Abstract: In order to provide confidentiality protection, an encryption method, a decryption method, and related apparatuses are provided. An encryption device generates a first initial layer-3 message. The first initial layer-3 message includes a first part and a second part. The device generates a keystream for encrypting the first initial layer-3 message. The device performs an exclusive OR operation on the keystream and the first initial layer-3 message to generate a second initial layer-3 message. The second initial layer-3 message includes an encrypted first part of the first initial layer-3 message, an unencrypted second part of the first initial layer-3 message, and an encryption indication indicating that the first part of the first initial layer-3 message is encrypted. The device transmits the second initial layer-3 message to a network device. Small data comprised in the second initial layer-3 message is protected by the encryption.

Abstract: A portable media system for a host computer system, and method of operation thereof, that includes: a controller in the portable media system for communicating clear information between the portable media system and the host computer system; and an encryption system in the portable media system for providing an encryption algorithm for the controller to decrypt cipher information for the host computer system.

Abstract: A temporal identity vault used to authenticate an individual is described herein. User identifying input is received on a device, such as a cell phone. The identifying input is, in some examples, encrypted and stored as a temporal identity vault. The temporal identity vault is configured for a use. The use may be a time, location, or the like. A beacon is associated with the temporal identity vault. If the beacon is at a location relative to an object, the authentication process is started. The information stored in the temporal identity vault is authenticated at a central service. Upon authentication, the user is permitted to operate an object. The temporal identity vault may thereafter be deleted.

Abstract: Systems and methods for analyzing network traffic are provided. An exemplary system may include a plurality of network nodes distributed in multiple geographical regions. The plurality of network nodes may be configured to collect mass scanning network traffic data. The system may also include at least one processor configured to receive, from the plurality of network nodes, the collected mass scanning network traffic data. The processor may also be configured to generate an omnidirectional network traffic database based on the received mass scanning network traffic data. The processor may further be configured to receive a query against the omnidirectional network traffic database. The query may include information of a source of a network scanning activity. Moreover, the processor may be configured to determine whether the source matches any record in the omnidirectional network traffic database and generate an indication based on the determination.

Abstract: A method, apparatus and computer program product for protecting enterprise Information Technology (IT) infrastructures by automatically instantiating individualized network flow controls and/or network access controls specific to an IoT device. In this approach, an IoT device is identified, e.g., via network scanning or other observational sensors, or by receipt of information from a network administrator. In response to receiving information about the new IoT device, a control component obtains applicable network flow control and/or access control rules for the IoT device. These rules are obtained from one or more authoritative (trusted) sources, e.g., querying a website of the IoT vendor, an industry site, or an enterprise site. In this manner, applicable network flow control and/or access control rules are obtained.

Abstract: A cognitive IoT gateway may receive real-time data associated with a user from sensor devices that are detecting user data in real-time. The real-time data is analyzed to determine whether the real-time data indicates a deviation from a predicted user behavior data predicted based on historical data. The real-time data is transformed into collated data that removes protected and sensitive information from the real-time data, and the collated data is transmitted to a server computer, wherein the protected and sensitive information received from the sensor devices remain local to the cognitive IoT gateway. Updated information computed by the server computer based on the collated data is received and a real-time alert is sent to a user device notifying the user of the updated information.

Abstract: A method, apparatus and computer program product for protecting enterprise Information Technology (IT) infrastructures by automatically instantiating individualized network flow controls and/or network access controls specific to an IoT device. In this approach, an IoT device is identified, e.g., via network scanning or other observational sensors, or by receipt of information from a network administrator. In response to receiving information about the new IoT device, a control component obtains applicable network flow control and/or access control rules for the IoT device. These rules are obtained from one or more authoritative (trusted) sources, e.g., querying a website of the IoT vendor, an industry site, or an enterprise site. In this manner, applicable network flow control and/or access control rules are obtained.

Abstract: A pseudo-random noise (PRN) code generator is provided. The PRN code generator includes a register controller; a digitally controlled oscillator (DCO); a primary code generator configured to generate a primary code chip; and a secondary code generator configured to generate a secondary code chip. The primary code generator and the secondary code generator each include: a Weil code generator configured to generate a Weil code chip; a memory code generator configured to generate a memory code chip; a Golden code generator configured to generate a Golden code chip; and a first multiplexer configured to select the Weil code chip, the Golden code chip, or the memory code chip as the primary code chip or the secondary code chip. The PRN code generator also includes a first XOR gate configured to XOR the primary code chip and the secondary code chip to generate a PRN code chip.

