Abstract: An avatar management system includes an avatar registration unit configured to register an available avatar by having a storage unit to store the avatar available in a network service provided to an end user on a network, an authentication information assignment unit configured to assign authentication information to a registration target avatar registered in the avatar registration unit, and an authenticity confirmation unit configured to confirm authenticity of a designated avatar based on an assignment condition of the authentication information to the designated avatar, in accordance with an authenticity confirmation inquiry made by designating the avatar used in the network service.

Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.

Abstract: System, apparatus, device, method and/or computer program product are disclosed for detecting the authenticity of an image file transferred from a device to a server based on an image authenticity detection configuration determined by a server application. A device application is operated by a device, and a server application is operated by a server. The device application sends, to the server application, user data, device data, or environment data. The server application determines an image authenticity detection configuration to indicate one or more parameters to be used by the device to generate a first image file, and authorized changes to be made to the first image file to generate a second image file. The device application sends the second image file to the server application. The server application detects whether the received second image file contains changes matching authorized changes indicated by the image authenticity detection configuration.

Abstract: An approach is provided in which the approach receives a request to upload a file at a server system that includes metadata encoded with a non-invertible key. The metadata includes contact information corresponding to an owner of the file. The approach establishes both a photon channel and a classical channel between the server system and a client system, which are both secured using one or more shared secret keys. The approach interfaces with the client system over the photon channel and the classical channel to decode the contact information at the server system, and sends an upload request from the server system to the owner of the file using the contact information. The approach authorizes the upload request at the server system in response to receiving an upload approval from the owner.

Abstract: Described embodiments provide systems and methods for remapping connections to tunnels selected based on a security level of the communications. A first network device may be in communication with a second network device via a plurality of communication tunnels. The plurality of communication tunnels may include an encrypted communication tunnel and an unencrypted communication tunnel. The first network device may receive a packet, the packet including header information and a payload. The first network device may determine whether the received packet is encrypted to meet a threshold level of security. The first network device may, responsive to determining that the packet is to meet the threshold level of security, communicate an identifier of the payload and the header information to the second network device via the encrypted communication tunnel, and communicate the payload to the second network device via the unencrypted communication tunnel.

Abstract: Techniques are described for an anomaly detection service for metric data collected by a data monitoring service of a service provider network. The anomaly detection service provides various graphical user interfaces (GUIs), public application programming interfaces (APIs), and other interfaces that enable users to specify metric data of interest to the user and for which the user desires the service to detect occurrences of anomalies. The selected metric data generally can correspond to any type of time series data collected by the data monitoring service and to which a user has access. Example types of metric data that can be monitored by an anomaly detection service include, but are not limited to, operational data generated by various components of a computer system, business data generated by various types of applications, and the like.

Abstract: Techniques are described for providing a computer-implemented hybrid asset management platform and related system components used to manage transactions involving “hybrid” assets comprising both digital and physical components. The hybrid asset management platform provides continual synchronization between digital asset certificates of legal ownership (e.g., data structures managed off-chain in one or more private data stores) with corresponding asset non-fungible tokens (NFTs) that are tradeable on a blockchain or other type of decentralized ledger. Among other benefits, the described hybrid asset management platform provides for efficient and secure transactions involving possibly several different types of users, thereby improving the ability for metaverses, gaming platforms, virtual and real-world marketplaces, and other entities to facilitate transactions involving hybrid assets.

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of an operating system when executed by the processor, and performs a cryptographic operation when the processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory area stores the operating system. The processor retrieves the boot program code from the first memory area and executes the boot program code to start the execution of the operating system. The processor re-executes the boot program code to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A cloud-based system for making user data available on any platform device in a platform is provided. The cloud-based system comprises a cloud storage, and at least one user profile comprising the user data. In this context, the user data comprises data with respect to at least one measurement device and/or measurement site. Additionally, the at least one user profile is saved on the cloud storage.

Abstract: A method of processing browser sessions in a telecommunications network is provided. The method includes receiving, from a subscriber client device in a plurality of subscriber devices each having an associated subscriber and a browser session request. The method includes, at the entity in the service provider network: transmitting the browser session request to a server entity located inside or outside the service provider network, receiving, from the server entity, a browser session response in relation to the transmitted browser session request, transmitting the browser session response to the subscriber client device, performing a lookup in the subscriber profile database for the subscriber client device in the plurality or the associated subscriber, and modifying, prior to the respective transmittal, at least one of the browser session request and the browser session response according to the results of the lookup. An apparatus and computer software are also provided.

