Abstract: In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.

Abstract: A public-private computing system includes: a public computing portion accessible to a computing device associated with a user, the public computing portion including a Platform-as-a-Service portion, the Platform-as-a-Service portion including a cloud computing platform; a private computing portion; and an Application Program Interface (API) gateway configured to couple the public computing portion and the private computing portion.

Abstract: A method and apparatus for retrieving data from a memory in which data, an associated message authentication code (MAC) and an associated error correction code (ECC) are stored in a memory such that the data, MAC and ECC can be retrieved together in a single read transaction and written in a single write transaction. Additional read transactions may be used to retrieve counters values that enable the retrieved MAC to be compared with a computed MAC. Still further, node value values of an integrity tree may also be retrieved to enable hash values of the integrity tree to be verified. The MAC and ECC may be stored in a metadata region of a memory module, for example.

Abstract: The secure management of attachments is described. In one example, a message is received by a device management computing environment from a client computing device. The message can include an addressee list, a resource locator to a file, and a schedule associated with an event, for example. The message is intended for distribution to a number of other client devices along with the file according to the addressee list. However, the file is not directly attached to the message. Instead, the distribution of and access to the file is managed separately and securely by the device management computing environment. The device management computing environment can cause the file to be accessible through the client devices using the resource locator based on the schedule associated with the event. Further, after the event, the device management computing environment can cause the file to be inaccessible and/or removed from the client devices.

Abstract: The present disclosure relates to an intelligent service (e.g., a smart home, a smart building, a smart car, etc.) based on a 5G communication technology and an IoT related technology. In accordance with an embodiment of the present disclosure, a method is provided for detecting, by a web server in a wireless communication system, a malicious code which is injected into the command stream of a widget miming on a web-based OS in a device. The method includes: analyzing the widget in the web server; determining at least one invariant condition constantly maintained and conserved while the widget is running, on the basis of a result of the analyzing; generating a metadata file including data satisfying the at least one invariant condition; and associating the metadata file with the widget and providing the widget in a state in which the associated metadata file is included in the widget.

Abstract: Methods, apparatus, and systems for authenticating a user taking into account measurement values of characteristics of the purported environment of the user are described. Specifically, in a preferred embodiment, a device is used that comprises a sensor for making said measurement of the location dependent physical property; a memory component for storing a secret value; and a data processing component for generating an electronic signature over said measurement by cryptographically combining said measurement with a secret key comprised in or derived from said secret value.

Abstract: The present disclosure describes methods, systems, and computer program products for performing a frequency domain analysis of activity data for a computer system. One computer-implemented method receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain; computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and displaying the frequency domain activity data.

Abstract: A method for tracking a controlled item can include transforming a genetic code with a cryptographic hash function into a core code. The core code can be associated with a label code and a weight. The weight can be indicative of a produced amount of the strain of the controlled item. An image of a label having an identification portion indicative of the label code and dispensed weight data can be received. The label code can be extracted from the identification portion of the image of the label. The weight associated with the core code can be reduced based upon the dispensed weight data.

Abstract: An anomaly detection electronic controller performs anomaly detection processing and is connected to a bus, which a plurality of electronic controllers use for communication to communicate following a Controller Area Network (CAN) protocol. The anomaly detection electronic controller includes an anomaly detection processor that performs anomaly detection processing regarding a data frame. The anomaly detection controller also includes an anomaly detection processing requester that decides an anomaly detection processing timing in accordance with a state of a vehicle in which the bus is installed when receiving the data frame, the anomaly detection processing timing being a reception timing of one or multiple fields in the data frame. The anomaly detection processor further performs the anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.

Abstract: Wireless network specific (WN-specific) key can be used to provide access protection over the radio access link. A WN-specific key may be associated with (or assigned to) a wireless network, and distributed to access points of the wireless network, as well as to user equipments (UEs) following UE authentication. The WN-specific key is then used to encrypt/decrypt data transported over the radio access link. The WN-specific key can be used in conjunction with the UE-specific keys to provide multi-level access protection. In some embodiments, WN-specific keys are shared between neighboring wireless networks to reduce the frequency of key exchanges during handovers. Service-specific keys may be used to provide access protection to machine to machine (M2M) services. Group-specific keys may be used to provide access protection to traffic communicated between members of a private social network.

