Abstract: A virtual network function (VNF) audit method and apparatus, used to audit a VNF generated by a platform that includes an authentication and authorization component, a service component, and a virtualized infrastructure. The method includes receiving an event reported by the authentication and authorization component, receiving an event reported by the service component, and receiving an event reported by the virtualized infrastructure, obtaining an event occurrence sequence of each VNF according to all received events, and auditing the event occurrence sequence of each VNF to obtain an audit result of the VNF. According to the method, the events that are distributed in different components are integrated into one event occurrence sequence in order to visually and quickly detect a malicious VNF generated by bypassing a component, and more comprehensively detect the malicious VNF, thereby reducing a missed detection rate of a VNF operation audit.

Abstract: One or more beaconing devices transmit synchronized changing beacons. The changing beacons trigger execution of an application that is installed but closed or not running on a mobile device, that is in wireless beaconing range of a beaconing device, and that has registered the changing beacons with the mobile device operating system (“OS”) to trigger execution of the application upon receipt of the changing beacons. The changing beacons also keep the executing application running by resetting OS policies for closing the application when it is running with the mobile device in a locked or standby state. The application may perform different procedures and different times with the beaconing device or other devices including authorizing access to a secured resource when the mobile device is far away from the beaconing device, and confirming intent to access the secured resource when the mobile device is close to the beaconing device.

Abstract: Aspects of the disclosure relate to multicomputer processing of data from social media service computing platforms and other sources with centralized event control. A first computing platform may receive a request to authorize an event from a first device as well as information from one or more social media service computing platforms. The first computing platform may determine whether or not to authorize the event and may request authorization for the event from a second device. Subsequently, the first computing platform may command a second computing platform to authorize or not authorize the event accordingly. The rules and conditions evaluated by the first computing platform in determining whether or not to authorize the event may be determined or altered by a machine learning engine of the first computing platform.

Abstract: In one embodiment, a method for operating a system for management of implantable medical devices (IMDs), comprises: conducting communications sessions with a plurality of clinician programmer devices, wherein some of the communication sessions occur while the plurality of clinician programmer devices are engaged in respective programming sessions with IMDs; conducting communications sessions with a plurality of patient controller devices, wherein the communication sessions with the patient controller devices include communication of data pertaining to offline programming of IMDs; reconciling programming session data received from the plurality of clinician programmer devices with programming session data received from patient controller devices to identify instances of unauthorized IMD programming; and distributing revocation data to patient controller devices to be downloaded to corresponding IMDs, wherein the revocation data identifies cryptographic keys that are no longer trusted.

Abstract: A first request and a first identifier corresponding to an identity of a first source device that initiated the first request is received. At least a second source device is queried to obtain information indicative of whether the first source device is authorized to complete the first request. The second source device is configured to periodically gather and transmit data, over one or more networks, to one or more local processing devices or one or more remote devices for data analysis. The first request is blocked or authorized to proceed based at least in part on whether at least the first source device is authorized to complete the first request.

Abstract: A social networking system user identifies one or more social networking system users authorized to present content items to the user via the social networking system (“authorized users”). When an additional user requests presentation of a content item to the user, the social networking system determines if the additional user is an authorized user. If the additional user is an authorized user, the content item is presented to the user. However, if the additional user is not an authorized user, the social networking system identifies the additional user to the user along with a request to identify the additional user as an authorized user. If the user identifies the additional user as an authorized user in response to the request, the content item is presented to the user.

Abstract: An apparatus includes an authentication arrangement for a communication connection, using a communication protocol, between two data processing devices of the apparatus. The data processing devices each have an interface unit for the communication connection and a computation unit. The interface units each have an encryption/decryption device, where the encryption/decryption device is at least partially produced by hardware for encrypting at least some of the user data to be transmitted via the communication connection as part of the authentication arrangement. The encryption/decryption device can be applied in a communication layer of the communication protocol to the user data prepared for the physical user data transmission or to the physically received user data. Each data processing device has a security unit, implemented as dedicated hardware that the computation unit cannot access and/or in a manner logically isolated from the computation unit.

Abstract: An example system may include a processor and memory, wherein the processor is configured to perform one or more of acquire a first biometric sample of a user, compare the first biometric sample of the user against a pre-recorded second biometric sample, in response to the match, access shared data of the user stored on a blockchain, generate a question based on the shared data, receive an answer to the question from the user, and authenticate the user based on the answer to the question and the first biometric sample.

Abstract: Secure directory services are disclosed. A cryptographic hash of a foreign identifier associated with a potential user is received. A determination is made that the received cryptographic hash of the foreign identifier matches a representation of a stored entry. In response to the determination, a transmission of a representation of a native identifier associated with the stored entry is transmitted to the sender of the cryptographic hash of the foreign identifier.

