Abstract: A device receives call information associated with a call from a first user device to a second user device, where the first user device is associated with a first network, and the second user device is associated with a second network separate from the first network. The call information includes a caller identification and is received via an originating network device of the first network. The device determines whether the caller identification is verified, and adds authentication information to the call information when the caller identification is verified. The device receives the call information and the authentication information from a terminating network device of the first network, and removes the authentication information from the call information. The device adds a cryptographic signature to the call information, and causes the call information and the cryptographic signature to be provided to the second network for routing to the second user device.

Abstract: Systems and methods are provided for restoring backup data files. One example computer-implemented method includes receiving a restore request including a backup data file having an L1 file, a wrapped L1 key, and an L4 file having an attribute of a user. In response, the method includes unwrapping the L1 key with a private key, decrypting the L1 file via the L1 key, and verifying a sample biometric included in the restore request against a reference biometric from the L1 file. Upon verification of the sample biometric, the method includes decrypting an L2 file of the L1 file, verifying a contact attribute from the L2 file with the user, decrypting an L3 file using the contact attribute, wrapping an L4 key from the L3 file with the public key of the restore request, and transmitting the wrapped L4 key to a mobile device of the user.

Abstract: A system for establishing a trusted path for secure communication between client devices and server devices, such as between an account holder and a financial institution, can provide the core security attributes of confidentiality (of the parties), integrity (of the information), anti-replay (protection against replay fraud) and/or anti-tampering (protection against unauthorized changes to information being exchanged and/or modules that generate and communicate such information). A messaging layer implementation in favor of a transport layer implementation can provide a trusted path. This infrastructure features secure cryptographic key storage, and implementation of a trusted path built using the cryptographic infrastructure. The trusted path protects against unauthorized information disclosure, modification, or replays. These services can effectively protect against Man-in-the-Middle, Man-in-the-Application, and other attacks.

Abstract: A trust chain having client system and a remote system in a secure connection, wherein an intermediary system associated with the network flow path serves as a signing entity to establish an end to end transitive trust. The intermediate system is a corroborative entity in the operations technology realm of the client system. The remote system serves as the host for a plurality of services in the information technology realm. A two way handshake during the initial secure exchange protocol between a local client application and a remote service is extended to a three way handshake that includes a nonce issued by the remote service on the remote system and a digital signature for the nonce issued by a signature service on an associated intermediate system. The nonce signature is verified authoritatively at the remote system based on the signing certificate of the intermediate system for explicit proof of association.

Abstract: A share [x]i of plaintext x in accordance with Shamir's secret sharing scheme is expressed by N shares [x0]i, . . . , [xN?1]i, and each share generating device Ai obtains a function value ri=Pm(i(?))(si) of a seed si, obtains a first calculated value ?i=?(i, i(?))[xi(?)]i+ri using a Lagrange coefficient ?(i, i(?)), a share [xi(?)]i, and the function value ri, and outputs the first calculated value ?i to a share generating device Ai(?). Each share generating device Ai accepts a second calculated value ?i(+), obtains a third calculated value zi=?(i, i(+))[xi]i+?i(+) using a Lagrange coefficient ?(i, i(+)), a share [xi]i, and the second calculated value ?i(+), and obtains information containing the seed si and the third calculated value zi as a share SSi of the plaintext x in secret sharing and outputs the share SSi.

Abstract: Systems, devices and techniques for an adaptive application-specific probing scheme are disclosed. An example network device includes memory configured to store a network address and probe protocol usable for probing a first network device associated with a source of an application, and one or more processors configured to determine a network address and probe protocol usable for probing the first network device, wherein the first network device comprises a server that is responsive to the probing, the server executing the application for the data flow, or a closest network device, to the server, that is responsive to the probing. The one or more processors are also configured to send to a second network device at a location serviced by the application, a message specifying the network address and probe protocol usable for probing the first network device.

Abstract: A method including transmitting, by a first meshnet device to a third-party application installed on the first meshnet device, an association between a second meshnet device and a unique identifier of the second meshnet device; receiving, by the first meshnet device from the third-party application, a query for a meshnet IP address assigned to the second meshnet device; transmitting, by the first meshnet device to the third-party application based on receiving the query, the meshnet IP address assigned to the second meshnet device; receiving, by the first meshnet device from the third-party application based on transmitting the meshnet IP address, a communication packet to be transmitted to the second meshnet device, the communication packet indicating the meshnet IP address as a destination address; and transmitting, by the first meshnet device, the communication packet to the second meshnet device is disclosed. Various other aspects are contemplated.