Abstract: The disclosed computer-implemented method for remediating computer stability issues may include (i) determining that a device has experienced a computer stability problem, (ii) obtaining, from the device, one or more computer-generated log lines that potentially include information pertaining to a cause of the computer stability problem, (iii) directly analyzing text included within the computer-generated log lines, (iv) identifying information relating to the computer stability problem based on the direct analysis of the text, and (v) remediating the device to resolve the computer stability problem. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In an example, techniques of this disclosure include establishing, by a computing device, authentication data for authenticating a user of a service provided by a service provider, where the authentication data comprises one or more first data entries and one or more second data entries that correspond to the one or more first data entries. The techniques also include retrieving, from at least one third-party service provider, one or more second data entries maintained by the at least one third-party service provider that correspond to the one or more first data entries, and authenticating the user based on the authentication data, where authenticating the user comprises comparing the one or more first data entries to the one or more second data entries retrieved from the at least one third-party service provider.

Abstract: A NAT system is identified as operating in conjunction with a specific IP address, in response to a threshold number of different authenticated computing devices making requests to the web service from the specific IP address during a given time period. The total number of computing devices operating from behind the identified NAT system is estimated, based on how many separate authenticated computing devices make requests to the web service from the IP address during the period of time. When a NAT system is identified, one or more additional action(s) are taken to manage the processing of traffic originating from the specific IP address, taking into account that multiple computing devices are operating behind the identified NAT system. An example action is rate limiting.

Abstract: Embodiments are provided for an actionable blacklist of DDoS offenders and ISPs associated offenders. The system can collect real-time attack data and perform real-time analysis, which can be fed into a centralized database for intelligent analysis to identify offenders and report to interested subscribers. The system can receive an indication that network resources are being targeted as part of one or more DDoS attacks, and then obtain the malicious IP address of devices associated with those DDoS attacks. The system can determine the Internet Service Provider (ISP) associated with malicious IP addresses. A metric can be computed that is associated with an ISP involved in the one or more DDoS attacks. If the metric exceeds a threshold, then an alert message indicating that the first ISP is involved in the one or more DDoS attacks can be sent to a list of subscribers.

Abstract: Methods, systems, and devices for wireless communication are described. A user equipment (UE) may perform authentication procedures using an alternative identity (e.g., a privacy mobile subscriber identity (PMSI)) instead of an international mobile subscriber identity (IMSI) to protect the privacy of the user. If the UE does not have a PMSI, it may include a request for a PMSI initialization in an attach request. In some cases, the PMSI may be used once, and a new PMSI may be generated for the next attachment procedure. In some cases, a universal subscriber identity module (USIM) of the UE may not support storage of a PMSI. So a privacy module of the UE may communicate with the USIM according to the USIM's capabilities and may maintain a PMSI separately for communication with the network.

Abstract: Consumer/enterprise and machine-to-machine functions in wireless devices have led to a need for end user consent, security of profile data while permitting remote profile management, and mixed profile types in a shared embedded Universal Integrated Circuit Card (eUICC). User consent is provided by the device or by the eUICC parsing an incoming profile management command and triggering a user prompt on a user interface. Security of profile data while permitting operation of remote profile management commands is obtained by authentication procedures. In some embodiments, control of command influence is also obtained by providing policy control functions at the profile level. Mixed profile types are supported by creating multiple security domains within the eUICC. Authentication is performed on a public key infrastructure (PKI) basis or on a pre-shared symmetric key basis.

Abstract: A system and method provides access to one or more web services requested from a web site by using an app on a smart device, such as a smart phone or tablet, or the smart device itself.

Abstract: A logging device configured to store log messages, includes a storage device having a plurality of log entry locations which can be ordered as a sequence, an encryption device configured to generate the encrypted log messages from log messages, an authentication code generator configured to generate an authentication code from the encrypted log message, a key evolving device, a state storage device configured to store state variables for use by the encryption device, the authentication code generator and/or the key evolving device. Furthermore, a verification device configured to verify log entries stored in log entry locations of the storage device is also described. A method for storing log entries in log entry locations of a storage device of a logging device as well as to a method for verifying the integrity of log entries stored in log entry locations of a storage device is also described.

Abstract: A physically unclonable function (PUF) device comprises a memory block including an array of cells, and a pseudo random number generator (PRNG) configured to generate a number of addresses to challenge the memory block in response to an element selected out of a combination.

Abstract: A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment.