Abstract: The present disclosure relates to a communication technique for convergence of IoT technology and a 5G communication system for supporting a higher data transfer rate beyond a 4G system, and a system therefor. The present disclosure can be applied to intelligent services (e.g., smart homes, smart buildings, smart cities, smart or connected cars, health care, digital education, retail business, and services associated with security and safety) on the basis of 5G communication technology and IoT-related technology. Disclosed are a method and an apparatus for securely providing a profile to a terminal in a communication system.

Abstract: Embodiments of systems and computer implemented methods are provided to transfer software licenses and entitlements associated with a user account from a first information handling system (IHS) to a second IHS. A computer implemented method in accordance with the present disclosure may generally include executing an entitlement management service to reassign the software licenses and entitlements associated with the user account to the second IHS, executing at least one local validation service on the second IHS to validate the second IHS and the user's workspace, and if the second IHS and the user's workspace is successfully validated by the at least one local validation service, executing one or more cloud-based orchestration services to verify the user account, determine which software licenses and entitlements are associated with the user account, and acquire and validate the software licenses and entitlements before transferring the software licenses and entitlements to the second IHS.

Abstract: Disclosed herein is a method of a communication device, wherein the communication device is configured to operate in connection with an access node associated with a wireless communication network. The method comprises receiving a first data packet comprising a write request for writing code and/or data to a non-volatile memory comprised in the communication device and determining whether a second data packet comprising an identifier associated with the first data packet is received. When it is determined that the second data packet comprising the identifier is received, the method comprises extracting the identifier from the second data packet, wherein the identifier is a radio access layer parameter, determining whether the identifier is trusted, determining whether the identifier is validated when it is determined that the identifier is trusted and accepting at least a subset of the write request when it is determined that the identifier is trusted and validated.

Abstract: When a hash expected value, which is an expected value of a hash value of activation software, is stored in a storing unit (111), a security calculation unit (110) compares the hash value of the activation software with the hash expected value. A main calculation unit (109) activates the activation software when the hash value and the hash expected value match, and stops a process when both do not match. The main calculation unit (109) performs signature verification for the activation software when the hash expected value is not stored in the storing unit (111), and stores in the storing unit (111) as the hash value expected value, the hash value of the activation software as well as activates the activation software when the signature verification is successful. The main calculation unit (109) stops a process when the signature verification is not successful.

Abstract: Various embodiments of systems and methods are provided to bind a system identifier that uniquely identifies an information handling system (IHS) to the system platform, so that the identity of the IHS can be cryptographically verified. More specifically, the present disclosure provides methods to bind a unique system identifier to an IHS platform, and methods to cryptographically verify the identity of the IHS using the unique system identifier and a plurality of keys generated and stored with a Trusted Platform Module (TPM) of the IHS. Systems are provided herein to perform such methods. As such, the systems and methods disclosed herein enable system identity to be irrefutably verified, thereby preventing theft and misuse of system identity.

Abstract: Disclosed are embodiments for authentication and authorization in a 5G network between an edge enabler client (EEC) of a UE and an edge configuration server (ECS). The embodiment include performing primary authentication with the 5G network to obtain a KAUSF; generating a Kedge and a Kedge ID using the KAUSF and a subscription permanent identifier (SUPI); providing the Kedge and the Kedge ID to the EEC to cause it to compute a MACEEC using the Kedge and an EEC ID; and sending to the ECS an application registration request, the application registration request including the EEC ID, MACEEC, and Kedge ID.

Abstract: In some embodiments, a data platform receives information associated with activities within a network environment, generates a logical graph based on the information, stores data representative of the logical graph in a database, receives, in response to a user interaction with an interface of the data platform, a request to filter the information, in response to the request generates a query using a graph-based schema, and performs the generated query against the database.

Abstract: Apparatuses and methods related to memory authentication. Memory devices can be authenticated utilizing authentication codes. An authentication code can be generated based on information stored in a fuse array of the memory device. The authentication code can be stored in the memory device. The stored authentication code can be compared to a captured authentication code based on fuse array information broadcast to memory components of the memory device. The authenticity of the memory device can be determined based on the comparison and can result in placing the memory device in an unlocked state.

Abstract: A method to prevent a malicious attack on CPU subsystem (CPUSS) hardware is described. The method includes auto-calibrating tunable delay elements of a dynamic variation monitor (DVM) using an auto-calibration value computed in response to each detected change of a clock frequency (Fclk)/supply voltage (Vdd) of the CPUSS hardware. The method also includes comparing the auto-calibration value with a threshold reference calibration value to determine whether the malicious attack is detected. The method further includes forcing a safe clock frequency (Fclk)/safe supply voltage (Vdd) to the CPUSS hardware when the malicious attack is detected.

Abstract: A system that enables hanging lawful interception (LI) resources to be cleaned up includes a triggering function set comprising a plurality of triggering functions. The system also includes a data store comprising a plurality of auditing records corresponding to the plurality of triggering functions in the triggering function set. Each auditing record comprises a claimant attribute. Each triggering function sends an update request to the data store in response to being notified about a failed triggering function within the triggering function set. Each update request comprises a request to change ownership of the auditing record corresponding to the failed triggering function. A triggering function is selected as a new owner of the auditing record corresponding to the failed triggering function based at least in part on a match between the claimant attribute in the auditing record and a claimant field in the update request sent by the triggering function.