Abstract: A method performed by a CMS and an edge node of a CDN is provided, including: sharing a server secret between the CMS and the edge node; using, by the CMS, the server secret to generate a signing key, the signing key being transmitted to a client system, wherein the client system receives a request for a content item from a user device, and wherein the client system uses the signing key to generate a signed URL for the content item, the user device being redirected to the signed URL; responsive to receiving the signed URL from the user device, then validating the signed URL by the edge node, wherein validating the signed URL uses the server secret to rederive the signing key based on the signed URL; responsive to successful validation of the signed URL, then providing the content item from the edge node to the user device.

Abstract: In certain embodiments, a token (e.g., a short-range wireless token or other token) may be provided to facilitate authentication. In some embodiments, the token may obtain a first challenge from a computer system. The token may determine which challenge type of multiple challenge types the first challenge corresponds. The token may cause a secure component to use a key associated with a first challenge type to generate a first challenge response for the first challenge based on the first challenge corresponding to the first challenge type, where the key associated with first challenge type may be selected by the secure component from multiple keys (for the generation of the first challenge response) based on the first challenge corresponding to the first challenge type. The first challenge response may be provided to the computer system.

Abstract: Disclosed are a joint modeling method and apparatus for enhancing local features of pedestrians. The method includes the following steps: S1: acquiring an original surveillance video image data set, dividing the original surveillance video image data set into a training set and a test set in proportion; S2: cutting the surveillance video image training set to obtain image block vector sequences. In the present disclosure, local features of pedestrians in video images are extracted by a multi-head attention neural network, weight parameters of image channels are learned by channel convolution kernels, spatial features on the images are scanned through spatial convolution, local features of pedestrians are enhanced to improve the recognition rate of pedestrians, a feed-forward neural network and an activation function are adopted, so as to realize pedestrian re-recognition, thereby obtaining face images available.

Abstract: Disclosed in some examples are methods, systems, devices, and machine-readable mediums which utilize authentication tokens recorded to a blockchain to identify and/or authenticate participants of a network-based communication session such as a network-based meeting. When joining the meeting, the participant may provide a token recorded on a blockchain to the communication service from the blockchain. The communication service may then identify and/or authenticate the user based upon the provided token. Various user-specific customizations and settings may then be applied and the user may be admitted to the meeting without having to enter a waiting room and be explicitly let in.

Abstract: The disclosed technology is generally directed to the authentication of software. In one example of the technology, a private attestation key is stored in hardware. In some examples, during a sequential boot process a hash is calculated, in an order in which the software stages are sequentially booted, of each software stage of a plurality of software stages. The hashes of each software stage of the plurality may be cryptographically appended to an accumulation register. The accumulation register may be used to attest to validity of the software stages. The plurality of software stages may include a first bootloader, a runtime for a first core of a multi-core processor, and a runtime for a first execution environment for a second core of the multi-core processor.

Abstract: A blockchain-based supervision system of hazardous chemical production includes: a collection layer, for collecting production data information, wherein a collection device in the collection layer sets a TEE to encrypt or hash the collected production data information; a data layer, for uplinking a hash certificate of the production data information through an alliance chain, wherein the collection layer communicates with the data layer; a blockchain, for deploying a file uplink contract and encrypting and storing a file on a privacy computing server after the file is connected to the trusted environment; and a privacy computing system, for forming a metadata market of the data from file description information, recording the metadata information of the collected data. A data user applies for the right of use to a production enterprise that produces the data, and after obtaining authorization, the data user performs various applications on the privacy computing system.

Abstract: When a user attempts to access a first application installed on a user device, it can send an authentication request to an authentication server. The authentication server can assign a unique request token to the request and load a script to a component of the operating system executing on the user device that displays content within the first application. The script can cause a portal application to launch on the user device. The portal application can send a request to the authentication server on behalf of the user, including the unique request token and an access token stored by, or accessible to, the portal application. The authentication server can receive the request from the portal application and validate the request based on the unique request token and the access token. Upon validating the request, the authentication server can authenticate the user at the first application.

Abstract: A consumer account may invoke an operation referencing a set of shared objects stored within a database of a provider account using an imported database that makes the set of shared objects available within the consumer account. A call context of the operation may be updated to cache the imported database, which references a share created from the provider account database, the share having grants to the set of shared objects. One or more database level objects may be discovered in a context of the share and each role granted to the share may be obtained based on the one or more database level objects. Whether any role granted to the share has access to any of the set of shared objects may be determined and the operation may be executed for each of the set of shared objects to which any role granted to the share has access.

Abstract: The present invention relates to a method of processing a transaction sent from a proof entity (1) connected to a verification entity (2); the proof entity (1) having at least one secret key and a candidate authentication data, the verification entity (2) having the hash value of a reference authentication data; the method comprising the steps of: (a) generation by data processing means (11) of the proof entity (1) of: a signature of the proof entity (1) from said secret key; a zero-knowledge proof of the fact that the candidate authentication data and the reference authentication data match; (b) transmission to the verification entity (2) of transaction data comprising at least: said signature of the proof entity (1); said zero-knowledge proof; (c) verification by the data processing means (21) of the verification entity (2) that said signature of the proof entity (1) and the zero-knowledge proof are valid; (d) processing said transaction.

Abstract: A video player for playing a video stream that receives a master playlist identifying at least one variant playlist identifying a video file encoded as a series of video frames that when decoded provide the video stream. The video player based upon a configuration tag in the master play list selectively determining whether the video file is to be processed in a trusted execution environment. The trusted execution environment of the video player selectively includes at least one of (i) hack one, only hack one; (ii) output and link protection; (iii) hardware root of trust; and (iv) forensic watermarking, and decrypts and/or decodes the video stream in such an environment.

Abstract: Generating a rights blockchain storing rights of a user, including: receiving an enrollment request and a public key from the user; verifying that the user has a private key corresponding to the public key; generating a user identifier using the public key; and generating and delivering the rights blockchain having a genesis block including the user identifier to the user.

Abstract: A method can include storing host code executable by a host device in a nonvolatile memory (NVM) device and NVM code executable by the NVM device. The NVM device can validate the integrity of the NVM code in response to predetermined conditions and generate a code integrity value for validating the NVM code. The code integrity value having a size independent of a size of the host code. An authentication code can be sent to the host device that is generated with at least the code integrity value. In response to read requests from the host device, returning at least portions of the host code for execution by the host device. Corresponding devices and systems are also disclosed.

Abstract: Embodiments described herein are directed to managing device compliance for devices that are connected to an enterprise network. For example, a mobile device manager may provide configuration settings to a computing device, which implements the settings in order to be compliant with an enterprise's data and/or security policy. The mobile device manager also maintains a local reference of each device's configuration settings implemented thereby. When the mobile device manager subsequently performs a determination as to whether the computing device is still in compliance, the mobile device manager simply needs to refer to the local reference to determine the computing device's settings instead of explicitly querying the computing device for its settings.

Abstract: Establishing a diagnostic OS for an information handling system platform performing a UEFI BIOS boot to place the platform in a pre-OS state. Upon detecting a particular POST error and/or a platform configuration policy, an embedded OS kernel may be launched into a DRTM-authenticated measured launch environment (MLE). Additional objects for the diagnostic OS may be downloaded. The additional objects may include an initial ramdisk (initrd) module and one or more applications specific to the particular diagnostic OS. The diagnostic OS may be launched as follows: for each diagnostic OS application, launching the application and extending a measurement of the application into a DRTM PCR. Launching the diagnostic OS may include launching an initrd module and extending a measurement of the initrd module into the DRTM PCR. A measurement of embedded OS kernel may be extended into the TPM and the embedded OS kernel may validate the UEFI BIOS sequence.

Abstract: Multi-link device (MLD) devices and transitions are described. The MAC addresses of the AP MLD and non-AP MLD are used to generate keys for different fast transitions (FT) between a non-AP MLD and an AP MLD. In an FT initial mobility domain operation, the AP MLD MAC address is used as the R1KH-ID and the non-AP MLD MAC address is used as the S0KH-ID and S1KH-ID. The MAC addresses are exchanged in Authentication Request/Response or Association Request/Response messages and the GTK/IGTK/BIGTK are delivered in a single FT 4-way handshake. In a fast MLD transition to an AP MLD in the same ESS, the other AP MLD MAC address is used as the R1KH-ID and the non-AP MLD MAC address is used as the S1KH-ID. The MAC addresses are exchanged in Authentication Request/Response or Association Request/Response messages and the GTK/IGTK/BIGTK are delivered in an FTE.

