Abstract: A method for a first network node may protect confidentiality of a first identifier associated by the first network node with a subscription used by a mobile entity. The communications network comprises a home network of the mobile entity and a serving network serving the mobile entity. The first network node, which is part of the home network may: receive, from a second network node which is part of the serving network, a first request for authentication information for the mobile entity, the first request comprising the first identifier; generate a first pseudonym associated with the first identifier; create a link between the first pseudonym and the first identifier; and send, to the second network node, the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity in the serving network. A method for a second network node is also provided.

Abstract: Systems, methods, and non-transitory computer readable media can detect an event relating to a copy of a content item. A determination can be made that the content item is associated with sensitive information. The copy of the content item can be modified.

Abstract: Systems and methods for authorizing an Internet of Things (IoT) application of an IoT device (such as a smart TV or a set-top box microconsole). Examples can include establishing, by the IoT application, a connection with a mobile application of a mobile device. The connection can be a wireless link that has a maximum range less than or equal to 400 meters (such as a Bluetooth or a near-field communication (NFC) link). Examples can also include sending, by the IoT application, a request to a remote server to return a connector code. The request can include an identification of the wireless link. Examples can also include receiving, by the IoT application, the connector code from the remote server or a second server, and transferring, by the IoT application, the connector code to the mobile application via the wireless link.

Abstract: A system for protecting an input device. The system includes a pressurizing device and a printed circuit board having a false key. The pressurizing device includes a tube for receiving a flexible pressurizing element. A spacer of a predetermined length is disposed at a bottom of the tube.

Abstract: A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system, the method comprising: a) receiving, from a first user system via a computer network, user authentication information and a network address identifying the first user system within the computer network; b) obtaining at least one data item of contextual information indicative of a property of an environment of a wireless communications device associated with the user authentication information; c) authenticating the user based on at least the user authentication information; and d) subject to successful authentication, granting access to the target component and storing a data record comprising the received network address and the received contextual information.

Abstract: A technique for controlling the reading of a digital object by a user device. The digital object is stored locally in the memory of the user device. The reading of the digital object is conditioned by receiving at least one datum broadcast by a transmitting device using a radio communication channel. An area for reading the digital object is thus located in the radio range of the transmitter device. Reading is blocked outside of this reading area.

Abstract: A method, an apparatus, and a storage medium for detecting vulnerabilities in software to protect a computer system from security and compliance breaches are provided. The method includes providing a ruleset code declaring programming interfaces of a target framework and including rules that define an admissible execution context when invoking the programming interfaces, providing a source code to be scanned for vulnerabilities; compiling the source code into a first execution code having additional instructions inserted to facilitate tracking of an actual execution context of the source code, compiling the ruleset code into a second execution code that can be executed together with the first execution code, executing the first execution code within an virtual machine and passing calls of the programming interfaces to the second execution code, and detecting a software vulnerability when the actual execution context disagrees with the admissible execution context.

Abstract: Embodiments of the disclosure provide an endorsed value in a permissioned ledger in a DDBMS. The permissioned ledger includes entries, each comprising a key and at least one value. Permission is required for a peer node to access the ledger. Digital transactions may only be appended to the ledger. Each peer node maintains at least a portion of a replica of the ledger. A request for valuation of an object is received. A candidate object value of the object is obtained. An endorsed object value of the object is obtained based upon a consensus protocol among peer nodes in the network. A data block is added to the ledger including the endorsed object value, where the added data block is cryptographically linked to a previous data block.

Abstract: Media, system, and method for providing encryption key management to an automated workflow within a group-based communication system. The automated workflow is encrypted using an organization-specific encryption key and is stored in a data store. Responsive to a triggering event, the encrypted workflow is retrieved from the data store to be decrypted and a corresponding decryption key is retrieved from a key store. The decrypted workflow performs a series of steps responsive to determining that a trigger condition has been met. The steps may be associated with at least one of sending a form and sending a message to a user within the group-based communication system.

