Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.

Abstract: A method includes, by a first node in a distributed network: generating a hash tree representing a structured data object including a data unit, the hash tree including a root hash and a data unit hash representing the data unit; accessing a non-interactive proof of inclusion representing membership of the data unit hash within the hash tree; generating a transaction configured to generate a blockchain object including the root hash; and transmitting the transaction and the non-interactive proof of inclusion to a second data node in the distributed network.

Abstract: A vulnerability processing method, apparatus and device, and a computer-readable storage medium. The method includes: a trust evaluation of preset evaluation items on a detected vulnerability is performed, and a trust level corresponding to the vulnerability is obtained, and the vulnerability is processed according to the trust level and a preset vulnerability trust list. In the present disclosure, through performing the trust evaluation of preset evaluation items on a detected vulnerability and obtaining the trust level corresponding to the vulnerability and setting the preset vulnerability trust list, vulnerabilities that do not need to be repaired in detected vulnerabilities can be preliminarily screened, and in combination with an impact of the vulnerabilities on an actual service of a user, the user is assisted in quickly identifying a key vulnerability that needs to be repaired, thereby improving usability and efficiency, and reducing costs of manual analysis of vulnerabilities.

Abstract: Aspects of the disclosure relate to using machine learning to modify account privacy settings. A computing platform may identify initial account settings for an individual of a plurality of individuals. Using a settings optimization model, the computing platform may identify account data and third party data for the individual. Using the settings optimization model, the computing platform may identify discrepancies between the initial account settings for the first individual and account settings for a subset of the plurality of individuals having common characteristics with the individual. Based on the discrepancies, the computing platform may identify settings modifications for the individual, and may determine that a modification of the settings modifications applies to a detected interaction of the individual. The computing platform may direct an enterprise data source to perform the modification, which may cause the enterprise data source to modify the initial account settings based on the modification.

Abstract: Data security using randomized features, provides improved protection of user data, within a cloud infrastructure. Files received are broken apart into data blocks then randomly written into storage locations that are recorded in sequence into a key comprising an array of pointers. Data blocks may be randomly sized between maximum and minimum parameters. Storage locations may first be tested to prevent unwanted overwrites of preexisting data, undersized locations may receive a partial write, plus a pointer to an overflow location into which the remainder of data is written. Randomized data storage is separate and isolated from pointers based key storage via separate communication channels, and separate storage infrastructures. Download speeds may be boosted via parallel processing of data blocks out of storage and into reassembly according to the pointers key sequence. Re-assembled files may be worked upon then saved back into the cloud infrastructure.

Abstract: Various embodiments described herein generally relate to a method and system for secure distribution of symmetric encryption keys using quantum key distribution (QKD). In at least one embodiment, there is provided a method for secure communication, comprising: establishing one or more secure keys at a first and second ground station using a quantum key distribution (QKD) protocol; transmitting from the first station to the second station a plurality of encryption keys, wherein the transmitting comprises: encrypting, at the first station, the plurality of encryption keys using at least one of the one or more of secure keys to generate an encrypted batch of keys; transmitting the encrypted batch of keys to the second station; and decrypting, at the second station, the encrypted batch of keys using the at least one secure key to access the plurality of encryption keys.

Abstract: According to one configuration, a wireless access service provider selects and assigns a particular authentication option amongst multiple different authentication options to an entity such as a wireless access point or a sub-network supported by the wireless access point. When a communication device attempts to use the corresponding wireless access point provided by the wireless access service provider, a wireless access gateway receives information from the wireless access point indicating the particular authentication option assigned to authenticate the communication device. The wireless access gateway communicates the notification of the particular authentication option to an authentication manager, which provides the wireless access gateway with network address information indicating a captive portal in which to authenticate the communication device.

Abstract: An information processing apparatus includes circuitry to read identification information of an application and a program of the application from a recording medium; generate license information using unique information assigned to the information processing apparatus, the identification information, and the program; and store the generated license information in the recording medium. The license information is for using the application on the information processing apparatus.

Abstract: A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

Abstract: The present techniques may provide improved processing and functionality of performance of the 128-bit AES Algorithm, which may provide improved power consumption. For example, in an embodiment, an encryption and decryption apparatus may comprise memory storing a current state matrix of an encryption or decryption process and a plurality of multiplexers configured to receive from the memory current elements of the state matrix stored in the memory, perform a cyclic shift on the received elements of the state matrix, and transmit the shifted elements to the memory for storage as a new state matrix.