Abstract: A method of using a smartcard may include detecting possible fraudulent use of a biometric sensor embedded within the smartcard and restricting, but not preventing, subsequent use of the smartcard after the possible fraudulent use has stopped. The restriction may include one or more of not permitting the bearer to make an action that they would normally be permitted to make, requiring a higher authorization confidence score than would normally be required before permitting the bearer to perform one or more actions, and requiring the bearer to pass a secondary authorization step before permitting the bearer to perform one or more actions.

Abstract: Proxy coordinated wireless communication operation is described for vehicular environments. In one example, a first user equipment receives a proxy operation authorization from a vehicular environment proximity services function for the first user equipment to operate as a Proxy for the proximity services function. The first user equipment then controls configuration information of other user equipment. The first user equipment also controls the vehicular environment operation mode used by the other user equipment.

Abstract: A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

Abstract: Providing streaming of applications from streaming servers onto clients. The applications are contained within isolated environments, and the isolated environments are streamed from the servers onto clients. The system may include the option of running both in on-line and off-line. When on-line, the system may include authentication of the streaming servers and authentication of clients and credentialing of the isolated environments and applications the clients are configured to run. The system may further include encrypted communication between the streaming servers and the clients. When off-line, the system may include the ability to run already installed isolated environments without requiring credentialing. The system may further include a management interface where administrators may add, remove and configure isolated environments, configure client policies and credentials, and force upgrades.

Abstract: Apparatuses, methods, and program products are disclosed for controlling a biometric reader. One apparatus includes a processor and a memory that stores code executable by the processor. The code is executable by the processor to determine, by use of the processor, whether a movement of the apparatus crosses a threshold. The code is executable by the processor to, in response to the movement of the apparatus crossing the threshold, adjust a biometric authentication algorithm. The code is executable by the processor to control a biometric reader based on the adjusted biometric authentication algorithm.

Abstract: A user equipment (UE) may be configured to transmit a registration message to a network to establish a secure connection for non-access stratum (NAS) messages between the network and a UE, the secure connection based at least in part on a UE identifier and security capabilities of the UE included in the registration message. The UE may then exchange NAS methods with the network over the secure connection. The UE may also establish, in response to the registration message, an authentication protocol with the network and encrypt subsequent NAS messages based in part on the authentication protocol.

Abstract: Methods and systems for visualizing, analyzing, archiving and securing computer and internet of things (IoT) data networks are disclosed. The system includes a data collection device (sensor), preprocessing unit, analysis unit containing at least the Koopman mode analysis unit, and a postprocessing unit. The methods include Koopman mode analysis, support vector machines or deep learning used to compute the baseline, detect and rank known and unknown threats to the system, visualize and archive them. The methods also include creating and representing an Artificial Intelligence (AI) determined risk level indicators; using combined intel and notice alert severities with the AI risk level indicators to rank the alerts; using the AI indicators to create zero day risks; an AI Button to show the AI indicators and ranked alerts on a computer screen; and graphic user interfaces (GUI) to intuitively represent and interact with the AI indicators and ranked alerts.

Abstract: A hardware encryption housing and a payment device using the hardware encryption housing includes a top shell, a bottom shell, a circuit board and a trigger switch configured to transmit a trigger signal when the top shell is separated from the bottom shell. A security chip, mounted on the circuit board, has a storage module configured to store key information and a detection module configured to clear the key information and lock the security chip after the trigger signal is detected. The trigger signal is transmitted when the top shell is separated from the bottom shell, and the detection module is provided in the security chip to detect whether the trigger switch transmits a trigger signal. When detected, the key information in the storage module is cleared and the security chip is locked.

Abstract: Disclosed is an improved approach for identifying suspicious administrative host activity within a network. Network traffic is examined to learn the behavior of hosts within a network. This provides an effective way of determining whether or not a host is performing suspicious activity over an administrative protocol.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, to provide digital identification. One of these methods includes comparing the location of a requester of a digital identification to the location of an owner of the digital identification. The method also includes providing information about the digital identification to the requester based at least in part on determining that the requester and the owner are within a predetermined distance.

Abstract: A method and device for classifying collected images. The method and device include instructions to compare a captured image to a known set of images to determine the location depicted therein; and applying a classification upon the image based upon the determined location depicted therein and whether the determined location indicates that the image has the potential to depict privacy sensitive information.

Abstract: According to an example aspect, there is provided an apparatus comprising a first optical converter coupled to a fiber interface and to two waveguides, a dual rail encoder configured to encode dual rail form light from the two waveguides with payload information, and wherein the dual rail encoder is coupled to the first optical converter or to a second optical converter disposed between the dual rail encoder and the fiber interface, and wherein the first optical converter or the second optical converter is coupled so as to provide polarization encoded light into the fiber interface.