Abstract: Automatically and dynamically ascertaining by means of autoconfiguration whether used or activated and usable cipher suites and/or key lengths are sufficiently strong for current cryptographic protection of the control communication and/or other service access by virtue of 1) “cipher-suite”-based/-specific information available in the network/system being called up to ascertain reference cipher suites and/or 2) block chain information available in the network/system, containing data records referred to as “proof of work” for solving complex computation tasks, being called up or ascertained, with the ascertainment of block chain difficulty parameters as key length estimation parameters to ascertain appropriate reference key lengths, in particular reference minimum key lengths required for cryptoalgorithms, and 3) the ascertained reference cipher suites and/or the reference key lengths ascertained by the key length estimation parameters being compared with the used or activated and usable cipher suites and/or k

Abstract: A method of bootstrapping between endpoint client and server in a low power wireless network, the method comprising: initiating a bootstrap request from an endpoint client to the server with the bootstrap request including an endpoint client name in an identifier; determining a registry apparatus to be assigned to the endpoint client; accepting the bootstrap request at the server and in response to the bootstrap request providing a security object and an identifier to the endpoint client to identify the assigned registry apparatus.

Abstract: An encryption/decryption system to provide a means for user authentication and document authentication using face biometrics. The encryption/decryption system comprises a key storage means for storing a plurality of keys, a face authentication means for determining whether a prospective user of a key in the plurality of keys is the associated user of the key, an encryption/decryption means for encrypting and decrypting data using the plurality of keys when the face authentication means authenticates the prospective user, and a document authentication means that authenticates the user for access to their plurality of keys to digitally sign a document and display the users face used to authenticate access to their plurality of keys in or associated with the document acting as a witness to the signing of the document.

Abstract: A method and apparatus for the creation of simulated records from a small sample data set with configurable levels of variability, the creation of simulated data from an encrypted token that uniquely identifies an individual, and the creation of simulated values using as the basis retained data (birth years, 3-digit zip areas, gender, etc.) from the de-identification process.

Abstract: According to an aspect of an embodiment of the present disclosure, operations related to emulated mobile device determinations may include obtaining sensor data associated with an entity. The sensor data may include sensor output values associated with one or more sensors of a physical mobile device. The operations may also include analyzing the obtained sensor data. The analyzing may include performing one or more determinations. The determinations may include determining whether the obtained sensor data includes static data. The determinations may also include determining whether the obtained sensor data includes computer-simulated data. In addition, the determinations may include determining whether the obtained sensor data includes reused sensor data. In some embodiments, the operations may include determining whether the obtained sensor data includes emulated sensor data based on one or more of the determinations.

Abstract: Embodiments of the present application provide a certificate management method and apparatus in an NFV architecture. The certificate management method includes: determining, by an MANO, a storage network element, where the storage network element is configured to store a certificate of a VNFC, and the storage network element is different from the VNFC; creating, by the MANO, storage space in the storage network element, where the storage space is used to store the certificate of the VNFC; and sending, by the MANO, an address of the storage space to the VNFC, so that the VNFC accesses the address of the storage space, obtains the certificate of the VNFC, and directly communicates with another network element by using the certificate stored in the storage network element. The VNFC does not locally store the certificate.

Abstract: The disclosed computer-implemented method for detecting unauthorized use of an application may include (1) receiving, by the computing device, fingerprint data associated with a fingerprint, where the fingerprint data is received from the touchscreen, when a user interface of the application is displayed on the touchscreen, and in an absence of displaying a request for fingerprint data on the touchscreen, (2) comparing the received fingerprint data to a whitelist of authorized fingerprint data to determine a presence of a match, where the authorized fingerprint data indicates at least one fingerprint of at least one user that is authorized to access the application and (3) performing, when the received fingerprint data does not match the whitelist of authorized fingerprint data, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed embodiments relate to systems and methods for securely validating access tokens. Techniques include receiving, at a token validation resource, a token provided from a network application, the token having an associated destination network address; wherein the token was dynamically created, and the token was provided to the network application; performing a validation process for the token, the validation process being based on at least the destination network address associated with the token; and determining, based on an outcome of the validation process, whether to permit the network application to assert the token to a destination network resource associated with the destination network address.

Abstract: Methods, systems, and products protect personally identifiable information. Many websites acquire the personally identifiable information without a user's knowledge or permission. Here, though, the user may control what personally identifiable information is shared with any website. For example, the personally identifiable information may be read from a header of a packet and compared to a requirement associated with a domain name.

