Abstract: An information processing apparatus includes circuitry to read identification information of an application and a program of the application from a recording medium; generate license information using unique information assigned to the information processing apparatus, the identification information, and the program; and store the generated license information in the recording medium. The license information is for using the application on the information processing apparatus.

Abstract: A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

Abstract: The present techniques may provide improved processing and functionality of performance of the 128-bit AES Algorithm, which may provide improved power consumption. For example, in an embodiment, an encryption and decryption apparatus may comprise memory storing a current state matrix of an encryption or decryption process and a plurality of multiplexers configured to receive from the memory current elements of the state matrix stored in the memory, perform a cyclic shift on the received elements of the state matrix, and transmit the shifted elements to the memory for storage as a new state matrix.

Abstract: A device is equipped with a public/private key pair. The private key is stored in a secure location on the device and the public key is utilized to track ownership of the device by a manufacturer, vendor, and/or one or more provisioning services. When a user purchases the device, a transaction involving the public key associated with the device and the user is recorded. The one or more provisioning services, which are provided access to user information, prepare a configuration payload for the device specific to the user and the device. The configuration payload is encrypted using the device's public key. When the device is powered on, the configuration payload is sent to the device. The device decrypts the configuration payload using the device's private key and adjusts one or more configuration parameters based on the configuration payload.

Abstract: A method and apparatus for using cryptographically signed secure identifiers to detect fraud during network based transactions are described. The method may include receiving a transaction from a user device, the transaction comprising a secure identifier purported to be associated with the user device, and the transaction further comprising transaction data. The method may also include extracting a first identifier and a second identifier from the secure identifier purported to be associated with the user device, and then regenerating a true second identifier using the first identifier. Furthermore, when it is determined that the true second identifier matches the second identifier extracted from the secure identifier purported to be associated with the user device, the method may include determining that the secure identifier is valid, and processing the transaction based at least in part on the determination that the secure identifier is valid.

Abstract: Hardware and/or software systems, devices, networks, and methods for managing for access authentication, and verification to devices, networks, and systems based on a wireless signal identity developed for wireless-enabled devices based on wireless signal information associated with wireless signals previously detected by the wireless-enabled devices. The system may be used to authenticate access requests, transactions, etc. based on comparison between wireless signal information associated with wireless signals presently detected by the WED and its wireless signal identity via a management platform and/or the WED itself.

Abstract: A device for verifying a subject includes: a device body comprising a processor and a biometric system; wherein the biometric system comprises a first image capture device and a second image capture device, in which the first image capture device is configured to define a spatial region and the second image capture device is configured to capture an image of a subject within said spatial region, and the processor is configured to conduct an identification process on the captured image of the subject within the spatial region.

Abstract: Provided is a system and method for hybrid windowing for string-matching of input patterns to a corpus. The method including: establishing a first window size and a hash function; performing hashing on input patterns having a size within a given range using dynamic-sized windows to determine a dynamic-windowed hash set, the given range established using the first window size; performing hashing on input patterns having a size outside the given range using fixed-sized windows to determine a fixed-windowed hash set; combining the dynamic-windowed hash set and the fixed-windowed hash set to determine a combined hash set; and outputting the combined hash set for use in the confidential string-matching.

Abstract: It is described a method, a control device, and a computer program for enabling/disabling at least one near field communication (NFC) function of a mobile device (MD). It is further described such a MD. The method comprises (a) associating the at least one NFC function to be enabled/disabled with a corresponding secure application (SA) installed in a secure element (SE) system; (b) checking whether the SA complies with a predefined secure condition; (c) if the SA complies with the predefined secure condition, transmitting a notification from the SA to the NFC control system (NFCC) via an interface between the SE system and the NFCC; and (d) enabling/disabling, by the NFCC, the at least one NFC function based on information comprised by the transmitted notification.

