Abstract: Example security systems for use between at least one upstream router and at least one downstream router, are described. A group or pool of security devices can be used to provide stateful security to bidirectional packet flows between upstream and downstream routers. The packets of the bidirectional flows are forwarded to particular security devices based on a consistent hash ring process. For a given flow, bidirectional state information is synchronized among some, but not all, of the security devices. The security devices among which such bidirectional flow state information is shared are determined using the same consistent hash ring process.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for generating behavioral attribute data structures.

Abstract: A distributed secure communication system includes a first System Control Processor (SCP) subsystem coupled to second and third SCP subsystems via a network. The first SCP subsystem identifies the second SCP subsystem, signs a first SCP authentication communication with a first private key to provide a first signed SCP authentication communication that it transmits to the second SCP subsystem. The first SCP subsystem receives a second signed SCP authentication communication from the second SCP subsystem, authenticates the second signed SCP authentication communication using a second public key associated with the second SCP subsystem and, in response, establishes a first secure communication channel with the second SCP subsystem.

Abstract: A computer-implemented process of altering original data in a dataset, in which original data is anonymised and a digital watermark is included in the anonymised data. Anonymising the original data incurs information loss, and the process of including the digital watermark does not add significant further information loss. The original data can be a tabular file, a relational or a non-relational database, or the results of interactive database queries. Anonymising the data is achieved using one or more techniques that perturb the original data, such as tokenisation, generalisation; data blurring, synthetic record insertion, record removal or re-ordering.

Abstract: A public key of a sensor node key pair is transmitted from a sensor node 22 to a server 20 via sensor network communication, and furthermore is transmitted from the server 20 to a mobile terminal 25 via mobile line communication. In addition, a public key of a mobile terminal key pair is transmitted from the mobile terminal 25 to the sensor node 22 through local communication. Thus, the configuration allows the sensor node 22 and the mobile terminal 25 to generate a common key by combining their own private key and the public key of the counterpart in order to encrypt the local communication by using this common key.

Abstract: Methods and apparatuses providing file type inspection in firewalls by moving the flow between deep inspection file and lightweight accelerated paths. The method includes obtaining, by a network security device, a packet flow of a file transfer session in which at least two files are transferred and determining, by the network security device, at least an offset parameter based on at least one attribute of at least a first packet in the packet flow. The offset parameter is for a first file being transferred of the at least two files and relates to an expected positon of a control data sequence within the packet flow. In this method, based on the offset parameter, directing, by the network security device, to an accelerated packet inspection path instead of to a deep packet inspection path, a portion of the packet flow including one or more packets that follow the first packet.

Abstract: Communication buses enable devices to communicate and exchange information and control signals. There is a growing concern over the security of such types of buses. Since any device can transmit any message, and device on the bus which can be compromised poses a threat for the bus. Described is a system to authenticate the source of messages from various devices on a communication bus.

Abstract: A method to transfer a video stream from a host device comprising a controller configured for bulk transfers to a descrambling device, comprises: forming a chain out transfer comprising a chain out header linked with multiple chain out descriptors, the first chain out descriptor pointing to an out description packet containing at least one producer ID, the second and subsequent chain out descriptor pointing to chunks from the video stream, the last chain out descriptor being configured to generate an interrupt; forming a chain in transfer comprising a chain in header linked with a plurality of chain in descriptors, each chain in descriptor pointing to a descrambled chunk; requesting the controller to process the chain; receiving the description packet by the descrambling device and using key data associated with the chunks to descramble them; receiving by the controller the descrambled chunks and triggering an interrupt on the last chunk.

Abstract: It is often necessary to securely transfer data, such as authenticators or authorization tokens, between programs running on the same end-user device. The teachings hereof enable the pairing of two programs executing on a given end-user device and then the transfer of data from one program to the other. In an embodiment, a first program connects to a server and sends encrypted data elements. A second program intercepts the connection and/or the encrypted data elements. The second program tunnels the encrypted data elements (which remain opaque to the second program at this point) to a server, using an encapsulating protocol. This enables the server to receive the data elements sent by the first program, decrypt them, and provide them to the second program via return message using control fields of the encapsulating protocol. Once set up, the tunneling arrangement enables bidirectional data transfer.

