Abstract: A computer network may include a Non-IP subnetwork for communication between the gateway and the frontend device, an IP subnetwork for communication between the gateway and at least one backend device, and a gateway connecting the Non-IP subnetwork with the IP subnetwork and translating communication therebetween. The IP communication is based on an IP security protocol, providing means for authentication and/or encryption. The gateway mediates handshaking for establishing a secure tunnel for secure end-to-end communication between the backend device and the frontend device. The secure tunnel is set to apply a session key. The gateway and the backend device exchange datagrams with handshaking parameters. The Non-IP messages are exchanged with a subset of the handshaking parameters. The backend device and the frontend device generate the session keys and to authenticate the handshaking incorporating the handshaking parameters and subset of handshaking parameters, respectively.

Abstract: Systems and methods for authenticating access to multiple data stores substantially in real-time are disclosed. The system may include a server coupled to a network, a client device in communication with the server via the network and a plurality of data stores. The server may authenticate access to the data stores and forward information from those stores to the client device. An exemplary authentication method may include receipt of a request for access to data. Information concerning access to that data is stored and associated with an identifier assigned to a client device. If the identifier is found to correspond to the stored information during a future request for access to the store, access to that store is granted.

Abstract: A system and method for early detection of a compromised client device includes a tamper detection service configured to monitor modifications to resource access privileges over time to identify unusual variations in jailbreak status that indicate compromise of the client device. For example, the tamper detection service may monitor the jailbreak status of system files over time to expose attempts to hide the jailbreak status of a protected resource. To validate that malware is attempting to hide the jailbreak status of a protected resources, the tamper detection process may launch multiple different resource accesses, targeting the protected resource, to determine whether different accessibility results are returned, indicating a compromised device.

Abstract: A secure token (ST) system including at least one ST computing device to provision data using secure tokens over a network is provided. The ST computing device is configured to receive first customer data from a credit issuer computing device, the first customer data including at least one or more account identifiers associated with a customer and a social security number (SSN) associated with the customer. The ST computing device is also configured to hash the SSN, wherein the hashed SSN includes a hash value, assign a unique identifier to each of the one or more account identifiers, and generate a secure token by associating the hash value to each unique identifier. The ST computing device is further configured to store the secure token within the database, and transmit the secure token to at least one of the credit issuer computing device and a third party computing device.

Abstract: A method for implementing a slice security zone (SSZ) in a 5G network. The method comprises storing by an SSZ function executing on a first network server an SSZ security profile of the SSZ in a secure storage function, receiving by the SSZ function from a slice management function a slice registration request comprising information relating to a slice security profile of a slice managed by the slice management function, if the slice security profile complies with the SSZ security profile, storing by the SSZ function a slice registration association between the slice and the SSZ in the secure storage function, and sending by the SSZ function to the slice management function a slice registration response comprising information relating to whether the slice was registered in the SSZ.

Abstract: Secure cloud-based storage system management that includes: establishing, within a cloud-based services provider and based on one or more user credentials, a cloud-based user session to execute one or more commands on a remote storage system that includes physical storage devices; determining one or more data storage operations corresponding to the physical storage devices to implement the one or more commands on the storage system; and extending, based on using an access token based on the one or more user credentials to securely issue the one or more data storage operations to the remote storage system, the cloud-based user session to the remote storage system.

Abstract: A mobile terminal privacy protection method includes obtaining an application start instruction, actively obtaining a biometric feature of a user according to the application start instruction, and displaying an encrypted content list and an unencrypted content list of a corresponding application if the obtained biometric feature of the user matches a preset biometric feature. The encrypted content list of the application is generated according to encrypted content in the application, the unencrypted content list of the application is generated according to unencrypted content in the application, and the encrypted content in the application is content that is not presented when the obtained biometric feature of the user does not match the preset biometric feature.

Abstract: Methods and systems for processing a blockchain comprising a plurality of immutable sales records corresponding to sales made by agents of an entity are provided. According to certain aspects, a transaction request indicating a sale made by an agent of the entity may be received at a first node. A block including a sales record indicating the sale made by the agent may be added to a blockchain and transmitted to another node for validation. The first node may add the block to a copy of the blockchain, where the block may be identified by a hash value that references a previous block in the blockchain that includes at least one additional sales record.

Abstract: Provided is a hybrid trusted execution environment based android security framework, an android device equipped with the same and a method of executing a trusted service in the android device. The hybrid trusted execution environment based android security framework includes a hardware resource that comprises a rich execution environment (REE) where an android operating system (OS) runs, and a secure container which implements a virtualized trusted execution environment (VTEE) that processes a security task in the rich execution environment (REE) when an application running on the rich execution environment requests the security task.

