Abstract: An image forming device includes a receiver and a switcher. The receiver receives data for executing a function of storing specific data in a preset private box. The switcher switches between first and second register modes when the function to be executed by using the data received by the receiver is copied into the image forming device. The first register mode is a mode in which a private box is manually registered in the image forming device. The second register mode is a mode in which a private box is automatically registered in the image forming device.

Abstract: This application provides a message processing method, an access controller, and a network node. The method includes: an access controller receives a first message used to obtain Internet Protocol (IP) address information for a user-side device and a first access loop identifier of a first network node, where the first message and the first access loop identifier are sent by the first network node, the first access loop identifier is not carried in the first message; the access controller obtains an authentication, authorization and accounting (AAA) message according to the first access loop identifier, wherein the AAA message comprises the first access loop identifier; and the access controller sends the AAA message to an AAA server.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for dynamic resource interaction allocation based on geographic positioning and usage category information associated with a resource interaction system. The invention receives a base positional location and category of usage for a resource interaction system. The invention determines a set of parameters to be used for interactions having characteristics meeting the determined base positional location and category of usage information. When it receives a proposed interaction from a requesting system containing geographic information and usage category information associated with the proposed interaction, it determines whether the geographic information and usage category information associated with the proposed interaction correspond to the base positional location and category of usage for the resource interaction system.

Abstract: Novel tools and techniques for are provided for implementing a hybrid spectrum access system and access probe framework. A system includes a base station coupled to a network, a spectrum access system, and user equipment coupled to the base station and the spectrum access system. The user equipment is configured to transmit, to the base station, a first network access request following a first access sequence while transmitting signals under a first power limit. If no response is obtained from the base station, the user equipment is configured to transmit a second network access request above the first power limit, but under a second power limit. The user equipment is configured to obtain spectrum access from the spectrum access system and transmit a second network access request to the base station.

Abstract: A wireless network device, for use within a wireless network, comprising: a processor; a memory; and an interface for receiving and transmitting data; wherein the wireless network device is adapted to: determine a first cost associated with communication between the wireless network device and a client device to which the wireless network device is connectable; determine a second cost associated with communication between the client device and a further wireless network device to which the client device is connectable; determine whether the first cost or the second cost is the lower cost; and if the second cost is the lower cost, the wireless network device is adapted to guide the client device to communicate with the further network device.

Abstract: Methods and systems for providing a wireless communication service are disclosed. A device identifier for a wireless communication service can be used to generate a connection profile (e.g., communication profile, wide-area network profile, service profile, network profile, etc.) for the wireless communication service that requires credentials for authentication. The connection profile can be generated in response to a user accessing or signing up for the wireless communication service. The connection profile can comprise a username that includes and/or mirrors the device identifier and a password generated by inputting the device identifier into a predefined function. The connection profile also can comprise an authentication identifier. A service provider applies a specific type of authentication for devices that provide the authentication identifier as part of an authentication request message.

Abstract: A method for detecting unauthorized eavesdropping. A first subscriber determines a transit time for the transmission of data to a second subscriber, adds the random value to the transit time to obtain a waiting time, waits for the waiting time, creates a data packet containing a time stamp and transmits this data packet to the second subscriber. The second subscriber records the time it receives the data packet and compares it with the time stamp contained in the data packet, determines that the data packet has arrived either: before the time indicated in the time stamp, more than a predefined tolerance time after the time indicated in the time stamp, or before or more than a predefined tolerance time after a time at which it can be expected in the second subscriber as an indication that communication between the first subscriber and the second subscriber is being eavesdropped on.

Abstract: Disclosed herein are systems and methods for continuous user authentication during access of a digital service. In an exemplary aspect, a continuous authentication module may receive, at a computing device, initial authentication credentials of the user. The initial authentication credentials enable access to a service via the computing device. While the service is being accessed, the continuous authentication module may continuously monitor whether an unauthorized user has replaced the user in accessing the service by comparing usage attributes of the service with historic usage attributes associated with the user. In response to determining that the unauthorized user has replaced the user, the continuous authentication module may cease the access to the service via the computing device.

Abstract: A system for providing security to a fleet of vehicles, the system comprising: a plurality of modules, each module configured to monitor messages propagating in an in-vehicle network of a vehicle comprised in the fleet; a memory having data characterizing messages, and software executable to: identify an anomaly in communications over the in-vehicle communication network; and instruct a communication interface, configured to support communication with an entity external to the vehicle, to transmit monitoring data responsive to the messages; and a processor configured to execute the software in the memory; and a data monitoring and processing hub external to the vehicles comprised in the fleet and operable to receive transmission of monitoring data from the plurality of modules.