Abstract: Secure communication in accessing a network is described herein. An example apparatus can include a memory and a processor coupled to the memory. The processor can be configured to receive an identity public key from the identity device. The identity public key can be received in response to providing, to the identity device, a request to modify content of the identity device. The processor can be further configured to encrypt data corresponding to subscriber information using the identity public key, provide (to the identity device) the encrypted data to store the subscriber information in the identity device, and access a network operated by a network operator via the data stored in the identity device.

Abstract: A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.

Abstract: A method for searchable encryption with a public key includes receiving an operation request from a user device associated with a user requesting that encryption of data associated with the user. The data includes a corpus of documents stored on a remote storage device. The method also includes receiving a public key associated with the user. The public key includes an asymmetric cryptographic public key. The method also includes generating a random data key. The data key includes a symmetric cryptographic key. The method also includes encrypting, using the data key, a search index for the corpus of documents based on keywords within the corpus of documents. The method also includes encrypting, using the public key, the data key and sending the encrypted data key to a user device associated with the user.

Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, and provide results of the automated analysis in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a compact, human-readable analysis of the data clusters. The human-readable analyses (also referred to herein as “summaries” or “conclusions”) of the data clusters may be organized into an interactive user interface so as to enable an analyst to quickly navigate among information associated with various data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation. Embodiments of the present disclosure also relate to automated scoring of the clustered data structures.

Abstract: A webshell detection method and apparatus are provided. The apparatus obtains first web traffic of a protected host; generates a web page visit record of the protected host based on the first web traffic, where the web page visit record is used to save at least one uniform resource locator (URL), an IP address visiting each URL, and a total quantity of visits to each URL; determines a suspicious URL from the at least one URL based on the web page visit record, where a total quantity of visits to the suspicious URL is less than a first threshold, and a ratio of a quantity of different IP addresses visiting the suspicious URL to the total quantity of visits to the suspicious URL is less than a second threshold; and determines whether a web page identified by the suspicious URL contains a webshell signature.

Abstract: Generating a rights blockchain storing rights of a user, including: receiving an enrollment request and a public key from the user; verifying that the user has a private key corresponding to the public key; generating a user identifier using the public key; and generating and delivering the rights blockchain having a genesis block including the user identifier to the user.

Abstract: Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.

Abstract: A computing device includes one or more processors, a memory and an encryption accelerator. The memory includes instructions that when executed on the processors cause a first networking session to be established between a pair of communication peers. Encryption of messages of the first session is enabled by a parameter of a security protocol of the session. The encryption accelerator obtains a key determined in the first session, and uses the key to encrypt messages of a second networking session established between the peers.

Abstract: Examples include a method of predictive rate limiting for performing services requested by a client in a cloud computing system. The method includes receiving a request from a client for one of a plurality of services to be performed, the client belonging to an organization; and determining a current threshold for the organization by applying a real time data model and a historical data model, the real time data model generating a first threshold at least in part by determining a number of requests received from the organization over a first preceding period of time; the historical data model generating a second threshold, the historical data model being generated by applying a machine learning model to historical data stored during processing of previous requests for the plurality of services from the organization over a second preceding period of time, the current threshold being the average of the first threshold and the second threshold.

Abstract: A security negotiation method includes receiving, by a terminal, security negotiation information from a centralized unit control plane (CU-CP)/a centralized unit user plane (CU-UP), where the security negotiation information includes an integrity protection indication identifier of the CU-UP, and determining, by the terminal based on the integrity protection indication identifier, whether to enable user-plane integrity protection of the terminal.

Abstract: The disclosure generally relates to systems and methods for detecting personally identifiable information (PII). The present systems and methods solve the problem of detecting the PII and the PII column names in the customer database with enhanced accuracy, by developing a PII classification model trained with an enhanced and effective training dataset. An enhanced sub-metadata from the metadata having the plurality of the column names is obtained by using highest match distance values, the string comparator values, and the is PII indicator values. The enhanced sub-metadata comprising the column names that can be easily differentiated as PII columns or non-PII columns. Hence the training dataset and the testing dataset obtained from the enhanced sub-metadata improves the accuracy of the PII classification model. Preventive measures can be taken to protect such detected PII present under the PII columns by employing various data privacy and protection techniques.