Abstract: Techniques for managing data mobility domains in storage system environments. The techniques employ a multiple master approach, in which each storage system in a storage system domain can function as an owner of the domain. Each domain owner has privileges pertaining to addition of new members to the domain, removal of members from the domain, and modification of domain credentials. When a new storage system is added as a member of the domain, the domain credentials are provided from the domain owner to the new storage system, resulting in the domain credentials being shared among all members of the domain. Domain membership information is also shared among all members of the domain. In this way, the management of storage system domains can be achieved without the need of a domain management server, avoiding a single point of failure or latency and reducing the complexity/cost associated with the domain management server.

Abstract: A request to establish a session with a first server is received from a client device. The first server is associated with a first hostname, and the request includes information identifying a second hostname purported to correspond to the first server. A Domain Name System (DNS) lookup using the second hostname is performed. A determination that the second hostname was spoofed by the client device is determined based on a response to the DNS lookup. In response to the determination being made that the request received from the client device includes the spoofed second hostname, a determination that the client device has injected or overridden at least one of an HTTP Host header and a Server Name Indicator in the request is made, and an action to take with respect to the client device is determined.

Abstract: A method, apparatus and product for sub-networks based cyber security. One method comprises detecting a device connecting to a local network which is divided into subnets; determining a usage profile of the device; automatically selecting a subnet to connect the device based on the usage profile; and connecting the device to the selected subnet in the local network. Another method comprises monitoring communication traffic of devices in each of the subnets of a local network; performing anomaly detection to detect an abnormal communication of a device connected to a subnet; blocking the abnormal communication of the device; and removing the device from the subnet and connecting the device to a quarantine subnet of the local network, whereby reducing connectivity of the device with other devices connected to the local network.

Abstract: Provided are methods and/or systems for evaluating security of an application. A security evaluation method including storing pattern-information-by-perspective for analyzing a file package based on an obfuscation perspective and a vulnerability perspective, receiving a registration on the file package to be distributed to users for installing and executing an application, analyzing the registered file package based on the pattern-information-by-perspective and generating analysis information of the obfuscation perspective and analysis information of the vulnerability perspective, and providing the generated analysis information of the obfuscation perspective and the analysis information of the vulnerability perspective may be provided.

Abstract: An example operation may include one or more of identifying a smart contract, processing the smart contract to create a smart contract definition, determining whether the smart contract has been accepted by identified parties, when the smart contract has been accepted by the identified parties, generating a smart contract definition hash, and forwarding the smart contract definition hash to one or more blockchains.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, scanning by another set of security rules. The server then executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system or blocking transmission.

Abstract: A method for execution by an auditing unit includes sending a verification request to a storage unit that includes a slice name and a challenge value. A proof of knowledge is received from the storage unit in response, where the proof of knowledge is generated by the storage unit based on a prover output value generated by performing a combined integrity function on the challenge value and slice data associated with the slice name. A verifier output value is generated by the auditing unit as a function of the challenge value and a known slice integrity check value for the slice name. Output verification data is generated by comparing the prover output value to the verifier output value. A corrective action is initiated on the storage unit when the prover output value compares unfavorably to the verifier output value, or when the proof of knowledge is evaluated to be invalid.

Abstract: A method for verifying trusted communication between an agent device and an application providing apparatus using a registry apparatus. The registry apparatus maintains a device registry comprising authentication information for uniquely authenticating at least one agent device. The method includes the steps of obtaining from the device registry the authentication information for the agent device identified by a device identifier specified in an the authentication request from the agent device, performing verification of the agent device using the authentication information obtained from the device registry, and if the verification is not successful, transmitting to at least one of the agent device and the application providing apparatus revocation information for denying the trusted communication between the agent device and the application providing apparatus.

Abstract: A set of candidate malicious activity identification models are trained and evaluated against a production malicious activity identification model to identify a best performing model. If the best performing model is one of the candidate models, then an alert threshold is dynamically set for the best performing model, for each of a plurality of different urgency levels. A reset threshold, for each urgency level, is also dynamically set for the best performing model.

Abstract: Connectionless data transfer is disclosed. Authentication of a device and network node may be performed when data is sent from the device to an application server of an application service provider via a selected network. The transfer of data may take place in an absence of an existing device context between the network node interacting with the device and the core network through which the data travels. State management overhead and signaling overhead may be reduced by use of the exemplary aspects disclosed herein. For example, the device does not need to perform an authentication and key agreement (AKA) procedure to transfer the data and an existing (or pre-existing) device context need not be maintained at the core network.

Abstract: An identity management system is augmented to provide for automated suspension of all dormant accounts before launching a re-certification campaign (pass). In one implementation, prior to receiving a recertification notice from the system, the affected user's account is already suspended and thus cannot be accessed. Once the recertification succeeds, however, the account is restored. Preferably, the technique is exposed to an IAM system administrator through a simple interface, e.g., a one-click “suspend and re-certify” button in an administrative menu. When the administrator initiates the re-certification process, he or she may select the button for a particular account or user.