Abstract: In one illustrative example, a mobile network extender has a network interface configured to connect with a host router and a cellular modem configured to provide a wireless link for communications via a cellular mobile network. In a pairing process, the extender may establish a secure encrypted channel with the router via the network interface. In a locking process, the extender may receive information from the router and verify the information. Upon verification, the extender may be set in a locked state in which the extender is logically locked to the router. The extender may also receive and store a secret session key from the router, and permit the router to acquire the extender for communications. In the locked state, the extender may permit or deny subsequent router acquisition upon router reconnection based on verifying, using the secret session key, authentication data received via the network interface.

Abstract: For a managed network including multiple nodes providing multiple services and executing multiple applications some embodiments provide a method for generating groupings of network addresses associated with different applications or services. The method analyzes network traffic patterns using a probabilistic topic modeling algorithm to generate the groupings of network addresses. In some embodiments, data is collected and analyzed periodically. A network administrator defines the granularity of the time stamps in some embodiments to monitor changes in network traffic patterns over time for each network address or node and/or for the network as a whole. For each network address or node, a probability distribution over the topics at a given time is stored in some embodiments. The stored distributions are then used to determine a divergence over time of the application or service provided by the network address or node. Additionally, the stored distributions can be used to detect anomalous behavior.

Abstract: A method for application connection comprises discovering information for communicating with a first electronic device. The first electronic device includes an application launched thereon. A symbolic code representing the discovered information is generated. The symbolic code is displayed on a display device. The symbolic code is used to gain access to the first electronic device via a second electronic device. The application is connected via the second electronic device.

Abstract: An intermediate apparatus that upon reception of a request from an application apparatus, instructs a plurality of secure computation apparatuses to perform a secret computation processing, in accordance with the request, performs a part of operation of the request from the application apparatus, on at least one of a part of data included in the request or data reconstructed from shares received from a plurality of secure computation apparatuses.

Abstract: Enterprise users' mobile devices typically access the Internet without being protected by the enterprise's network security policy, which exposes the enterprise network to Internet-mediated attack by malicious actors. This is because the conventional approach to protecting the mobile devices and associated enterprise network is to tunnel all of the devices' Internet communications to the enterprise network, which is very inefficient since typically only a very small percentage of Internet communications originating from an enterprise's mobile devices are communicating with Internet hosts that are associated with threats. In the present disclosure, the mobile device efficiently identifies which communications are associated with Internet threats, and tunnels only such identified traffic to the enterprise network, where actions may be taken to protect the enterprise network.

Abstract: Technologies for dynamically protecting memory of the mobile compute device include a main memory, a location sensor that produces sensor data indicative of a present location of the mobile compute device, a sensor hub communicatively coupled to the location sensor, and a security engine communicatively coupled to the sensor hub. The sensor hub determines a present location security zone of the mobile compute device based on the present location of the mobile compute device and a geofence policy, which maps locations to location security zones. The security engine encrypts the main memory of the mobile compute device and determines whether the present location security zone has changed relative to a most-previous location security zone of the mobile compute device. If the present location security zone has changed to a safe zone, the security engine decrypts the main memory.

Abstract: A system, method, and apparatus for providing a value transfer is provided. A method includes creating, by a mobile device, a value transfer message, the message including terms of a value transfer from an account of a sending party to a receiving party or one or more merchants; signcrypting, by the mobile device, the value transfer message using each of the receiving party's public key and the sending party's public and private keys; and sending, by the mobile device, the signcrypted value transfer message to the receiving party, wherein the receiving party can de-signcrypt the signcrypted value transfer message using each of the receiving party's public and private keys and the sending party's public key, and present the value transfer message to a third party to receive the value transfer.

Abstract: Systems and methods for binding content to pairing of a playback device and removable memory storage device are disclosed. In one embodiment, a method for requesting authorization to play content using a playback device and a removable memory storage device includes retrieving a coupon identifier from a removable memory storage device while it is attached to the playback device, generating a coupon code using the coupon identifier, sending a request for storefront token that includes a device match data token and an application identifier, receiving a storefront token associated with a storefront identifier where the storefront identifier identifies a storefront application, sending a request for ticket token that includes the coupon code, the storefront identifier, and a content identifier that identifies the content, sending a request for license file that includes the ticket token, and receiving a license file that grants playback rights to the piece of content.

Abstract: A method for identifying security vulnerabilities in a third party software component includes generating a test application for the third party software component. The test application is generated such that every externally accessible data path in the third party component is called. The test application and the third party software component are analyzed using a static application security testing (SAST) code analyzer. One or more test results are obtained from the SAST code analyzer. The one or more test results are used to identify security vulnerabilities in the third party component.

