Abstract: A domain-specific hardwired symbolic communications machine is described that processes information via the hardwired mapping of symbols from one or more domains onto other such domains, computing and communicating with improved security and reduced power consumption because it has no CPU, no Random Access Memory (RAM), no instruction registers, no Instruction Set Architecture (ISA), no operating system (OS) and no applications programming. The machine provides web services by recognizing valid requests based on the processing of symbols and the validating of those symbols according to various domains. In some embodiments the requests may conform or be related to, for example, Long Term Evolution (LTE), Hypertext Transfer Protocol (HTTP), or fourth generation (4G) wireless technology. Further, in some embodiments, the machine has no unconstrained RAM into which malware may insert itself and needs no anti-virus software.

Abstract: Examples disclosed herein relate to data objects associated with private set intersection (PSI). Some examples disclosed herein may enable identifying a set of server elements and a set of data objects. Each data object of the set of data objects may be associated with at least one server element of the set of server elements. Some examples further enable sending the set of server elements and the set of data objects to a client computing device that has a set of client elements. A private set intersection (PSI) between the set of server elements and the set of client elements may be inaccessible by the client computing device, and a subset of the set of data objects that are associated with the PSI may be accessible by the client computing device.

Abstract: Systems, methods, and computer-readable storage devices are disclosed for improve cybersecurity intelligence by launching applications ahead of time. One method including: receiving, over a communications network, at least one threat model; determining whether a performance of an orchestrated response is triggered based on the at least one threat model, wherein the orchestrated response includes a plurality of applications to be executed in a predetermined sequence; and launching, when the performance of the orchestrated response is triggered, a first application and a second application of the plurality of applications of the orchestrated response, wherein the second application executes after execution of the first application has completed execution.

Abstract: A method for authentication using location correlation is disclosed. The method includes determining geographic zones and zone identifiers associated with a location of a mobile communication device. Later, transaction data is received and a zone identifier is determined from that transaction data. If the zone identifier matches one of the previously determined zone identifiers, then a match indicator is sent to an authorizing entity computer system or the transaction may be allowed to proceed.

Abstract: For each data value associated with a data object, a respective object value identification query message that includes the data value may be sent to each of a plurality of identity nodes via a network. For each of the data values, a respective object value identification response message that includes a respective network identifier corresponding with the respective data value may be received. A local identifier may be determined based on the object value identification response messages, and a response query message including the local identifier may be transmitted.

Abstract: The present invention involves with a method and system of state consistency protection for Intel software guard extension (SGX). In a method of state consistency protection for a central processing unit capable of creating enclaves, the central processing unit supports creation of at least one enclave, wherein the central processing unit communicates with a remote server providing services for the central processing unit through remote communication and the remote server has a remote attestation module, configuring the remote attestation module to facilitate the completion of every execution state storing operation and/or every execution state restoring operation, wherein the remote attestation refers to an attestation mechanism by which the central processing unit proves to the remote server that it has created the specific enclave in a local platform so that the remote server trusts the specific enclave. The present invention does not require special hardware and is favorable to cross-platform migration.

Abstract: This invention is directed to an encryption communication system for preventing leakage of a common key and improving the confidentiality of communication information.

Abstract: A device having a fingerprint reader and a first heart rate monitor which are co-located such that a person's heart rate is obtained at the same time as this fingerprint. The device is integral to yet another heart rate monitor for monitoring the performance of the person in exercise. The readings of the other heart rate monitor correlates to the readings of the first heart rate monitor if the person whose fingerprint is read is the same person wearing the second heart rate monitor, in which case the fingerprint is deemed acceptable for identifying the person. Other biometric identification besides fingerprint can be used such as iris recognition.

Abstract: A secure end-to-end communication system is implemented via one or more security processing devices. In one embodiment, a method includes: loading, by a key manager, a first set of keys into a security device; encrypting first data with the first set of keys using the security device; and sending, over a network, the encrypted first data to an external site or a mobile device. The method may further include: requesting the encrypted data from the external site or mobile device; receiving, over the network, the encrypted first data; and decrypting the received encrypted first data with the first set of keys using the security device.

Abstract: A method and an apparatus for secure interaction between terminals, where the method includes indicating or indirectly indicating, by a companion terminal with an embedded Universal Integrated Circuit Card (eUICC), a Hypertext Transfer Protocol (HTTP) over Secure Socket Layer (HTTPS) Uniform Resource Locator (URL) including security information to a primary terminal such that the primary terminal initiates establishment of a local Transport Layer Security (TLS) connection according to the HTTPS URL, receiving, by the companion terminal, an HTTP request from the primary terminal using the local TLS connection, completing establishment of an HTTPS session when the companion terminal determines that the HTTP request includes the security information, and receiving, by the companion terminal, an operation instruction for the eUICC from the primary terminal using the HTTPS session.

Abstract: A method for processing disputes in a multi-tenant architecture system includes receiving, at a first service provider, a dispute request from a second service provider that manages entity identities of a plurality of customers. The dispute request indicates a disputed transaction between a customer of the plurality of customers and another entity. The method includes accessing an identity manager to determine a customer representation, the identity manager previously onboarded the plurality of customers as a plurality of customer representations. The identity manager is hosted by the first service provider that manages customer representations corresponding to entity identities of the customers. The dispute request is propagated with the customer representation to a dispute management engine that determines an outcome for the dispute, the determination based on characteristics of the disputed transaction and on characteristics of the customer.