Abstract: A computer-implemented method, comprising receiving, by a computer system, binary image data, the computer system configured to detect a pixel value in the binary image data to represent a non-machine language value related to the binary image data; determining, by the computer system, that the binary image data further comprises at least a pixel value that is altered in a manner to change the non-machine language value related to the binary image data when read by an image recognition system; and alerting, by the computer system, to the image recognition system to review the binary image data.

Abstract: Embodiments of the present disclosure relate to a method, an electronic device, and a computer program product for system feature management. The method for system feature management provided by the embodiments of the present disclosure includes loading a feature item set including multiple feature items, where the multiple feature items respectively correspond to multiple microservices, the feature items each include at least an availability indicator and a status indicator, the availability indicator indicates whether the feature item is available, and the status indicator indicates whether the feature item is enabled while the feature item is available; and disabling a first feature item in the feature item set in response to an availability indicator of the first feature item indicating that the first feature item is unavailable. In this way, software can be made to better adapt to more platforms.

Abstract: Systems and method are provided for a temporary network slice usage barring service within a core network. A network device in the core network receives a slice barring information message for an application function (AF). The slice barring information message includes a unique subscriber identifier associated with a user equipment (UE) device to be barred from a network slice and indicates a barring expiration time. The network device stores barring parameters based on the slice barring information message. The barring parameters include a slice identifier associated with the AF, the unique subscriber identifier, and the barring expiration time. The network device sends a barring instruction message to another network device associated with the network slice. The barring instruction message includes the unique subscriber identifier and the barring expiration time. The other network device enforces temporary barring of the UE device from the network slice based on the barring instruction message.

Abstract: Techniques are disclosed for secure collaboration messaging. An example methodology implementing the techniques includes, by a computing device of a first user, receiving a notification of arrival of a message addressed to the first user from a second user and determining that the message is a secure message. The method also includes, by the computing device of the first user, associating a security tag icon to the message, the security tag icon providing an indication that the message is a secure message, and causing a display of the associated security tag icon with a displayed indication of the arrival of the message.

Abstract: The present disclosure provides an identity recognition system for a terminal. The system includes: an obtaining device configured to obtain pre-stored biometric information corresponding to a user within a preset range of the terminal; a biometric library configured to maintain the obtained pre-stored biometric information; a collection device configured to collect first biometric information of the user; and a recognition device configured to recognize the first biometric information in the biometric library, and decide to enable or disable one or more functions or components of the terminal according to a recognition result. The present disclosure further provides an identity recognition method, a computer storage medium and a terminal.

Abstract: This disclosure relates generally to online learning against data poisoning attack. Conventional methods used data sanitization techniques for online learning against data poisoning attack. However, these methods do not remove poisoned data points from training dataset completely. Embodiments of the present disclosure method provide an influence based defense method for secure online learning against data poisoning attack. The method initially filters a subset of poisoned data points in the training dataset for training a machine learning model using data sanitization technique. Further the method computes an influence of the data points and performs an influence minimization based on a predefined threshold. Updated data points for the learning model are generated and used for training the machine learning model. The disclosed method can be used against data poisoning attacks in applications such as spam filtering, malware detection, recommender system and so on.

Abstract: A network node may select a reference AM/PM impairment signature. The network node may transmit, to a UE, a first indication of the reference AM/PM impairment signature via a security signal. The network node may transmit, to the UE, at least one reference signal via a downlink channel. The at least one reference signal may include added AM/PM impairment based on the reference AM/PM impairment signature. The UE may receive, from a transmitter, at least one reference signal via a downlink channel. The UE may estimate an AM/PM impairment signature in the at least one reference signal. The UE may identify whether the estimated AM/PM impairment signature matches a reference AM/PM impairment signature. Further, the UE may maintain or discard at least one slot associated with the downlink channel based on whether the estimated AM/PM impairment signature matches the reference AM/PM impairment signature.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable storage media for evaluating software posture as a condition of zero trust access. The present technology provides a client-side validation agent and a validation service which in tandem can capture and evaluate data representative of parameters associated with an application executing on a user device. The validation service can validate the application to a networked service, and in turn the networked service can permit communication to the application running on the user device.

Abstract: The present disclosure relates to apparatuses and methods for memory management. The disclosure further relates to an interface protocol for flash memory devices including at least a memory array and a memory controller coupled to the memory array. A host device is coupled to the memory device through a communication channel and a hardware and/or software full encryption-decryption scheme is adopted in the communication channel for data, addresses and commands exchanged between the host device and the memory array.

Abstract: A method of detecting bots, preferably in an operating environment supported by a content delivery network (CDN) that comprises a shared infrastructure of distributed edge servers from which CDN customer content is delivered to requesting end users (clients). The method begins as clients interact with the edge servers. As such interactions occur, transaction data is collected. The transaction data is mined against a set of “primitive” or “compound” features sets to generate a database of information. In particular, preferably the database comprises one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data. Thereafter, and upon receipt of a new transaction request, primitive or compound feature set data derived from the new transaction request are compared against the database. Based on the comparison, an end user client associated with the new transaction request is then characterized, e.g.