Abstract: Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.

Abstract: A memory system includes a first memory and a second memory that share common addresses received from a memory controller, wherein the first memory includes a first scrambling circuit suitable for scrambling a common address to generate a first scrambled address designating a word line to be activated in the first memory, and the second memory includes a second scrambling circuit suitable for scrambling the common address to generate a second scrambled address designating a word line to be activated in the second memory, and the first scrambling circuit and the second scrambling circuit perform a scrambling operation in such a manner that neighboring word lines, adjacent to a word line selected by a first common address, are selected a most in one memory among the first memory and the second memory by a second common address other than the first common address.

Abstract: Techniques for tamper detection of a memory module having non-volatile memory devices resident on a printed circuit board (PCB) by circuitry of a controller also resident on the PCB. Examples include determining resistance values of a character pattern sprayed on a side of a cover facing the non-volatile memory devices using conductive ink following first and second boots of the memory module and asserting a bit of a register to indicate tampering of the memory modules based on a comparison of the resistance values. Tamper policy actions may be initiated based on detection of tampering.

Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.

Abstract: Aspects of the present disclosure are operable to protect against malicious objects, such as JavaScript code, which may be encountered, downloaded, or otherwise accessed from a content source by a computing system. In an example, antivirus software implementing aspects disclosed herein may be capable of detecting malicious objects in real-time. Aspects of the present disclosure aim to reduce the amount of time used to detect malicious code while maintaining detection accuracy, as detection delays and/or a high false positive rate may result in a negative user experience. Among other benefits, the systems and methods disclosed herein are operable to identify malicious objects encountered by a computing system while maintaining a high detection rate, a low false positive rate, and a high scanning speed.

Abstract: A method to participate in a blockchain-implemented token distribution process is disclosed. The token distribution process divides an initial quantity of tokens at an input address associated with an input node into a plurality of sub-quantities and uses a mixer node to distribute the sub-quantities to multiple output addresses associated with respective output nodes using a blockchain. The token distribution process utilizes a hierarchical token distribution scheme to recruit the mixer node. The hierarchical token distribution scheme involves a first commitment channel (Ui ? Uij) for a first transaction between the upstream node and a recruited mixer node (Uij), and for each of the plurality of downstream nodes, a second commitment channel (Uij ? Uijk) for a second transaction between the mixer node and a selected downstream node, wherein an unlocking script for the first transaction is derived from an unlocking script for any one of the second transactions.

Abstract: A method of determining a response of a radio frequency wireless communication system to an adversarial attack is provided. Adversarial signals from an adversarial node are transmitted to confuse a target neural network of the communication system. An accuracy of classification of the incoming signals by the target neural network is determined.

Abstract: The exemplary embodiments are related to a device, a system, and a method for implementing a mechanism that is configured to prevent the unauthorized execution of software. A user device is configured to execute a feature access function corresponding to an application feature included in an application. The feature access function is configured to receive one of a plurality of values each time the application is launched. During operation, the feature access function receives a value and determines whether a condition is satisfied. When the condition is satisfied, the value is returned which indicates that execution of the application feature is permitted.

Abstract: Authentication systems and methods can selectively authenticate a request to access a resource data store storing access rights associated with a user device. The systems and methods can scalably execute challenges workflows as part of the authentication process. For example, a request to access one or more access rights stored in the data store can be received from the user device. The user device can be authenticated using challenge workflows selected based on a device identifier of the user device. The selected challenge workflows can be executed to determine whether or not to grant access to the access rights stored in the resource data store.

Abstract: A regularization unit standardizes similar expressions across a plurality of URIs in access logs of requests made to a plurality of web servers, thereby changing the URIs into regularized URIs. A calculation unit calculates, among the access logs that are from the same source, the relative frequency of certain access logs to all access logs, the certain access logs corresponding to requests made to different destinations for the same regularized URI and also corresponding to certain response codes. If the largest of all the relative frequencies calculated for the regularized URIs is at least a certain threshold, a determination unit determines the regularized URIs to be scanning targets.

Abstract: A system for leveraging a tokening system to authenticate a traveler while maintaining anonymity of the traveler is provided. The system may include a secure central server configured to store identification data associated with a plurality of users. The system may also include a mobile token application for providing a token identifier representing a user's identification data. The mobile token application may be activated by the central server on a mobile device of the user registered with the central server and stored in a secure storage on the mobile device of the user. The system may also include a travel service provider. The travel service provider may be configured to enable reserving a travel reservation file. The travel service provider may be enabled to retrieve a token identifier from the user's mobile device as representing the identification of the user and verify the token identifier with the central server.