Abstract: A connection establishing system and method for a mesh network is provided, the mesh network includes a first transceiver and a second transceiver, the method includes performing a secure connection procedure including: transmitting, by the second transceiver, a secure connection request signal including a identifier to the first transceiver. The first transceiver encrypts the authentication message by using a public key corresponding to the identifier to generate a secure connection response signal and transmit the same to the second transceiver, the second transceiver decrypts the secure connection response signal by a private key to generate a decryption message and transmits an association request signal including the decryption message to the first transceiver.

Abstract: A chat system transfers chat data transmitted from a user terminal to a chat bot or another user terminal via a network. When the chat data transmitted from the user terminal is detected to include a content related to personal information, the chat system performs a predetermined filtering process on the chat data.

Abstract: A method for extracting, correlating, consolidating and presenting metadata from transmissions is provided. The method may include receiving a TCP/IP transmission. The transmission may include a header and a body. The method may include extracting an originating IP address from a location of the transmission. The location may be in the header or in the body. The IP address may be extracted in binary form. The method may include determining an accuracy and validity metric of the transmission using an artificial intelligence module. The method may include converting the extracted IP address from binary form into hexadecimal form. The method may include embedding the hexadecimal form of the IP address into one or more unused options of the header. The method may include processing the transmission. The processing may be completed upon determination that the transmission is a valid transmission.

Abstract: A method of sharing information on the basis of anchoring and an anchoring device supporting the same and more particularly are provided. One of the methods includes, acquiring anchoring information including first field information permitted for sharing from a target transaction record recorded in a first blockchain and recording the acquired anchoring information in a second blockchain.

Abstract: An apparatus for selecting a representative token of the present invention includes a token graph generation unit configured to extract a plurality of tokens from a plurality of detection names for malicious files and generate a detection name token graph representing a relationship between the extracted plurality of tokens, and a representative token selection unit configured to select a representative detection name token for the input file based on the detection name token graph.

Abstract: Techniques are disclosed for securing data-at-rest at an internet-of-things (IoT) site with an unreliable or intermittent connectivity to the key manager operating at a corporate data center. The IoT site deploys one or more IoT devices/endpoints that generate IoT data according to the requirements of the site. The IoT data generated by these devices is collected/aggregated by one or more gateway devices. The gateways encrypt their data-at-rest gathered from the IoT devices using cryptographic keys. In the absence of a reliable connection to a backend corporate key manager, the design employs LAN key managers deployed locally at the IoT site. The gateways obtain keys from the LAN key managers to encrypt the IoT data before storing it in their local storage. The LAN key managers may periodically download keys from the corporate key manager or generate their own keys and then later synchronize with the corporate key manager.

Abstract: A method, an apparatus, and a system for performing authentication on a terminal in a wireless local area network are provided. The method uses a feature code as a part of an authentication credential. The feature code is a function of capability parameters of a terminal. The feature code can identify the terminal, so that the authentication server determines the authentication result based on a MAC address and the feature code of the terminal.

Abstract: In some embodiments, upon detecting malicious activity associated with a user account, a content management system can identify other user accounts related to the malicious user account. The content management system can identify related user accounts by comparing authentication information collected for the malicious user account with authentication information collected for other user accounts. Authentication information can include IP address information, geographic information, device type, browser type, email addresses, and/or referral information, for example. The content management system can compare the content items associated with the malicious user account to content items associated with other user accounts to determine relatedness or maliciousness. After identifying related malicious user accounts, the content management system can block all related malicious user accounts.

Abstract: A synthetic identity network for detecting synthetic identities may receive a first request for credit including one or more user attributes, compare the one or more user attributes to one or more stored user identities, create a new user identity, flag the new user identity as a potentially synthetic identity based on comparing the one or more user attributes to the one or more stored user identities, receive a second request for credit including or more second user attributes, compare the one or more second user attributes to the one or more user attributes associated with the potentially synthetic identity, prepare a notice including the potentially synthetic identity and a credit request identifier, and transmit the notice to one or more servers.

Abstract: An apparatus has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to compute computer network activity reputation attributes for a digital identity. The digital identity has identity attributes different than identity attributes associated with a real individual utilizing the digital identity for computer network activity. The storage of the computer network activity reputation attributes for the digital identity is coordinated within a block chain system distributed across a block chain network of computers. Computer network activity reputation attributes for the digital identity are supplied in response to a request from a machine. The computer network activity reputation attributes are communicated over a network of computers to the machine.

