Abstract: Example implementations relate to system and method of controlling access to ports of a host computing system having a port management integrated-circuit chip (IC), a manageability controller, and a plurality of peripheral device hubs having ports. The IC is to receive a first data from the plurality of peripheral device hubs and communicate the first data to the manageability controller. The first data includes device identifiers of a first peripheral device and a port identifier of the port. Further, the IC is to receive a security action from the manageability controller and implement the security action on the port. The security action is determined based on comparison of the first data and the second data including access control rules, where the security action is linked to each access control rule, and where each access control rule has the port identifier mapped to predetermined device identifiers of a second peripheral device.

Abstract: A method and an apparatus for identifying terminals. The method includes: sending by an NFC card reader of the identifying terminal, a preset instruction to an NFC chip of a terminal to be identified packaged in a packaging box, to switch on the terminal to be identified in a compartment; obtaining identification information corresponding to the terminal to be identified; obtaining location information of the identifying terminal; transmitting the location information and the identification information of the terminal to be identified to a verification server; and obtaining and outputting the identification result sent by the verification server.

Abstract: Systems, apparatuses, and methods are described for protecting the integrity of a playlist, and/or for determining whether a playlist has been altered. The playlist may comprise references to segments of multiple content types. The references may be obfuscated, and/or confirmation data may be used to detect playlist alteration.

Abstract: A security framework and methodology is provided which provides front-end security through authentication and authorization, and back-end security through a virtual private data-store created within an insecure environment using existing object-relational mapping (ORM) layers or database drivers. The front-end security utilizes numerous multi-factor authentication metrics and a distributed denial of service (DDoS) cryptographic boundary to proactively attack malicious users using a cryptographic puzzle, and the back-end security provides data encryption and decryption, data privacy, data integrity, key management, pattern monitoring, audit trails and security alerts while simultaneously hiding the complexity behind an identical or similar ORM or database drive application programming interface (API).

Abstract: A content delivery server may provide content to a requesting client device using a streamlined HTTP enhancement proxy delivery technique. For example, an HTTP proxy server may receive a request for video content or a fragment of video content from a client device. The request may be associated with a timeout scheduled to occur if no content has been received after a specified amount of time. The server may then transmit a request for the content to a remote server, such as an upstream cache server in the proxy server's CDN. When the proxy server receives a portion of the requested content from the remote server, the proxy server begins transmitting the portion to the client device before the requested content has been completely received and buffered. The client device may then begin receiving data from the proxy server before timeout has occurred.

Abstract: A system, method, and computer program product are provided for performing hardware-backed password-based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Abstract: Methods, systems, and devices for authenticating a device using a remote host are described. In some systems, a management server may identify a software update for a device and transmit a notification that the software update is sent to the device. In some cases, the system may also include a field server. The field server may receive the notification and set a flag, in a memory, that indicates an association between the device and the software update. The field server may receive, from the device, a connection request that includes a certificate associated with a key for authenticating the device and accept the key as valid based on the flag indicating the update to the software.

Abstract: Disclosed is an apparatus performing a method including: receiving, from an apparatus including a housing arranged to hold a personal communication device used by a user, a notification indicating a first authentication score of the user is below a first pre-determined threshold, providing a challenge to the personal communication device. In some embodiments, the challenge is selected based on one or more sensor data obtained by at least one of the apparatus or the personal communication device. In some embodiments, the method includes calculating a second authentication score based on a response to the challenge, and causing the apparatus, to gate electronic access to the personal communication device based on whether the second authentication score is above a second pre-determined threshold.

Abstract: Examples associated with process verification are described. One example includes a process operating in a general operating environment of the system. From an isolated environment, a protection module modifies the behavior of the process by modifying data associated with the process while the process is in operation. The protection module verifies whether the behavior of the process has changed in accordance with the modification. The protection module takes a remedial action upon determining the process has been compromised.

Abstract: A method for monitoring access to a user account comprises receiving a user account login status from a target service in response to a user login request, comparing the user account login status with an expected status value at a user apparatus, and on the basis of the comparison, performing at least one of: synchronising the status value at the user apparatus with the user account login status from the target service, and executing a user login update process at the user apparatus.

