Abstract: Systems and methods for network security testing of target computer networks using AI neural networks. A command and control server controls a number of geographically separated processors running a number of neural networks. A central data hive is accessible to all the processors. The processors are organizable into logical hemisphere groupings for specific tasks and/or projects. For security testing, hemisphere groupings are created for the project. Based on data for the target system on the data hive, attacks are formulated by a hemisphere grouping and these potential attacks are tested against known characteristics of the target network. Validated potential attacks and, in some cases, random attacks, are executed and data generated by the executed attacks are stored in the data hive for use in formulating and executing other further attacks. Potential attacks may involve mining social media networks for data on users of the target system.

Abstract: Embodiments of system and methods for providing centralized management of a software defined automation (“SDA”) system are disclosed. The SDA system comprises of a collection of controller nodes and logically centralized and yet physically distributed collection of compute nodes by monitoring activities of the compute nodes. In accordance with some embodiments, one or more components of the system monitor execution, network and security environments of the system to detect an event in a first environment. In response to the detected event, at least one component in the first environment is remediated, the remediation of the first environment creating a trigger to cause remediation of at least one component in each of a second and third environments.

Abstract: Provided are a program and personal information protection method which are executed by a system which is operated by a medical practitioner, said program and method comprising: a display process of causing a monitor part 2 to display an examination result screen 3 including personal information which identifies a subject; an identification process of identifying the personal information in the examination result screen 3 which is displayed in the display process; and an invalidation process of invalidating the personal information identified in the identification process in a captured image which includes the examination result screen 3. Instances of personal information being displayed in error to outside users are thus reduced in comparison to the prior art, and sharing of examination result information is implemented smoothly.

Abstract: In an anomaly detection method that determines whether each frame in observation data constituted by a collection of frames sent and received over a communication network system is anomalous, a difference between a data distribution of a feature amount extracted from the frame in the observation data and a data distribution for a collection of frames sent and received over the communication network system, obtained at a different timing from the observation data, is calculated. A frame having a feature amount for which the difference is predetermined value or higher is determined to be an anomalous frame. An anomaly contribution level of feature amounts extracted from the frame determined to be an anomalous frame is calculated, and an anomalous payload part, which is at least one part of the payload corresponding to the feature amount for which the anomaly contribution level is at least the predetermined value, is output.

Abstract: A method for evaluating the risk of data leakage in an application includes the steps of: extracting a DEX (Dalvik Executable) file and a so (Shared Object) file by decompressing an APK file of a mobile application; extracting DEX code information from the DEX file by parsing the DEX file; translating a content of the so file into IR (Intermediate Representation); extracting IR code information from the translated IR; generating a call-reference structure between the DEX file and the so file by processing the extracted DEX code information and the extracted IR code information; and outputting weakness information according to a risk designated in advance based on the generated call-reference structure. Accordingly, it is possible to extend the call-reference coverage of an android application.

Abstract: The present disclosure relates to a 5th (5G) generation) or pre-5G communication system for supporting a higher data transmission rate beyond a 4th (4G) generation communication system such as long term evolution (LTE). According to various embodiments of the present disclosure, an apparatus of a user data management (UDM) for a first cellular network in a wireless communication system may include at least one transceiver, and at least one processor operatively coupled with the at least one transceiver, the at least one processor may be configured to receive a request message for security of a second cellular network from an access and mobility management function (AMF) for the first cellular network, and transmit to the AMF a response message for transmitting a security key for an eNB of the second cellular network to the eNB, and the security key may be obtained from the base security key of the second cellular network.

Abstract: User equipment performing communication with a core network node by using network slices obtained by logically dividing a network includes: means for sending information related to security of one network slice; and means for sending identity information of the one network slice in a secure method, based on a request to send information in the secure method sent from the core network node based on the sent information.

Abstract: A communication apparatus accepts an input of a passphrase by a user operation, sets an authentication scheme based on a passphrase length of the passphrase, and performs wireless connection with a partner apparatus using the set authentication scheme, wherein (i) in a case where the passphrase length is within a predetermined range, an authentication scheme of any of WPA (Wi-Fi Protected Access), WPA2, and WPA3, or a combination of at least two of WPA, WPA2, or WPA3, is set, and (ii) otherwise, an authentication scheme of WPA3 is set.

Abstract: A method and device (1) for transferring electronic information between a lesser trusted network (7) and a trusted network (8) is disclosed. The method comprises the steps of: receiving original electronic information from a lesser trusted network (7) in a first electrical zone (2); permitting the original electronic information to be transferred between the first electrical zone (2) and the second electrical zone (4) in one direction only; verifying the original electronic information for at least one predetermined characteristic within the second electrical zone (4) so as to provide a verifier output status and verified electronic information; forwarding the verified electronic information to a third electrical zone (3).