Abstract: Disclosed is a device and method to secure PUF information for authorized entities. In one embodiment, a device for securing physically unclonable function (PUF) information includes: a PUF information generator, comprising a PUF cell array and a helper data generator, configured to generate the PUF information, wherein the PUF information comprises a PUF response and helper data; and a PUF information encrypter, comprising a memory unit and a first crypto-system, configured to store at least one public key and encrypt the PUF information from the PUF information generator using one of the at least one public key.

Abstract: A method, a system and a computer program product are provided for identity authentication. A personal identity information indicative of an identity is received. A plurality of questions, is presented, each of the questions being related to an aspect of features of the password associated with the personal identity information. The A responsive answer is received to the questions including individual answers to the questions. The identity is authenticated in response to determining that the responsive answer is correct.

Abstract: A computer storage array detects and counters denial of service (DoS) attacks. The computer storage array provides one or more remote initiators with access to one or more storage devices connected to the computer storage array. According to an example embodiment, the computer storage array includes: a computer processor configured to run an operating system for managing networking protocols; a networking device configured to monitor and route network traffic, at a packet level to, and from the storage devices; a baseboard management controller (BMC) configured to detect a DoS attack based on monitoring of statistics of the network traffic by the networking device; a PCIe switch connecting the BMC with each of the storage devices via a PCIe bus; and a computer motherboard to which the computer processor, networking device, BMC and PCIe switch are installed.

Abstract: A computer-implemented method for discovering network attack paths is provided. The method includes a computer generating scoring system results based on analysis of vulnerabilities of nodes in a network configuration. The method also includes the computer applying Bayesian probability to the scoring system results and selected qualitative risk attributes wherein output accounts for dependencies between vulnerabilities of the nodes. The method also includes the computer applying a weighted-average algorithm to the output yielding at least one ranking of nodes in order of likelihood of targeting by an external attacker.

Abstract: The decentralized and distributed architecture of blockchain makes it challenging to store secret data. A Secure Document Access Control System (SEDACS) can store secret data using distributed components without compromising on the distributed security features of the blockchain. SEDACS can include a Secret Store, a blockchain, and a decentralized file system. The blockchain can store rules and permissions for documents that contain the secret data. The Secret Store can generate secret keys that can be used to access the documents. The decentralized file system can store the documents that are encrypted using the secret keys. A user can retrieve the encrypted document provided that the user has the permission to do so. The user can decrypt the encrypted document by decrypting the secret key and using the decrypted secret key to decrypt the document.

Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.

Abstract: A computing device implements a key management system (KMS), and includes an interface, memory, and processing circuitry that executes operational instructions to maintain structured key parameters and a generating procedure associated with associated with a structured key. The generating procedure produces the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters. The computing device receives a blinded value associated with the structured key from a requesting computing device, processes the blinded value using an OPRF secret to generate a blinded OPRF output, and returns the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting computing device, which uses that information to generate the requested structured key.

Abstract: Methods, apparatuses, and computer readable media for location measurement reporting in a wireless network are disclosed. An apparatus of a responder station (RSTA) is disclosed, the apparatus including processing circuitry configured to decode a null data packet (NDP) announce (NDPA) frame from an initiator station (ISTA), the NDPA frame including an indication of a temporary key and an identification of the RSTA. The processing circuitry further configured to decode a NDP from the ISTA, the NDP including long training fields (LTFs), the NDP received on a channel. The processing circuitry further configured to determine whether the NDP from the ISTA is consistent with the NDP being generated using a temporary key shared between the ISTA and RSTA based on a comparison of the channel estimates. The processing circuitry may be further configured to determine for authentication whether the indication of the temporary key was generated based on the temporary key.

Abstract: Content visibility on a computing device is controlled based at least in part on the proximity of a wearable device to the computing device. When the wearable device is in close proximity to the computing device and the computing device is unlocked, the computing device operates in a full content visibility mode. In the full content visibility mode all user-selectable content on the computing device is displayed. When the wearable device is not in close proximity to the computing device and the computing device is unlocked, the computing device operates in a reduced content visibility mode. In the reduced content visibility mode content visibility on the computing device screen is reduced, such as by limiting which applications (e.g., application icons or widgets) are displayed.

Abstract: In some embodiments, a behavioral computer security system protects clients and networks against threats such as malicious software and intrusion. A set of client profiles is constructed according to a training corpus of events occurring on clients, wherein each client profile represents a subset of protected machines, and each client profile is indicative of a normal or baseline pattern of using the machines assigned to the client respective profile. A client profile may group together machines having a similar event statistic. Following training, events detected on a client are selectively analyzed against a client profile associated with the respective client, to detect anomalous behavior. In some embodiments, individual events are analyzed in the context of other events, using a multi-dimensional event embedding space.