Abstract: Method and system embodiments for providing a cloud-based multi-function firewall are described. A method includes retrieving device information associated with a network-enabled device. The device information is transmitted to a secure cloud for configuring a virtual private network (VPN) connection between the secure cloud and the network-enabled device. Cloud information specifying a cloud server in the secure cloud is received from the secure cloud. The secure cloud generates the cloud information based on the device information. Domain name service and routing functions are updated to forward network requests to the cloud server specified in the cloud information. The VPN connection to the secure cloud is established based on the cloud information such that network traffic to and from the network-enabled device is routed through the VPN connection to the cloud-based multi-function firewall implemented on the cloud server.

Abstract: The present disclosure relates to a method and system for updating a webpage and a webpage server. The method includes: upon detection of an update instruction, acquiring a feature value of an update process that generates the update instruction, the feature value comprising a process name and process identification of the update process; comparing the acquired feature value with each set of feature values in a preset process whitelist; and if there is an item in the preset process whitelist which is identical to the acquired feature value, adjusting a stored webpage document according to the update instruction.

Abstract: An operating system, when having incorporated data, with a certificate attached, for limiting a function of copying a screen, limits the function of the operating system and when receiving a request for a result of an inspection to determine whether the incorporated data is valid, sends out the result of the inspection in response to the request. An application program makes a request to the operating system for the result of the inspection of the data incorporated in the operating system at startup or return from a background processing. When an inspection result sent from the operating system indicates that the data is invalid, the application program forbids a display control means to display a given screen and instructs the operating system to incorporate a valid data therein. When the inspection result indicates that the data is valid, the application program makes the display means display the given screen.

Abstract: Systems, apparatuses and methods may provide for establishing a hardware-based chain of trust in a computing system and extending the hardware-based chain of trust to a container manager and a containerized application on the computing system. Additionally, the containerized application may be checked for its trust and security while it is launched, via the container manager, on the computing system. In one example, extending the hardware-based chain of trust includes conducting a pre-boot measurement of the container manager, a root of trust measurement agent, and one or more packages associated with the containerized application, and verifying the pre-boot measurement of the platform/host and the application itself prior to the containerized application being launched.

Abstract: Methods, apparatuses, and computer readable media for location measurement reporting in a wireless network are disclosed. An apparatus of a responder station is disclosed, the apparatus comprising processing circuitry configured to derive bits from a temporary key, and generate a first sequence and a second sequence using the bits, wherein the first sequence and second sequence comprise one or more symbols. The processing circuitry is further configured to concatenate the first sequence and the second sequence to form a new first sequence comprising the first sequence and the second sequence, and concatenate a modified first sequence and a modified second sequence to form a new second sequence. The processing circuitry may be configured to repeat a number of times the concatenate the first sequence through the concatenate the modified first sequence.

Abstract: A threat detection method and apparatus, and a network system are disclosed. The threat detection apparatus obtains page code of a first display page group identified by the URL and an overall size occupied by the first display page group in a display area of the browser when loading a URL in a browser of a Web sandbox; inject preset dynamic code into the page code of the first display page group; parses and executes the page code that includes the preset dynamic code; sends a request message when a value of a display variable is greater than or equal to a preset value, to request to obtain page code of a second display page group; receives a response message that carries the page code of the second display page group; and detects in the Web sandbox, whether the page code of the second display page group carries attack code.

Abstract: Generating a set of attempted external contacts associated with a malware sample is disclosed. A malware sample is executed in an accelerated computing environment. In the accelerated computing environment, a guest time is advanced more quickly than a time by which a host time is advanced. A set of one or more attempted external contacts generated by the executing malware sample is recorded. The set of attempted external contacts includes at least one generated domain name. A remedial action is taken with respect to the generated domain name.

Abstract: Disclosed herein are user equipment (UE) configured to communicate with a vehicle-to-everything (V2X) control function (CF) and a V2X Key Management Function (KMF). The UE includes processing circuitry configured to select a broadcast service from a plurality of available broadcast services and encode a key request message for transmission to the V2X KMF. The key request message includes a service identification (ID) of the selected broadcast service and identification of V2X security techniques supported by the UE. A key response message received from the V2X KMF in response to the key request message is decoded. The key response message identifies a V2X security technique of the V2X security techniques. The identified V2X security technique is execute to obtain security credentials provisioned by the V2X KMF. Data is encoded for transmission to a second UE during the selected broadcast service, where the encoding is based on the provisioned security credentials.

Abstract: A method for using unified identities in a multi-tenant architecture system is discussed. The method includes receiving a request, at a first service provider, to provide a service for a user. The method includes accessing a representation of a second service provider in a first hierarchical data structure managed by the first service provider. The method includes determining that user data required for the service is managed by the second service provider that manages user identity of the user. The method includes determining that the representation is linked with a full identity reference for the second service provider in a second hierarchical data structure managed by the second service provider. The method includes accessing the user data at the second hierarchical data structure using the full identity reference. The method includes accessing the service via the lightweight identity reference and using the user data at the first service provider.