Abstract: The present methods are directed to authenticating multi-author message content. In aspects, a sender of a message (first author) may utilize a messaging application to create the message and some message content. However, when creating the message, the sender may embed original content (e.g., from a second author) into the message. For instance, the sender may embed original content corresponding to a news article, a Twitter® post, an invoice, a blog post, or any other original content. Traditional systems are able to verify the sender (first author), but cannot verify the authenticity of the embedded original content. That is, when the recipient receives the message, the recipient cannot verify whether or not the sender (or some other individual) altered the original content prior to sending the message. The present systems provide for recipient authentication of the identity of the second author, as well as the authenticity of embedded original content.

Abstract: A method of providing remote control of a robotic vehicle may include receiving an instruction directing setup of a connection for communication between a robotic vehicle and an electronic device configurable to interface with the robotic vehicle remotely, providing a pairing code to one of the robotic vehicle or the electronic device for display of the pairing code at the one of the robotic vehicle or the electronic device, receiving an indication of entry of the pairing code at the other of the robotic vehicle or the initiate pairing electronic device, establishing a communication link for operably coupling the robotic vehicle and the electronic device responsive to receipt of the indication, and enabling an operator to remotely interact with the robotic vehicle at the electronic device via the communication link.

Abstract: The present invention provides an output device, etc., with which it is possible to present an alert indicating an abnormality of network to an operator in such a manner that the operator can determine the alert more efficiently. An output device is provided with a presentation unit which, when a first alert is notified in response to detection of an abnormality in a communication network to be monitored, presents similarity information representing similarity obtained on the basis of first information included in communication information that has caused the first alert and second information included in communication information related to one or a second alerts.

Abstract: A method, non-transitory computer readable medium, and device includes monitoring a session layer and transport layer network traffic data received from a plurality of client computing devices and plurality of servers. A plurality of network traffic anomaly threshold values and a plurality of server health anomaly threshold values for the monitored session layer and the transport layer network traffic data are estimated. Whether a plurality of current network traffic anomaly values and a plurality of current server health anomaly values for the monitored network traffic data exceeds each of the corresponding estimated plurality of network traffic anomaly threshold values and the estimated plurality of server health anomaly threshold values, and whether the current plurality of network traffic anomaly values and the current plurality of server health anomaly values are not a false anomaly is determined. A mitigation action is initiated based on the determination.

Abstract: Disclosed are a network monitoring device, a method, apparatus and system for resetting a password of the network monitoring device, and a server. The method for resetting the password of the network monitoring device includes: a first characteristic code is generated according to encrypted content; the first characteristic code is sent to a server; a password resetting command from the server and a reset password from a client are received, wherein the password resetting command is obtained by encrypting the first characteristic code with adoption of a first key, and returned by the server after receiving the first characteristic code; and the password resetting command is decrypted by adopting a second key, and the password of the network monitoring device is reset by utilizing the reset password, wherein the first key and the second key are a pair of keys in an asymmetric encryption algorithm.

Abstract: An example operation may include one or more of receiving an export identifier to initiate an asset ownership transfer of an asset from a current owner to a new owner, identifying an asset identifier assigned to the asset and a current asset ownership session stored in a blockchain transaction, responsive to identifying the export identifier, assigning a new asset identifier to the asset, assigning a random number to an import identifier used to identify the asset transfer to the new owner, and creating a new blockchain transaction including the new asset identifier, the random number, and a new asset ownership session.

Abstract: A method and system for generating access policy suggestions are described. The system initiates a test mode for a web service to be access by a user. The system authorizes access to the web service by the user in the test mode and records test data regarding the access to the web service by the user in the test mode. The system generates an access policy suggestion based on the test data.

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user.

Abstract: An automated scanning service can be configured to dynamically determine potential firewall misconfigurations in a shared resource environment. The scanning service can interrogate one or more application programming interfaces (APIs) to determine the state of the relevant firewall ports. For each firewall port in a permitted state, a test or trace can be run to determine whether the corresponding host port is open. Similarly, information can be obtained indicating which host ports for the allocation are open, and a determination can be made as to whether the corresponding firewall ports are permitted. Once the determinations are made, any mismatch in port state can be reported as a potential misconfiguration.