Abstract: Systems, methods, and devices can be utilized to verify wireless local area networks (WLANs) using fingerprints. An example method includes identifying a received fingerprint comprised in an advertisement message that is received by a user equipment (UE) at a time and within a coverage area. A source of the advertisement message is determined to be a rogue WLAN by determining that the received fingerprint is different than a verified fingerprint transmitted by an authorized WLAN at the time and in the coverage area. The UE outputs an alert indicating the rogue WLAN.

Abstract: In various embodiments, a computer-implemented method for generating and verifying officially verifiable electronic representations may be disclosed.

Abstract: An authentication system includes an authenticator that receives an authentication request from a device and receives sensor data from one or more sensors, the sensor data being indicative of interaction with one or more real world objects or with a displayed authentication image. The authenticator determines that the sensor data is indicative of an authorized interaction with the one or more real world objects or with the displayed authentication image and, in response to the determination, grants the authentication request.

Abstract: Methods and systems for a processing architecture that maintains a separate logic pathway corresponding to a first operation type and a second operation type, until a blockchain operation is submitted to the blockchain network using either the first operation type or a second operation type. Following submission of the blockchain operation to the blockchain network, the architecture collapses the parallel logic pathways to a single logical pathway for both types.

Abstract: A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats.

Abstract: Techniques for securing control and user plane separation in mobile networks (e.g., service provider networks for mobile subscribers, such as for 4G/5G networks) are disclosed. In some embodiments, a system/process/computer program product for securing control and user plane separation in mobile networks in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an Packet Forwarding Control Protocol (PFCP) message associated with a new session, in which the mobile network includes a 4G network or a 5G network; extracting a plurality of parameters from the PFCP message at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network.

Abstract: A method and system are described for storing and retrieving an encrypted master encryption key at multiple distinct physical servers in such a way as to prevent discovery of the master encryption key by any single one of the multiple holders. A retrieval mechanism is provided that facilitates a simple retrieval of the multiple pieces of the master encryption key from the multiple holders. The described system utilizes a combination of encryption algorithms, data storage, and transmission methods to carry out the new way of retrieving and storing the master encryption key.

Abstract: User data is aggregated across a plurality of electronic communication channels and domains. An online system initially authenticates a user for access to the online system over a network. The online system provides a user identifier for the user to an authentication service. The authentication service generates a non-repeatable challenge from the aggregated user data for the user identifier and provides the non-repeatable challenge to the online system. The online system provides the challenge to the user and receives a response from the user. The online system provides the response to the authentication service and the authentication sends a success or failure back to the online system based on the response to the challenge, and based on the success or failure the online system makes a final determination for authenticating the user for accessing to the online system.

Abstract: In an approach for training machine-learning models using encrypted data, a processor receives a set of encrypted data from a client computing device. A processor trains a machine-learning model using a boosting algorithm. A processor performs a first classification on the set of encrypted data using the machine-learning model. A processor sends a first set of encrypted results of the first classification to the client computing device. A processor receives a first set of boosting updates from the client computing device. A processor applies the first set of boosting updates to the machine-learning model.

Abstract: Communication enabled circuit breakers are described. Methods associated with secure communication between communication enabled circuit breakers and a panel system are described. Additionally, methods for commissioning and decommissioning such communication enabled circuit breakers in the panel system are described. The communication enabled circuit breakers may be paired with a controller and information regarding such breakers can be added to a database.

Abstract: A network reachability solving algorithm based on formal verification, which abstractly models the network reachability problem, concretely models and refines it through semantic equivalence, and implements the network reachability solving algorithm through logical equivalence transformation. With the help of formal verification tools, the present disclosure ensures the correctness and logical completeness of the reachability solving algorithm through mathematical reasoning. Compared with traditional testing-based schemes, the present disclosure guarantees the correctness and effectiveness of the network reachability algorithm based on formal method.