Abstract: Systems and methods for implementing a voucher to identify ownership rights of a computing component, within robust supply chain and owner domains, are disclosed. In an example, a computing device configuration includes a hardware component, trusted hardware circuitry to provide an embedded voucher for the hardware component, and storage memory to provide a voucher for validation of the hardware component. The embedded voucher includes an identifier for the hardware component and the identifier is generated on behalf of an original entity authorized to issue the identifier. The voucher includes a second identifier provided on behalf of a subsequent entity and the second identifier is generated based on the identifier for the hardware component included in the embedded voucher. The voucher may be used to the identify ownership rights in the hardware component for the original entity and the subsequent entity, to enable subsequent actions (such as onboarding, updates, etc.

Abstract: Apparatuses, methods, systems, and program products are disclosed for secure file distribution. An apparatus includes a processor and a memory that stores code executable by the processor. The code is executable by the processor to divide a file that is intended for a recipient into a plurality of portions. The code is executable by the processor to associate each of the plurality of portions with a different one of the recipient's electronic devices. The code is executable by the processor to assemble the plurality of portions of the file for the recipient in response to authenticating the recipient on each of the recipient's electronic devices that is associated with a portion of the plurality of portions of the file.

Abstract: Provided is a system and method which perform an antivirus scan of incoming files via a file management application of a file system. Infected files can be prevented from being stored to the file system. In one example, the method may include receiving, via a first application contained in a first data container, a data file that is uploaded for storage to a file system, storing the data file in a temporary storage, transmitting a location of the data file in the temporary storage to a second application contained in a second data container, and receiving, via the first application contained in the first data container, a response from the second application contained in the second container, indicating results of a security scan performed on the data file.

Abstract: A customer of a computing resource provider configures a virtual computer system in a virtual private network with a web service application. The web service application comprises a web service interface that executes instructions provided by the customer to cause one or more hardware security modules (HSMs) to perform cryptographic operations on data on behalf of the customer without the need to generate programmatic code.

Abstract: An unauthorized connection detection apparatus includes: a connected device count determination unit that determines the number of devices connected to a bus line on the basis of a measured waveform that is a voltage fluctuation waveform representing a change over time in a voltage value of the bus line or an impedance fluctuation waveform representing a change over time in an impedance value of the bus line; and an unauthorized connection determination unit that determines whether or not an unauthorized device is connected to the bus line on the basis of: a result of the determination of the number of devices by the connected device count determination unit; and information indicating the number of valid devices connected to the bus line.

Abstract: Embodiments of the disclosure provide systems and methods for providing random access to segmented and encrypted or compressed data stored in a repository. Retrieving at least a portion of a file stored in a repository can comprise storing a plurality of files in the repository. A request to retrieve at least a portion of one of the plurality of files can be received and object metadata for the requested one of the plurality of files can be obtained. A determination can be made based on the obtained metadata as to whether the requested one of the plurality of files is a multipart file. In response to determining the requested one of the plurality of files is not a multipart file, a single file retrieval process performing and in response to determining the requested one or the plurality of files is a multipart file, a multipart retrieval process can be performed.

Abstract: In some implementations, a system can be used to selectively transmit bandwidth-intensive data over a cellular network based on dynamically determining resource availability over the cellular network. Monitoring system data to be transmitted to a remote server can initially be obtained by a component of a monitoring system. One or more network performance tests may be performed on a carrier network associated with the monitoring system. One or more network performance parameters can be computed based on results of the one or more network performance tests. The one or more network performance parameters can then be evaluated in relation to transmission requirements associated with the monitoring system data. A particular transmission strategy to use in transmitting the monitoring system data to the remote server can then be selected from among multiple transmission strategies. The monitoring system data is then transmitted to the server in accordance with the particular transmission strategy.

Abstract: A system and method for determining human keystrokes in a secure shell (SSH) session from SSH session data traffic provides insight and evidence of an intrusion into a computer network. In one embodiment, the presence of human keystroke(s) in an SSH session may be inferred using a sensor appliance. In one embodiment, the SSH data traffic is encoded in a vector, one or more communication patterns are identified in the vector and the presence of human keystrokes may be inferred from the one or more communication patterns.

Abstract: A credential authorization device having a first fingerprint sensor, configured to detect first sensor data representing one or more elements of a finger from a first person in contact with the first fingerprint sensor; a second fingerprint sensor, configured to detect second sensor data representing one or more elements of a finger from a second person in contact with the second fingerprint sensor; and one or more processors, configured to determine an authorization for a transaction based on an authentication of the first sensor data and the second sensor data.

Abstract: A system can include a certificate application programming interface (API) device that is operable to receive, via an application programming interface (API), an enrollment request for the at least one computerized device. The certificate API device can also generate, via the API, an enrollment package and an end entity certificate package for the at least one computerized device by obtaining the enrollment package and the end entity certificate package from a certificate management service (CMS). The certificate API device can also transmit, via the API, the enrollment package and the end entity certificate package to the at least one computerized device. The system can also include the CMS that is operable to provide the enrollment package and the end entity certificate package to the certificate API device.