Abstract: A method for fast access to a data resource in a blockchain network is provided. The method includes opening a dedicated socket in a server to receive a datum from a data source and authenticating a signature of the data source to verify that the data source is a reliable data source. The method also includes storing the data in a dedicated memory space in the server, allowing a blockchain application to access the data in the dedicated memory space using a function that has accessibility to the dedicated memory space, and writing the data in a blockchain block when a block producer reads the data from the blockchain application. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.

Abstract: A multiclass classifier generates a probability vector for individual data units of an input data stream. The probability vector has prediction probability values for classes that the multiclass classifier has been trained to detect. A class with the highest prediction probability value among the classes in a probability vector is selected as the predicted class. A confidence score is calculated based on the prediction probability value of the class. Confidence scores of the class are accumulated within a sliding window. The class is declared to be the detected class of the input data stream when the accumulated value of the class meets an accumulator threshold. A security policy for an application program that is mapped to the class is enforced against the input data stream.

Abstract: Techniques are described for performing multi-factor authentication of a user during a service session, based at least partly on a code conveyed using an audio file. A code is generated that corresponds to the user and/or their user device. A playback device that is registered to the user can be used to output a playback of an audio file that encodes the code. The playback of the audio file is conveyed through the service session by the user device and received by a backend server, which analyzes the playback of the audio file to extract the code. The user can be authenticated based at least partly on verifying the code that is extracted from the playback of the audio file, by comparing the extracted code to the code that was generated and sent to the playback device.

Abstract: When personally identifiable information (PII) is to be stored or updated, a system first seeks consent from the user for the PII store or update. If the user grants consent, then the system stores the PII in the user's personal device or updates the PII stored in the user's personal device. The system then retrieves that PII and generates a token representing that PII. Even if the token were taken by a malicious user, it would not be possible for the malicious user to determine the user's actual PII from the token. In this manner, the security of the PII is improved over conventional systems.

Abstract: A medical device of a medical system is configured for communicating with an external programmer over a wireless communications link. The medical device comprises a wireless communications module configured for receiving a first unencrypted version of a random number and a first encrypted version of the random number from the external programmer over the wireless communications link. The medical device further comprises control circuitry configured for performing an authentication procedure on the external programmer based on the first unencrypted version of the random number and the first encrypted version of the random number, and preventing the external programmer from commanding the medical device to perform an action unless the authentication procedure is successful.

Abstract: In embodiments of the present disclosure, a method is provided for managing a mesh point. A request is transmitted from a mesh point to a mesh portal, and the request indicates that Reduced Neighbor Report (RNR) information is required. A beacon with the RNR information is received from the mesh portal. A mesh link is established with a target mesh portal based on the beacon with the RNR information. Therefore, the time cost and the data communication of a scanning procedure of the mesh point may be greatly reduced. Further, communications in the scanning procedure are lowered, such that conflicts in the air may be alleviated.

Abstract: A system and method described below prevents exploitation of a client's PKI station using the a token installed on other host (attackers') processors. This is accomplished by binding the token to the approved PKI client station (host) using the a software development kit installed in the PKI client station. Once a token is bound to a PKI client station, the token can no longer be used on another station unless permitted by authorized personnel.

Abstract: An in-vehicle encryption system for use in a vehicle comprising a plurality of vehicle subsystems. The system comprises a security ECU module that communicates with a remote cryptographic module, the security ECU module comprising a processor and a per vehicle master secret (PVMS) value stored in the security ECU module. The security ECU module uses the PVMS value to authenticate with the remote cryptographic module and to establish an external encrypted communication link with the remote cryptographic module. The system further comprises a first subsystem ECU module that generates a first globally unique identifier (GUID) and a second subsystem ECU module that generates a second GUID. The security ECU module uses the first GUID value to establish a first encrypted communication link with the first subsystem ECU module.

Abstract: Baseboard management controller (‘BMC’) group administration includes: receiving, by a member BMC from a leader BMC, a leader certificate and a request to join a group of the leader BMC, where the request is signed by the leader BMC and the leader certificate is signed by a certificate authority; authenticating, by the member BMC, the leader certificate and the request; and sending, by the member BMC, an acknowledgement to the leader BMC to join the leader BMC's group.

