Abstract: Systems and methods of matching identifiers between multiple datasets are described herein. A system can transmit a first identifier vector to a third party server. The first identifier vector can include a first identifier, first parameters, and second parameters. The system can receive, from the third party server, the first identifier vector encrypted based on a third-party encryption. The system can receive, from the third party server, a second identifier vector encrypted based on the third-party encryption associated with the third party server. The second identifier vector can include a second identifier, third parameters, and fourth parameters. The system can determine a correlation count between the first identifier vector and the second identifier vector. The system can determine that the first identifier corresponds to the second identifier based on the correlation count. The system can generate one identifier key for both the first identifier and the second identifier.

Abstract: A wireless communication system includes an external provider subsystem and an electronic network subsystem in operable communication with the external provider subsystem. The electronic network subsystem is configured to provide a first microservice and a second microservice different from the first microservice. The wireless communication system further includes an in-home subsystem (i) separate from the external provider subsystem, (ii) in operable communication with the electronic network subsystem, and (iii) including a first micronet and a second micronet different from the first micronet. The first micronet is configured to operably interact with the first microservice, and the second micronet is configured to operably interact with the second microservice. The wireless communication system further includes at least one electronic device configured to operably connect with one of the first micronet and the second micronet.

Abstract: Techniques for malicious HTTP cookies detection and clustering are disclosed. In some embodiments, a system, process, and/or computer program product for malicious HTTP cookies detection and clustering includes receiving a sample at a cloud security service; extracting a cookie from network traffic associated with the sample; determining that the cookie is associated with malware; and generating a signature based on the cookie.

Abstract: Device, system, and method of generating and handling cryptographic parameters. A first device and a second device store the same secret seed value, utilize the same deterministic pseudo-random number generation function, and utilize the same deterministic value modification function. The first device generates a candidate value, sequentially modifies its value, and performs primality testing until a confirmed prime number is found. The first device indicates to the second device, how many iterations of value modifications to perform in order to reach and thus re-generate therein the same already-confirmed prime number, without the need to perform any primality testing in the second device.

Abstract: A device management apparatus communicably connected to a terminal device through a network includes a processor. The processor acquires, via the terminal device, first device information that is information on a specific device connected to the terminal device and license information indicating a license given to the device. The processor refers to a memory that stores second device information to determine whether the first device information is identical to the second device information. The processor transmits, when the acquired first device information is different from the second device information, the license information to an authentication server to determine whether to reflect the first device information to the second device information according to an authentication result received from the authentication server.

Abstract: A wireless communication system includes an external provider subsystem and an electronic network subsystem in operable communication with the external provider subsystem. The electronic network subsystem is configured to provide a first microservice and a second microservice different from the first microservice. The wireless communication system further includes an in-home subsystem (i) separate from the external provider subsystem, (ii) in operable communication with the electronic network subsystem, and (iii) including a first micronet and a second micronet different from the first micronet. The first micronet is configured to operably interact with the first microservice, and the second micronet is configured to operably interact with the second microservice. The wireless communication system further includes at least one electronic device configured to operably connect with one of the first micronet and the second micronet.

Abstract: A method for authenticating smart glasses in a data network includes transmitting a message to an authentication computer of the data network, generating a first transaction code and transmitting to the smart glasses, reading authorization data of a user, without involving the smart glasses, into the data network and processing by the authentication computer, which carries out an authentication of the user on the basis of the authorization data, and in case of a successful authentication, reading a second transaction code into the data network, wherein if a check performed by the authentication computer shows that the second transaction code matches the first, an access right is provided for the smart glasses and stored in the smart glasses, the access right enabling the smart glasses to access one or a plurality of predetermined services in the data network.

Abstract: Various systems and methods for implementing an access control policy that provides subject matching in distributed access control scenarios, such as Internet of Things (IoT) device interconnection settings, are described. In an example, a determining an access control policy with an access evaluator includes: receiving a request from a subject to perform an operation with an object; evaluating the first type of access policy of the subject, and a second type of access policy of the object, to determine a first and second access scope for performing the requested operation; identifying an access control object that provides a mapping between the first access scope and the second access scope for performing the requested operation; and providing access from the subject to the object based on a security level determined from the mapping between the first access scope and the second access scope provided with the access control object.

Abstract: A method and a system for automatically managing security policies at multiple resources are provided. A policy management engine receives and deploys a security policy configured for each resource with one or more configuration parameters on a security component of each resource. The policy management engine determines modifications made to the security policy at a corresponding resource and automatically corrects the security policy at the corresponding resource. The policy management engine generates and renders a notification including the security policy, the modifications, and detailed information of the modifications and the automatic correction of the security policy to an administrator device. The detailed information includes a description, a type, a timestamp, number of instances, etc.