Abstract: A method for downloading a profile of an electronic apparatus is provided. The method includes receiving profile information from a profile information transfer server, transmitting a profile request to an identified profile providing server based on the profile information, and receiving a profile installable in a universal integrated circuit card (UICC) of the electronic apparatus from the profile providing server, and an electronic apparatus. Further, the present disclosure may provide a profile information providing server providing the profile information to the electronic apparatus and an operation thereof, and a profile providing server providing a profile to the electronic apparatus and an operation thereof. Further, the present disclosure may provide a method for swapping a profile between apparatuses, a method for acquiring profile information using code information, a method for modifying a profile providing server, and an apparatus performing the same.

Abstract: In some variants systems and methods are disclosed that allow a smart contract or other device-executable code sequence to be triggered as an automatic and conditional response to a change of a data element that is used by the code sequence. By using user-identified values as state variables that trigger execution in a blockchain or similar controlled environment, for example, cascading processes can be incrementally and reversibly automated without any necessity for coordination and without compromising security.

Abstract: A communication method for an information capturing system includes the steps of: detecting for a communication link between a host device and an information capturing device, the host device having a high-power-consumption network-connection unit, the information capturing device having a low-power-consumption network-connection unit and a SIM card, and the SIM card storing an identity authentication information; and creating, upon affirmative detection of the communication link, a network connection to a base station by the high-power-consumption network-connection unit, using the identity authentication information.

Abstract: A gateway (GW) in a wireless communication system, according to the present disclosure is provided. The GW generates self-signed authentication information, allocates the self-signed authentication information to at least one device, transmits a registration request message for requesting registration of the at least one device to a server if a certificate channel with the at least one device is generated based on the self-signed authentication information, and transmits certificate information for the at least one device to the at least one device if the certificate information for the at least one device is received from the server.

Abstract: Methods and systems for performing a computational operation on a server host are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in a memory space; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result.

Abstract: One variation of a method for verifying email senders includes: intercepting an email addressed to a target recipient within an organization, the email received from a sender at an inbound email address and including an inbound display name; accessing a whitelist including a verified display name and a set of verified email addresses corresponding to an employee within the organization; characterizing a display name difference between the inbound display name and the verified display name; in response to the display name difference falling below a threshold difference, comparing the inbound email address to the set of verified email addresses; in response to identifying the inbound email address in the set of verified email addresses, authorizing transmission of the email to the target recipient; and, in response to the set of verified email addresses omitting the inbound email address, withholding transmission of the email and flagging the email for authentication.

Abstract: The present disclosure generally relates to a system, comprising a mobile device configured to register with a service provider via an application program, obtain network credentials of communication networks operated by the service provider at various locations, connect to a communication network via the network credentials when approaching a selected location of the service provider, and transmit, to a first computing device via the communication network, a first identifier that uniquely identifies the mobile device. The system also comprises the first computing device positioned at service provider's locations and configured to receive and transmit the first identifier to a second computing device. The system also comprises the second computing device configured to receive the first identifier, compare the unique identifier to a plurality of unique identifiers, and provide a service customized to a user of the mobile device based at least upon the comparison result.

Abstract: Exemplary embodiments are directed to a biometric security system including an interface, a biometric acquisition device, and a processing device in communication with the interface and biometric acquisition device. The processing device is configured to display a challenge to a subject via the interface, and receive as input a response to the challenge from the subject. Simultaneous to receiving the response to the challenge from the subject, the processing device is configured to capture a biometric characteristic of the subject with the biometric acquisition device. The processing device is configured to analyze the received response to the challenge relative to a preset valid response, and analyze the captured biometric characteristic of the subject for biometric authenticity. The processing device is configured to verify the subject based on both a successful match between the response to the challenge and the preset valid response, and a successful finding of biometric authenticity.

Abstract: Methods, systems, and techniques for storing a binary large object involve receiving, at a first node comprising part of a first blockchain, the binary large object; hashing the binary large object; sending the binary large object from the first node to at least one other node that is part of the first blockchain without using the first blockchain; and after the binary large object has been disseminated to at least the number of nodes on the first blockchain required to achieve consensus, storing a hash of the binary large object on the first blockchain. Sending the binary large object involves disseminating the binary large object to at least a number of nodes on the first blockchain required to achieve consensus.

Abstract: Approaches presented herein enable restricting access to a locked computing resource in a web browser with a user-tailored CAPTCHA. More specifically, a request for a CAPTCHA is obtained from a web browser of a user attempting to access a resource. A set of terms associated with the user are selected from a pool of terms collected from an environment of the user within a pre-determined time period. A familiarity value of the selected terms indicating a recognizability of the terms by the user is determined. A CAPTCHA of the selected set of terms is generated having a level of graphic noise corresponding to the familiarity value. The generated CAPTCHA is then sent to the web browser. When a response to the CAPTCHA is received from the web browser, it is analyzed to determine whether the response matches the selected set of terms. If so, the web browser is instructed to grant the user access to the resource.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry configured to function as a start process control unit, a file read detection unit, a determination unit, and a file reading unit. The start process control unit is configured to register at least a specific process of started processes in an identifiable manner into a first list. The file read detection unit is configured to detect a request to read a file by the specific process registered in the first list. The determination unit is configured to determine whether to allow reading of the requested file based on a first condition. The file reading unit is configured to control reading of the file in accordance with a determination result of the determination unit.