Abstract: A network system that includes a first set of network hosts in a first domain and a second set of network hosts in a second domain. Within each of the domains, the system includes several edge switching elements (SEs) that each couple to the network hosts and forward network data to and from the set of network hosts. Within the first domain, the system includes (i) an interior SE that couples to a particular edge SE in order to receive network data for forwarding from the edge SE when the edge SE does not recognize a destination location of the network data and (ii) an interconnection SE that couples to the interior SE, the edge SE, and the second domain through an external network. When the edge SE receives network data with a destination address in the second domain, it forwards the network data directly to the interconnection SE.

Abstract: Exemplary methods for facilitating secure communication between a mobile network subscriber and various service providers (SPs), the subscriber being associated with a plurality of entities comprising any combination of devices and profiles. Some embodiments can include: obtaining a security identifier associated with the subscriber; based on the security identifier, establishing an identity hierarchy comprising the plurality of entities associated with the subscriber; based on the security identifier, establishing consents for SPs to access data generated by the entities of the identity hierarchy; in response to a request comprising the security identifier, receiving a public key usable to encrypt data for sending to a particular SP, the data being decryptable using a corresponding secret key associated with an established consent for the particular SP; and encrypting the data using the public key and the identity hierarchy.

Abstract: An image processing apparatus includes a communicator that performs wireless communication with a terminal device; and a controller. The controller performs pairing with the terminal device, establishes wireless communication with the paired terminal device via the communicator, acquires information on a transmission destination of an image from the terminal device, disconnects the wireless communication after acquiring the information on the transmission destination, and releases the pairing with the terminal device by disconnecting the wireless communication.

Abstract: The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal and the server both have access to a second key (K2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.

Abstract: A communication system may include a first radio frequency (RF) device configured to generate a Bluetooth Low Energy (BLE) advertisement responsive to an input event, transmit the BLE advertisement in a BLE advertisement burst comprising a number of transmissions in at least one BLE advertising channel, and discontinue transmission of the BLE advertisement after transmission of the BLE advertisement burst. The system may further include a second RF device configured to scan for the BLE advertisement in the at least one BLE advertising channel, and communicate with the first RF device over a BLE data channel responsive to receiving the BLE advertisement.

Abstract: A method of operating a user equipment, UE, includes establishing a radio resource control, RRC, connection with a base station, following establishment of the RRC connection, sending an indication of a security capability of the UE to the base station, receiving a non-access stratum, NAS, message, from the base station, wherein the NAS message identifies a selected security algorithm, and generating the access stratum security key to be used with the selected security algorithm.

Abstract: Various embodiments of the present disclosure provide systems and methods for securing electronic devices, such as financial payment terminals, to protect sensitive data and prevent unauthorized access to confidential information. In embodiments, this is achieved without having to rely on the availability of backup energy sources. In certain embodiments, tampering attempts are thwarted by using a virtually perfect PUF circuit and PUF-generated secret or private key within a payment terminal that does not require a battery backup system and, thus, eliminates the cost associated with common battery-backed security systems. In certain embodiments, during regular operation, sensors constantly monitor the to-be-protected electronic device for tampering attempts and physical attack to ensure the physical integrity.

Abstract: A key sharing system that generates a shared key that is used to perform encrypted communication between a first device and a second device according to an authenticated key sharing protocol, at least one device of the first device and the second device including: calculation means for calculating a shared value ?j of shared values ?i (i=1, . . . , n) that are used to generate the shared key, the shared value ?j being calculated through pairing computation, using a private key DA,1 as an input; entrusting means for entrusting an information processing apparatus that is connected to the device via a network, with calculation of a shared value ?k (k?j) of the shared values ?i (i=1, . . . , n), the shared value ?k being calculated through pairing computation, using a private key DA,2 as an input; and key generation means for generating the shared key, using the shared value ?j calculated by the calculation means and the shared value ?k calculated by the information processing apparatus.

Abstract: A system is provided for implementing a data processing transaction for a home processor located within a home region. The system is configured to receive a query from a user device of a user, search a list of partner processors located within a foreign region based on the query and transmit to the user device information relating to one or more partner processors determined as a result of the search. The system receives a request to authenticate the data processing transaction at a selected partner processor, verifies an identity of the user based on the request and transmits an indication of successful authentication. The system transmits at least a portion of data relating to a registration of the user at the home processor to the selected partner processor, wherein the data processing transaction is processed by the partner processor based on the transferred data.