Abstract: A method for protecting documents includes assigning electronic marks to a document. The marks are assigned based on a context of the document. Access activity with respect to the document is monitored continuously. In response to receiving a request from a user to access the document, permissions to access the document are checked by analyzing metadata of the document and access rules are analyzed. In response to determining that the marks are not included in the list of permitted marks for the user requesting the access to the document, access to the document is denied and a notification to a server is sent indicating an attempted unauthorized access to the document. Attributes of the marks are analyzed, in response to determining that the marks are included in the list of permitted marks. Access to the document is provided in accordance with the attributes of the marks.

Abstract: A system for integrated natural language programming (“NLP”) and event analysis provides threat detection in computing systems. In particular, the system may use an NLP unit to analyze threat logs from various sources according to multiple different metrics and/or analysis paradigms. Upon completing the analysis, the system may extract, via machine learning, event and/or threat patterns which may be integrated into the system's threat detection processes.

Abstract: A wireless communication system includes an external provider subsystem and an electronic network subsystem in operable communication with the external provider subsystem. The electronic network subsystem is configured to provide a first microservice and a second microservice different from the first microservice. The wireless communication system further includes an in-home subsystem (i) separate from the external provider subsystem, (ii) in operable communication with the electronic network subsystem, and (iii) including a first micronet and a second micronet different from the first micronet. The first micronet is configured to operably interact with the first microservice, and the second micronet is configured to operably interact with the second microservice. The wireless communication system further includes at least one electronic device configured to operably connect with one of the first micronet and the second micronet.

Abstract: Various embodiments are generally directed to techniques for converting between different cipher systems, such as, for instance, between a cipher system used for a first encryption environment and a different cipher system used for a second encryption environment, for instance. Some embodiments are particularly directed to an encryption engine that supports memory operations between two or more encryption environments. Each encryption environment can use different cipher systems while the encryption engine can translate ciphertext between the different cipher systems. In various embodiments, for instance, the first encryption environment may include a main memory that uses a position dependent cipher system and the second encrypted environment may include a secondary memory that uses a position independent cipher system.

Abstract: A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment.

Abstract: Facilitating single node network connectivity for structure automation functionality is provided herein. A system can comprise a memory that stores executable components and a processor, operatively coupled to the memory, that executes the executable components. The executable components can comprise a management component that facilitates a communication with electronic devices within a structure and an initialization component that enables a streamlined security process based on an indication that the at least one electronic device is to be registered with the management component. Further, the executable components can comprise a negotiation component that performs a certificate authentication for the at least one electronic device. The certificate authentication can be automatically performed with a certificate authority during a backend process.

Abstract: For data flow traffic in an IoTSP system, for example, a gateway is provided with data flow rules, one or more of the data flow rules being a receiving rule defining at least what incoming data will be accepted and one or more of the data flow rules being a publishing rule defining at least what data to send to one or more other computing devices acting as gateways in the system. The one or more receiving rules are applied to incoming data, and the one or more publishing rules to stored and processed data to cause sending one or more pieces of the data in response to a condition in a publishing rule being fulfilled.

Abstract: A process, system, and non-transient computer readable medium that provides device automation support for the dynamic activation, authentication, and accounting of network access and network access devices while enabling seamless multi-vendor support for change of authorization through multiple network protocols. The process, system, and non-transient computer readable media also provides security threat remediation that can be automated at the device, network access, traffic inspection, and/or threat protection level by taking action on a device by triggering actions in a bidirectional manner.

Abstract: An example operation may include one or more of identifying a new member (M1) to a permissioned database, creating a new group including the new member and one or more previously identified members (MP), modifying a world state of the permissioned database to identify a set of members in the new group with access to the permissioned database, and responsive to the new member (M1) being identified, creating a new entry (TX1) to the permissioned database using an encryption key (K1) associated with the new member (M1).

Abstract: Systems and methods for displaying computer environment monitoring data can include a multi-tier cache memory associated with a processor of a first device. The multi-tier cache memory can include a first cache layer, and a second cache layer having a higher data access rate than the first cache layer. The first device can receive, from a second device, a data block including monitoring data selected based on user profile information associated with a user of the first device. The first device can store the data block in the first cache layer, and generate a first data sub-block using data from the data block having a higher priority for display as compared to other data of the data block. The first device can store the first data sub-block in the second cache layer, and provide the first data sub-block for display on a display device from the second cache layer.

Abstract: The application relates to a method for checking the data transport across a first communication connection between two data processing devices, said first communication connection being realized between two first interface units, wherein the payload to be transferred can be divided into payload blocks and there is at least one second communication connection between the data processing devices, which is established by means of second interface units, and wherein, in order to implement a challenge-response authentication, a request requiring retrieval of randomly selected data units from identifiable, randomly selected payload blocks of the payload is sent as a challenge by an authentication unit to the first interface units by means of the second communication connection, an authentication assembly of each of the first interface units extracts the requested response data from the payload and transmits the same back to the authentication unit and a successful check is determined if the response data match.