiver's access to the message by updating the service component.

Abstract: Methods, apparatus, systems, and articles of manufacture to refresh a token for use in a virtualized computing environment are disclosed. An example method includes accessing a request to perform an automation task; extracting a first token from the request to perform the automation task; determining, by executing an instruction with a processor, whether the first token is expired or will expire in a threshold amount of time; in response to determining that the first token is expired or will expire in the threshold amount of time, requesting a refreshed token; replacing the first token with the refreshed token to create an updated request; and sending the updated request to an automation executor.

Abstract: Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior.

Abstract: A system for storing an object includes a card reader configured to receive a card from a user and to determine an identity of the user based on information on the card. The system also includes a secure storage area configured to store a plurality of physical boxes. The plurality of physical boxes includes a first physical box that is assigned to the user. The first physical box is configured to be dispensed from the secure storage area to the user outside of the secure storage area in response to the user requesting to physically receive the first physical box. Dispensing the first physical box includes moving the first physical box along a predetermined path in the secure storage area and presenting the first physical box for removal from the secure storage area.

Abstract: Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.

Abstract: Disclosed herein are methods, systems, and processes to facilitate and perform dynamic best path determination for penetration testing. An action path that includes a kill chain that involves performance of exploit actions for a phase of a penetration test is generated by identifying the exploit actions based on a penetration parameter, a detection parameter, and/or a time parameter associated with the exploit actions. Performance of the identified exploit actions permits successful completion of the phase of the penetration test and designates the action path for inclusion as part of a best path for the penetration test.

Abstract: Provided herein are systems and methods for tracing and tracing supervision of UDFs in a database system. For example, a method includes receiving a user-defined function (UDF), the UDF including code related to at least one operation to be performed. A user code runtime is instantiated to execute the code of the UDF as a child process. The user code runtime includes a filtering process configured with a plurality of filtering policies. A system call of the at least one operation is detected based on a notification from an operating system (OS) manager, the notification identifying the system call. A determination is made on whether performing the system call is permitted based on the plurality of filtering policies. A report is generated based on the determining.

Abstract: Disclosed herein are systems and methods for anonymous sending of data from a source device to a recipient device. In one aspect, an exemplary method comprises, by the source device: receiving a request to send data to the recipient device, processing the data such that an identifier of the user and identification data are not linked to the data to be sent to the recipient, and determining whether the identifier of the user is absent in the source device, when the identifier of the user is absent, generating the identifier of the user, sending the identifier of the user to a token generator, wherein the sent identifier comprises either the generated identifier or an existing identifier found during the determination of whether the identifier is absent in the source device, and sending, to the recipient device, a combination of a random token received from the token generator and the data.

Abstract: A system and method for retrieval and analysis of stored objects for malware is described. The method involves receiving a scan request message from a customer to conduct analytics on one or more objects stored within a third-party controlled service. In response to receipt of the scan request message, the system generates a redirect message. The redirect message redirects the customer to an authentication portal of the third-party controlled service operating as a logon page and configures receipt by the system of access credentials for the third-party controlled service upon verification of the customer. Using the access credentials, the system is able to retrieve the one or more objects using the access credentials and performing analytics on each object of the one or more objects to classify each object as malicious or benign.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). Methods, network entities, and systems for mitigating Denial of Service (DoS) attack in a wireless network (e.g., access network (AN), core network (CN)). Embodiments herein disclose methods and systems for mitigating Denial of Service (DOS) attacks in wireless networks, by performing admission control by verifying a User Equipment's (UE's) registration request via a Closed Access Group (CAG) cell without performing a primary authentication. Embodiments herein disclose methods and system for verifying permissions of the UE to access a CAG cell based on the UE's Subscription identifier, before performing the primary authentication. Methods and systems for mitigating Denial of Service (DoS) attack in a wireless network.

Abstract: A frame transmission prevention apparatus connected to a network of a network system including a plurality of electronic control units communicating with one another via the network is provided. The apparatus includes a processor and a memory. The memory includes at least one set of instructions that causes the processor to perform processes when executed by the processor. The processes include receiving a first frame from the network and switching whether to perform a first process for preventing transmission of the first frame on the basis of management information indicating whether prevention of transmission of a frame is permitted if the first frame satisfies a first condition.

Abstract: Techniques are described for multi-factor authentication and device verification based at least partly on a periodically changing (e.g., rotating) security code. A rotating security code may be generated on a user device and used to sign a certificate. The certificate may be encrypted, using a private key stored on the user device, and communicated to a backend service for verifying that the user device is authorized to access secure information. The backend service may decrypt the certificate (e.g., using a public key associated with the private key), extract the security code from the decrypted certificate, and compare the extracted security code to a security code associated with the user device. If the codes correspond to one another, the user device may be verified and provided with access to secure information such as secure data, a secure portion of an application, and so forth.

Abstract: Techniques are described for enabling software applications to obtain temporary security credentials used to interact with a cloud provider network and, upon the revocation of an active set of temporary security credentials used by an application (e.g., due to concerns about the temporary credential's potential exposure to one or more unauthorized third parties), to readily obtain new temporary security credentials that the application can use to continue operation with minimal interruption. The temporary security credentials can be used, for example, to enable the cloud provider network to authenticate requests sent by software applications or users to various services or other components of the cloud provider network. An operator of a cloud provider network may provide a software development kit (SDK) that application developers can use to incorporate functionality related to the management of temporary security credentials.

Abstract: Security is provided for enterprise local area networks (LANs) by pre-vetting and identifying the security characteristic and actions of any new wireless networks that tries to connect to a secure LAN network. The disclosure herein provides for identification and classification of IEEE 802.11 wireless networks by using monitoring sensor system within and managed by a centralized cloud. The monitoring sensors interrogate the network mimicking the behavior of known platforms, such as an end-user's workstation or mobile device followed by random actions simulating a human person. The response characteristics of the wireless network including the behavior patterns relating to the LAN system and human behavior are collected.

Abstract: A method and a system for selecting an anonymized subset of parameters from datasets of network-connected devices are provided herein. The method may include: obtaining a plurality of datasets, comprising a set of parameters related to one of a plurality of network-connected devices; automatically selecting a subset of parameters from at least one of the datasets, wherein the selecting is based on specified selection criteria; calculating an autocorrelation of the selected subset of parameters; calculating a correlation of the selected subset of parameters and one or more subsets of parameters selected from the datasets relating to network-connected devices other than said one of the plurality of network-connected devices; and applying the correlation and the autocorrelation to a decision function to determine whether the selected subset of parameters is an anonymized subset that is insufficient for determining an identity of the one of the plurality of the network-connected devices.