Abstract: An automobile device receives first data from one or more transmitters located in an automobile. A random access preamble is transmitted on an uplink carrier to a base station in response to a pre-defined condition being met based on at least one of the following: the first data; a value of an internal timer; and a user input. A first message is transmitted to a network server via the base station over a bearer. The first message is configured to trigger establishment of a connection to the network server. A second message is received from the network server via the base station over the bearer. The second message is configured to cause transmission of the first data to the network server. The first data is transmitted to the base station via an established bearer.

Abstract: The disclosed computer-implemented method for authenticating application points of entry to prevent unauthorized use of locked mobile applications may include (i) identifying one or more mobile applications having an access restriction and a group of application entry points associated with at least one mobile application function, (ii) intercepting a series of device inputs from a user for accessing the application entry points to bypass the access restriction for the mobile applications, (iii) requesting authentication credentials to bypass the access restriction from the application entry points, (iv) determining that the requested authentication credentials are invalid, and (v) performing a security action that protects against potentially malicious activity associated with unauthorized access to the mobile applications upon determining that the requested authentication credentials are invalid. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A communication method, a communication device, and a readable storage medium, wherein the communication method includes: establishing a communication connection with a data source device; establishing a second wired connection with at least one other device; and exchanging identification information with the at least one other device through the second wired connection, thereby the at least one other device receiving communication data sent from the data source device according to the received identification information. With the above method, multi-device communication is performed quickly and reliably.

Abstract: Embodiments of this application provide an authentication method, device, and system, to resolve problems of wastage of performance and memory resources that may be caused by remaining n?1 unused authentication vectors (AVs).

Abstract: An application white box device utilized in conjunction with an intelligent terminal is provided. The application white box device includes a controller, a memory, and a SIM unit. The controller provides support for management of the memory and call of the SIM unit. The memory provides a physical medium for storing data and an application of the intelligent terminal. The SIM unit provides support for encryption and security authentication of the data and the application access of the intelligent terminal.

Abstract: According to one or more embodiments, a system can comprise a processor and a memory that can store executable instructions that, when executed by the processor, facilitate performance of operations. The operations can include establishing a wireless connection to a wireless network. The operations can further include receiving, via the wireless connection, data from a gateway device, that has been communicated via a network device of a publicly accessible network, wherein the data has been compared, by the gateway device, to a template of anomalous activity.

Abstract: A system white box device utilized in conjunction with an intelligent terminal is provided. The system white box device includes a controller, a memory, and an SIM unit. The controller provides support for management of the memory and call of the SIM unit. The memory provides a physical medium for storing data and an application of the intelligent terminal. The SIM unit provides security support for operation of the application and the system of the intelligent terminal.

Abstract: A secret key value that is inaccessible to software is scrambled according to registers consisting of one-time programmable (OTP) bits. A first OTP register is used to change the scrambling of the secret key value whenever a lifecycle event occurs. A second OTP register is used to undo the change in the scrambling of the secret key. A third OTP register is used to affect a permanent change to the scrambling of the secret key. The scrambled values of the secret key (whether changed or unchanged) are used as seeds to produce keys for cryptographic operations by a device.

Abstract: A media distribution system provides controlled distribution of media owned by various parties hosted on a local media access device. A media image communication system provides a secure method of communications between the media host and the client receiving and viewing the media. The media image communication system converts a typical text message into an image file format to prevent unauthorized access to the message, and to prevent any changes and/or manipulation of the message content.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting by a wireless device, during a first phase, a first probe signal associated with a user and receiving a reflected version of the first probe signal, transmitting by the wireless device, during the first phase, the reflected version of the first probe signal to a ground truth classifier, transmitting by the wireless device, during a second phase, a second probe signal associated with the user and receiving a reflected version of the second probe signal and transmitting by the wireless device, during the second phase, the reflected version of the second probe signal to a trusted apparatus.

Abstract: Disclosed are techniques for determining data relationships between privacy-restricted datapoints, sourced over a computer network, which require data privacy measures concealing at least some datapoints from other clients in the network that the datapoint respectively do not originate from. A first client encrypts a first datapoint with a public key of a public/private encryption scheme and communicates it to the second client along with the public key. The second client encrypts a corresponding second datapoint with the public key, then determines a relationship between the two encrypted datapoints, and communicates the determined relationship to a central client along with the public key. Random noise is encrypted by the central client and added to the determined relationship, then sent together to the first client, followed by decryption by the first client using the private key. The central client extracts the random noise after receiving the decrypted determined relationship.