Abstract: Apparatus and associated methods relate to providing secure gatekeeping of communication from a remote internet-based website having an Internet-Protocol (IP) address to an implantable biomedical device. A gatekeeping device receives the communication transmitted by the remote internet-based website. The communication received is encoded using a first encoding algorithm. The gatekeeping device decodes the communication received. The gatekeeping device then encodes the communication decoded using a second encoding algorithm. The gatekeeping device wirelessly relays the communication encoded using the second encoding algorithm to the implantable biomedical device.

Abstract: A network verification system obtains configuration data of a plurality of network devices, where a data model of the configuration data is described by using a general data modeling language independent of the network devices; and the network verification system verifies data links between the plurality of network devices based on the configuration data of the plurality of network devices and a topology structure between the plurality of network devices. The network verification system verifies the data links between the plurality of network devices based on the topology structure between the plurality of network devices and the configuration data described by using the general data modeling language independent of the network devices. This helps improve scalability of the network verification system and avoids relatively poor scalability of network simulation software that occurs when conventional network simulation software provides a template for configuration data of each type of network device.

Abstract: A portable terminal device sets a security level for each application in accordance with position, and stores the level in a memory. The security level determines whether each application is displayed or made executable on a display portion in locked state and unlocked state. A controller refers to the security level and determines the application displayed on the display portion in accordance with position information acquired by a position information acquisition unit (GPS reception unit), and makes executable the application selected by the user. Thus, the portable terminal device offers user-friendliness while ensuring security strength.

Abstract: A computerized method for implementing distributed application security mesh systems comprising: providing a service graph; and providing an underlying mesh graph with a pre-defined paths.

Abstract: An illustrative user device of a user establishes a secured connection between the user device and a server of an organization. Via the secured connection, the user device receives schedule information of a virtual meeting associated with the user. The user device authenticates a proximity-based connection between the user device and a room conference system. In response to the authenticating of the proximity-based connection, the user device transmits the schedule information of the virtual meeting to the room conference system. The room conference system is configured to use the schedule information to connect to a conference server to launch the virtual meeting on the room conference system. Corresponding methods and systems are also disclosed.

Abstract: Disclosed is a description-entropy-based intelligent detection method for a big data mobile software similarity. The method comprises the following steps: acquiring a path of mobile software, and reading a file of the mobile software according to the path; performing preliminary reverse engineering decompilation on the file of the mobile software to obtain function characteristics of each piece of mobile software; counting distribution of description entropy of each piece of mobile software by means of description entropy in the function characteristics; further integrating description entropy of each piece of mobile software, after integration, comparing description entropy distribution conditions among the mobile software, and carrying out similarity score calculation to obtain similarity scores among the mobile software; and outputting the similarity scores of all mobile software to obtain a mobile software similarity result.

Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.

Abstract: A facility controlling a communication device to create a disconnected ad hoc network and then to rejoin an internetwork is described. The communication device makes a direct or indirect wireless connection with a participant in a network in which the communication device was formerly a participant. In response to making the connection, the communication device: (1) communicates with a registration authority of the network to synchronize a provisional registration authority state established by the first communication device during a period after the communication device was formally a participant in the network and before the connection was made; and (2) communicates with a security authority of the network to synchronize a security authority state established by the communication device during the period.

Abstract: A routing device and an unauthorized communication coping device are provided. The routing device is a device that performs routing of a packet in conformance with a wireless communication protocol in a wireless communication section which is a communication section that connects a base station and a core network device, and the routing device performs network tapping on a packet as a routing target and transmits the network-tapped packet to the unauthorized communication detection device (the device that performs unauthorized communication determination which is determination of whether or not communication is unauthorized communication based on a packet).

Abstract: This disclosure relates to improved systems and methods for providing and using wearable electronic accessories. A wearable electronic necklace accessory can include a support structure that permits the wearable electronic accessory to be worn in a user's neck region. The wearable electronic necklace accessory can include an electronic pendant coupled to the support structure, the electronic pendant can comprise a housing that includes a first wall, a second wall, and one or more side walls configured to couple the first wall to the second wall. The wearable electronic necklace accessory can include a display device and an audio device positioned within the pendant housing and configured to output electronic media and audio content. Other embodiments are disclosed.

Abstract: A method for performing service authorization for private networks based on an enhanced PLMN identifier. The method includes receiving an attach request from a user equipment device (UE) via a private network, where the attach request includes an international mobile subscriber identity value (IMSI). The method further includes determining, based on the IMSI, an organization identifier and a token associated with the private network, where the token is included in an enhanced PLMN for granting the UE access to resources in the private network. The method further includes sending the token to the UE and a network proxy within the private network.