Abstract: A computer-implemented method for detecting malware based on asymmetry includes receiving, via a processor, an application to be tested. The method includes computing, via the processor, a static call graph for the application. The method also includes generating, via the processor, an interprocedural control-flow graph (ICFG) based on the static call graph. The method further includes detecting, via the processor, symbolic path conditions and executable operations along different paths of conditional branches in the ICFG. The method further includes detecting, via the processor, asymmetries based on the symbolic path conditions and the executable operations. The method includes detecting, via the processor, a malicious block based on the detected asymmetries. The method further includes modifying, via the processor, the application based on the detected malicious block.

Abstract: Aspects of the present disclosure relate to systems and methods for impersonating target user accounts via account redirection. In one aspect, a request may be received at a service issued from a temporary account of the service accessed by a client application. It may be determined whether the temporary account is stored in a mapping table comprising one or more temporary accounts mapped to a corresponding impersonation token. When it is determined that the temporary account is stored in the mapping table, the corresponding impersonation token mapped to the temporary account may be identified. The request may be processed in an impersonation mode based on the identified impersonation token.

Abstract: A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in response to a read request. Accordingly, each response generated by the smart tag will include a different TAC. It follows that interactions between the smart tag and a reading device can be authenticated as unique interactions if the TAC is validated as a unique and correct TAC.

Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.

Abstract: Method for establishing secure communication between a plurality of IoT devices in one or more vehicles include: provisioning the plurality of IoT devices by providing a unique identification, a digital identity token and a cryptographic key to each of the plurality of IoT devices; establishing a secure communication line between the plurality of IoT devices by authenticating respective communication lines between respective IoT devices and issuing a digital certificate to the respective communication lines; grouping the plurality of IoT devices into different groups based on a predetermined criteria; and including a group membership for a group of the different groups in an attribute certificate indicating group characterization.

Abstract: Fully homomorphic encryption integrated circuit (IC) chips, systems and associated methods are disclosed. In one embodiment, a number theoretic transform (NTT) butterfly circuit is disclosed. The (NTT) butterfly circuit includes a high input word path cross-coupled with a low word path. The high input word path includes a first adder/subtractor, a first multiplier, and first selection circuitry coupled to the first adder/subtractor and the first multiplier. Respective bypass paths selectively bypass the first adder/subtractor and the first multiplier. The low input word path includes a second adder/subtractor, a second multiplier, and second selection circuitry coupled to the second adder/subtractor and the second multiplier. Respective bypass paths selectively bypass the second adder/subtractor and the second multiplier. The first and second selection circuitry is responsive to different mode control signals to reconfigure the low and high input word paths into different logic processing units.

Abstract: Software defined network capable of detecting a DDoS attack and a switch included in the same are disclosed. The software defined network comprises a controller arranged on a control plane of the software defined network, and a plurality of switches arranged on a data plane of the software defined network. Here, each of the switches collects packets received through corresponding external network and detects a DDoS attack by using the collected packets.

Abstract: A first executable program on a computer system is enabled to exchange communications with a second executable program on the computer system by determining that the first executable program requests to exchange information with the second executable program, using the second executable program to challenge the first executable program for a digital certificate, and using the second executable program to exchange information with the first executable program when the digital certificate is verified.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products for digital content auditing in a group based communication repository, where the group based communication repository comprises a plurality of enterprise-based digital content objects organized among a plurality of group-based communication channels. In one embodiment, a computing entity or apparatus is configured to receive an enterprise audit request, where the enterprise audit request comprises an audit credential and digital content object retrieval parameters. The apparatus is further configured to determine if the audit credential satisfies an enterprise authentication protocol.

Abstract: In an aspect, an apparatus obtains at least a first input value and a second input value from a sender device. The apparatus performs a computational operation between portions of the first input value and portions of the second input value to obtain a plurality of partial results of the computational operation. The apparatus applies a hash function to each of the plurality of partial results of the computational operation to obtain a hash of a final result of the computational operation between the first input value and the second input value. The apparatus obtains the final result of the computational operation from the sender device. The apparatus verifies that the final result of the computational operation from the sender device is correct based on the hash of the final result of the computational operation.

Abstract: The disclosed computer-implemented method for preventing loss of possession factors may include (i) identifying an account of a user that is associated with a possession factor that is used by the user to perform a multi-factor authentication procedure that is required when accessing the account of the user, (ii) monitoring one or more attributes of at least one of the user and the possession factor, (iii) determining, based at least in part on the one or more attributes of at least one of the user and the possession factor, that the possession factor has likely been lost, and (iv) performing a security action in response to determining that the possession factor has likely been lost to prevent the user from being unable to perform the multi-factor authentication procedure. Various other methods, systems, and computer-readable media are also disclosed.