Abstract: A device is equipped with a public/private key pair. The private key is stored in a secure location on the device and the public key is utilized to track ownership of the device by a manufacturer, vendor, and/or one or more provisioning services. When a user purchases the device, a transaction involving the public key associated with the device and the user is recorded. The one or more provisioning services, which are provided access to user information, prepare a configuration payload for the device specific to the user and the device. The configuration payload is encrypted using the device's public key. When the device is powered on, the configuration payload is sent to the device. The device decrypts the configuration payload using the device's private key and adjusts one or more configuration parameters based on the configuration payload.

Abstract: A method and apparatus for using cryptographically signed secure identifiers to detect fraud during network based transactions are described. The method may include receiving a transaction from a user device, the transaction comprising a secure identifier purported to be associated with the user device, and the transaction further comprising transaction data. The method may also include extracting a first identifier and a second identifier from the secure identifier purported to be associated with the user device, and then regenerating a true second identifier using the first identifier. Furthermore, when it is determined that the true second identifier matches the second identifier extracted from the secure identifier purported to be associated with the user device, the method may include determining that the secure identifier is valid, and processing the transaction based at least in part on the determination that the secure identifier is valid.

Abstract: Hardware and/or software systems, devices, networks, and methods for managing for access authentication, and verification to devices, networks, and systems based on a wireless signal identity developed for wireless-enabled devices based on wireless signal information associated with wireless signals previously detected by the wireless-enabled devices. The system may be used to authenticate access requests, transactions, etc. based on comparison between wireless signal information associated with wireless signals presently detected by the WED and its wireless signal identity via a management platform and/or the WED itself.

Abstract: A device for verifying a subject includes: a device body comprising a processor and a biometric system; wherein the biometric system comprises a first image capture device and a second image capture device, in which the first image capture device is configured to define a spatial region and the second image capture device is configured to capture an image of a subject within said spatial region, and the processor is configured to conduct an identification process on the captured image of the subject within the spatial region.

Abstract: It is described a method, a control device, and a computer program for enabling/disabling at least one near field communication (NFC) function of a mobile device (MD). It is further described such a MD. The method comprises (a) associating the at least one NFC function to be enabled/disabled with a corresponding secure application (SA) installed in a secure element (SE) system; (b) checking whether the SA complies with a predefined secure condition; (c) if the SA complies with the predefined secure condition, transmitting a notification from the SA to the NFC control system (NFCC) via an interface between the SE system and the NFCC; and (d) enabling/disabling, by the NFCC, the at least one NFC function based on information comprised by the transmitted notification.

Abstract: Provided is a system and method for hybrid windowing for string-matching of input patterns to a corpus. The method including: establishing a first window size and a hash function; performing hashing on input patterns having a size within a given range using dynamic-sized windows to determine a dynamic-windowed hash set, the given range established using the first window size; performing hashing on input patterns having a size outside the given range using fixed-sized windows to determine a fixed-windowed hash set; combining the dynamic-windowed hash set and the fixed-windowed hash set to determine a combined hash set; and outputting the combined hash set for use in the confidential string-matching.

Abstract: Secure communication in accessing a network is described herein. An example apparatus can include a memory and a processor coupled to the memory. The processor can be configured to receive an identity public key from the identity device. The identity public key can be received in response to providing, to the identity device, a request to modify content of the identity device. The processor can be further configured to encrypt data corresponding to subscriber information using the identity public key, provide (to the identity device) the encrypted data to store the subscriber information in the identity device, and access a network operated by a network operator via the data stored in the identity device.

Abstract: A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.

Abstract: A method for searchable encryption with a public key includes receiving an operation request from a user device associated with a user requesting that encryption of data associated with the user. The data includes a corpus of documents stored on a remote storage device. The method also includes receiving a public key associated with the user. The public key includes an asymmetric cryptographic public key. The method also includes generating a random data key. The data key includes a symmetric cryptographic key. The method also includes encrypting, using the data key, a search index for the corpus of documents based on keywords within the corpus of documents. The method also includes encrypting, using the public key, the data key and sending the encrypted data key to a user device associated with the user.

Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, and provide results of the automated analysis in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a compact, human-readable analysis of the data clusters. The human-readable analyses (also referred to herein as “summaries” or “conclusions”) of the data clusters may be organized into an interactive user interface so as to enable an analyst to quickly navigate among information associated with various data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation. Embodiments of the present disclosure also relate to automated scoring of the clustered data structures.