Abstract: A set of distance measurable encrypted feature vectors can be derived from any biometric data and/or physical or logical user behavioral data, and then using an associated deep neural network (“DNN”) on the output (i.e., biometric feature vector and/or behavioral feature vectors, etc.) an authentication system can determine matches or execute searches on encrypted data. Behavioral or biometric encrypted feature vectors can be stored and/or used in conjunction with respective classifications, or in subsequent comparisons without fear of compromising the original data. In various embodiments, the original behavioral and/or biometric data is discarded responsive to generating the encrypted vectors. In another embodiment, distance measurable or homomorphic encryption enables computations and comparisons on cypher-text without decryption of the encrypted feature vectors. Security of such privacy enabled embeddings can be increased by implementing an assurance factor (e.g.

Abstract: Methods, systems and computer readable media for rogue device detection are described. The method may include automatically generating one or more dummy network identifiers associated with a wireless network, advertising the one or more dummy network identifiers, and identifying a device as a suspect device based on receiving a connection attempt to at least one of the one or more dummy network identifiers by the device. The method can also include allocating a virtual local area network within the wireless network to process traffic associated with the at least one of the one or more dummy network identifiers, and monitoring network traffic of the suspect device on the virtual local area network. The method can further include, if the monitored network traffic meets an abnormality threshold, determining that the suspect device is a rogue device, and performing an action to protect the wireless network from the rogue device.

Abstract: A method of tracking phishing activity is disclosed. A request to download a webpage hosted as part of a legitimate website on a server is initiated. The request includes identification data pertaining to at least one user computing device. The identification data is extracted from the request. A unique identifier corresponding to the extracted identification data is generated. Fingerprint data is generated using at least a subset of the extracted identification data. The unique identifier, the extracted identification data and the fingerprint data is stored. The fingerprint data is encoded into a program and/or data associated with the webpage to generate a modified webpage. The modified webpage is transmitted from the server to the user computing device in response to the request.

Abstract: This document describes techniques and systems that enable face authentication embedding migration and drift-compensation. The techniques and systems include a user device that is updated to include both a current version of firmware and an updated version of the firmware. Then, an indication of a face-authentication attempt is received along with image data associated with a user's face. After successful authentication, using the current version of firmware on the image data, the user device uses the updated version of the firmware on the same image data to generate a new embedding. The new embedding is stored as part of a migration profile for the user. Additional new embeddings are collected over a series of subsequent face-authentication attempts until a complete set of new embeddings is stored for the migration profile. Then, the old profile is deleted and the migration profile becomes the enrollment profile used for face authentication.

Abstract: The disclosed technology provides solutions for performing a document validation process wherein physically present witnesses are required. In some aspects, a process of the disclosed technology includes steps for receiving geolocation data for a mobile device associated with a first user, receiving a signed electronic document via the first device, determining if the signed electronic document was properly executed by the first user, and if the signed electronic document was properly executed, providing a prompt to the first user, wherein the prompt is configured to request electronic contact address for a second device associated with a second user. In some aspects, the process can further include transmitting an authentication request to the second device associated with the second user, receiving geolocation data from the second device in response to the authentication request. Systems and machine-readable media are also provided.

Abstract: As described herein, a system, method, and computer program are provided for an unattended trap for a brute force attack. A brute force attack on private data in a computer network is detected. Secret information expected by the brute force attack is generated. At least one honeypot having the secret information is created in the computer network. A state of the at least one honeypot is updated based on simulated activity.

Abstract: An exemplary method comprises generating receiving an authentication request from a graphical user interface on a first computing device; generating a first encrypted media element; displaying the encrypted media element on the GUI; receiving a second encrypted media element from a second computing device; upon determining that the first and second encrypted media elements have a positive match, querying an identification value associated with the second computing device; receiving the identification value associated with the second computing device; upon the identification value matching a data record within a database, determining an account associated with the data record within the database; and authenticating the first computing device by granting the first computing device access to the account associated with the second computing device.

Abstract: An identity profile of a user is tracked using previous message communications of the user. A message identified as potentially from the user is received. The identity profile of the user is identified and obtained. Information is extracted from a header of the received message. A security risk assessment of the received message is determined at least in part by comparing the extracted information with one or more corresponding entries of the identity profile of the user. A security action is performed based on the determined security risk assessment.

Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.