Abstract: Various embodiments of apparatuses and methods for multi-cast, multiple unicast, and unicast distribution of messages with time synchronized delivery are described. In some embodiments, the disclosed system and methods include a reference timekeeper providing a reference clock to one or more host computing devices. The one or more host computing devices host compute instances, and also contain respective isolated timing hardware outside the control of the compute instances. The isolated timing hardware of the one or more host computing devices then receive respective packets, and obtain the same time to deliver the respective packets. Each isolated timing hardware provides either the packet, or information to access the packet, to its respective destination compute instance subsequent to determining that the same specified time to deliver the packet has occurred. Thus, the respective packets are delivered near simultaneously to the one or more destination compute instances.

Abstract: A method for electing a representative node device is performed at a blockchain system, including: obtaining voting transaction data from the node devices, the voting transaction data being used for voting for one or more node devices of the blockchain system as representative node devices; generating and storing the voting transaction data into a target blockchain of the blockchain system when a plurality of node devices of the blockchain system verify the voting transaction data by consensus; and when a quantity of blocks in the target blockchain generated using the voting transaction data reaches a preset quantity, determining an election result according to quantities of votes of the node devices determined from the voting transaction data, the election result identifying a plurality of representative node devices in the blockchain system being configured to generate new blocks for the target blockchain and perform verification on the new blocks by consensus.

Abstract: Systems for communicating over a network and between two or more network connected devices. In particular, the disclosure reveals systems which may utilize multicast communication protocols to facilitate secure communication among one or more network connected devices. A system for secured messaging may include a network system including a first server, a second server and a first node. Further, the first server is configured to authenticate the first node for secure multicast messaging, and the second server is configured to authenticate the first node for secure multicast messaging.

Abstract: An information processing device includes a processor programmed to: receive an instruction from a user; and select, based on the received instruction, between: a first mode that receives a selection of a workflow to process target data before the target data is received; and a second mode that receives a selection of a workflow to process target data after the target data is received.

Abstract: An electronic device and a method, to control permission associated with annotations in an online conference, is provided. The electronic device receives profile information associated with each of a plurality of participants associated with the online conference to be hosted by a host of the electronic device. The electronic device grants, to a first set of participants of the plurality of participants, a permission to annotate media content to be shared during the online conference based on the profile information. The electronic device receives, from a set of electronic devices associated with the first set of participants, annotations related to the media content, based on the permission. The electronic device controls display of the received annotations and the media content on each of a first display device associated with the first electronic device and on a second display device associated with each of the set of electronic devices.

Abstract: An onboard communication network of a vehicle is monitored to detect a plurality of available messages that include respective cipher-based message authentication codes (CMAC) and that were identified as eligible messages based on having an information entropy greater than a specified threshold. A first message is selected from the plurality of available messages. The CMAC of the selected message is input into a random number generator that outputs a random number seeded by the CMAC of the selected message. Then the random number is provided.

Abstract: An authenticated, ID-based private/public key pair, with a self-certified public key, is generated using Kummer arithmetic without bilinear pairings. Two or more parties can generate such key pairs and use them as their respective long-term key pairs which, when combined with the parties' short-term key pairs, can allow the parties to establish an authenticated, short-term shared key. Some embodiments are suitable for connected vehicles communicating with each other and/or with other systems. Other features are also provided.

Abstract: The present invention discloses methods and systems for communicating at a cellular router between a first wireless communication module and a first subscriber identity module (SIM). The cellular router receives a first request from a first wireless communication module and encapsulates the first request in a first modified request. The cellular router then sends the first modified request to a first SIM card in a first communication apparatus and waits for a first modified reply. While waiting for the first modified reply the cellular router sends at least one halt message to the first wireless communication module after a first time threshold. After receiving the first modified reply, the cellular router decapsulates the first modified reply to retrieve a first reply and sends the first reply to the first wireless communication module where the first modified reply is a reply to the first modified request.

Abstract: A system for identifying email messages associated with phishing threats accesses an email message sent to a receiving computing device, where the email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system determines that the email message is associated with a phishing threat, in response to determining that the sender's email address is not associated with a token from a plurality of tokens from among a token-email mapping table.

Abstract: A system for tenant security control includes an interface and a processor. The interface is configured to receive a request to access shared services; provide a user interface for selecting a shared service of the shared services; and receive a selection of the shared service of the shared services. The processor is configured to determine data associated with the shared service of the shared services; store a shared-service tag indicating the data is associated with the shared service of the shared services and a tenant identifier tag indicating the data is associated with a contributing tenant; transfer the data to a model development system; determine a model using the data transferred to the model development system; and store the model.