Abstract: Trusted agents operating within a trusted execution environment (TEE) of a client computing device are configured with complex computational puzzles (e.g., hash functions or other proof of work puzzles) for a remote service to solve before the trusted agent executes an operation. The trusted agent may have a policy that the puzzle is associated with, in which the policy defines a statistically defined time period over which puzzles are solved. The statistically defined time period is effectuated through parameters which control a complexity of the puzzle. Malware or bad actors that attempt to misuse the trusted agent are throttled until the remote service solves the puzzle, which is configured with a level of complexity that takes the statistically defined time period.

Abstract: The disclosure relates to an authentication approach to grant access to a secure service on an electronic device. The authentication approach includes receiving, via an electronic device, a request to access the secure service. The authentication approach includes determining whether the electronic device is positioned at a location that corresponds to a virtual authentication lock. The authentication approach includes displaying, in response to determining the device is positioned at the location that corresponds to the virtual authentication lock, the virtual authentication lock on a display of the electronic device. The authentication approach includes receiving one or more interactions with the virtual authentication lock. The authentication approach includes determining whether the one or more interactions correspond to one or more authentication interactions related to the virtual authentication lock.

Abstract: A communication device comprises a container environment with a plurality of containers each having one or more applications and each being connectable to a network slice, and a container manager configured to control communication between the applications and the network slices, wherein the container manager prohibits communication between a first application in a first container and a second application in a second container.

Abstract: Deriving malware signatures by training a binary decision tree using known malware and benign software samples, each tree node representing a different software feature set and having one descending edge representing samples that are characterized by the node's software feature set and another descending edge representing samples that are not characterized thusly, selecting multiple continuous descending paths for multiple subsets of nodes, each path traversing a selected one of the edges descending from each of the nodes in its corresponding subset, deriving, based on the nodes and edges in any of the paths, a malware-associated software feature signature where the malware samples represented by leaves that directly or indirectly descend from an end of the continuous descending path meets a minimum percentage of the total number of samples represented by the leaves, and providing the malware signatures for use by a computer-based security tool configured to identify malware.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of reconfiguring network settings. The systems and methods monitor a network and detect a hacker on a network. The systems and methods can reconfigure network settings of the network upon detecting the hacker. The systems and methods can analyze the hack for severity; and determine a reconfiguration layer based on the severity of the hack. The reconfiguration layer determines a subset of the network settings to be reconfigured. The systems and methods can dismantle the network and generate a replacement network having the reconfigured set of network settings and replace the network with the replacement network.

Abstract: Embodiments of the present disclosure relate to electronic lockout of a client device, specifically to managing electronic lockout of a client device associated with a claim process via a device protection program management system and third-party provider. In this regard, embodiments herein may process various data associated with determining whether to authorize a claim under a device protection program, and cause initiation of and/or termination of an electronic lockout of a client device depending on received data and/or lack of received data. In this regard, example embodiments include receiving a device claim request indication associated with a client device, where the client device is associated with a functionality lockout state; initiating a claim associated with the client device; causing initiation of an electronic lockout of the client device; processing the claim to determine whether to authorize the claim; and causing updating of the electronic lockout based on the determination.

Abstract: The present invention relates to the detection of malicious software in electronic documents and comprises: detecting an executable code in the electronic document provided to a client module; extracting information from the electronic document comprising the executable code and metadata of the electronic document; creating a binary vector associated with the electronic document; comparing, in a classifier module (200), the binary vector with one or more groups of vectors previously classified and stored in a database (400); classifying the vector in one of the groups, where each group has associated therewith a verdict about the presence of malicious software; and determining that the document contains malicious software depending on the verdict associated with the group in which its associated vector has been classified.

Abstract: A method at a network element for processing a first message destined for an intelligent transportation system station, the method including receiving from a sending entity, or generating, the first message at the network element; based on a source or contents of the first message, performing one of: discarding the first message; or modifying the first message to provide an indication to the intelligent transportation system station of checks the intelligent transportation system does not need to perform, thereby creating a second message; and forwarding the second message to the intelligent transportation system station.

Abstract: A method of tunneling through a network separation device such as a firewall or a Network Address Translator comprising establishing via a custom socket factory coupled with a host device, a connection with a cloud server by tunneling through a network separation device; maintaining, via the custom socket factory, the connection with the cloud server through the network separation device; receiving, via the connection between the custom socket factory and the cloud server, connection information; and directly connecting, via the custom socket factory, to a client device using the connection information received from the cloud server.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.