Abstract: A method for handling a security procedure in a MC communication system is provided. The method includes selecting, by a MC service server, the security procedure, including a signaling procedure parameter during a key management procedure, and indicating, by the MC service server, the selected security procedure to protect at least one MC service signaling field by including the signaling procedure parameter to at least a MC service client during the key management procedure.

Abstract: A method for distributing an application for an edge computing device performed by a computing device according to an embodiment of the present invention includes selecting a cluster including two or more edge devices from among a plurality of edge devices, distributing a first application to a second edge device included in the cluster, modifying routing information such that a service request incoming to a first edge device included in the cluster is transmitted to the second edge device, and replacing the first application running in the first edge device with a second application.

Abstract: Unstructured data items are stored at an object storage service. A filtering requirement to be used to generate a result set for an access request is determined. Using a transformed representation of the filtering requirement, a target set of tokens of the filtering requirement which are to be obfuscated within a log record is identified. A log record that comprises substitute tokens for the target set of tokens is generated and stored.

Abstract: A system for providing network services is provided. The system includes a device configured to interface with the network to receive a container, where the container is configured to interface with an operating system of the device and a plurality of applications operating on the device. The container is further configured to interface with a network services provider of one or more network services and one or more third party service providers.

Abstract: An information processing apparatus includes a processor configured to receive, from a first user, data and data identification information for identifying the data, generate association information that associates the data identification information with cloud-storage identification information for identifying a cloud storage for storing the data from among multiple cloud storages, and store the data in the cloud storage.

Abstract: A quantum entanglement communication service can be provided by detecting a request to access data stored at a first computer. In response to detecting the data access request, a request can be generated to request that a server computer generate an entangled particle pair. Measurement data can be received, the measurement data corresponding to a measurement observed after interacting a first bit of a token stored at a second computer with a first entangled particle from the entangled particle pair. An operation to perform on a second entangled particle of the entangled particle pair at the first computer can be determined and performed. A state of the second entangled particle can be measured to obtain a value, and a bit string can be generated, where the bit string can include a number that corresponds to the value.

Abstract: Systems, devices, media, and methods are presented for transmitting shared visual content between networked devices with a linked source for the visual content by accessing and presenting visual content, receiving a network location for a network resource associated with the visual content, linking the network location to the visual content to generate linked visual content, and cause presentation of the linked visual content in a draft message within a graphical user interface.

Abstract: Described herein are methods and a system for managing devices in remote data centers using a cloud service user interface (UI). The cloud service UI receives device management requests to device management application program interface (API). At the cloud service side, the device management requests to device management application program interface (API) are intercepted and converted to device cloud management REST interfaces. The device cloud management REST interfaces to a remote data center of devices, and converted to device native API used to manage a specific device.

Abstract: A method for controlling the admission of slices in a virtualized telecommunication network and the congestion generated between services with different priorities instantiated on the slices and likely to share a given quantity of resources comprising the following steps of: defining a priority scale to be assigned to the network slices, defining a low priority threshold, determining the quantity of available and used network resources sp(t) and xp(t), determining the quantity of resources allocated to slices with a priority lower than the low priority threshold and which may be temporarily assigned to new slices with a priority higher than the threshold, and determining the slices likely to be accepted into the network, taking into account the available resources and the priority of the slices.

Abstract: Generally discussed herein are devices, systems, and methods for improving phishing webpage content detection. A method can include identifying first webpage content comprises phishing content, determining, using a reinforcement learning (RL) agent, at least one action, generating, based on the determined at least one action and the identified first webpage content, altered first webpage content, identifying that the altered first webpage content is benign, generating, based on the determined at least one action and second webpage content, altered second webpage content, and training, based on the altered second webpage content and a corresponding label of phishing, a phishing detector.

Abstract: Systems and methods are provided for monitoring and logging all activity occurring in a system. The logged activity may include keystroke entries input into the system, user and/or application interactions with the system, access restriction conflicts, and the like. The logged activity may be stored in at least two datastores, at least one of which is an immutable, append-only datastore. Storage of the logged activity in the immutable, append-only datastore is performed using hash algorithms. Attempts at manipulating or at hiding malicious or unauthorized activity can be recognized due to all activity being captured in the immutable, append-only datastore.

Abstract: The disclosed embodiments can be used to automate the acquisition and management of user consents for one or more campaigns, thus reducing the possibility of unintended violations of consent requirements as compared with existing systems. In accordance with the disclosed embodiments, each user consent may be associated with at least three different values. The consent management system may be configured to filter consent values for various users and send user-consent requests to certain users based on their filtered user-consent values. In some disclosed embodiments, a user may provide consent to allow communications of the user's information to certain “connected parties.” The connected parties, moreover, may need to separately provide user consent(s) as necessary to effectuate communications for a campaign in compliance with one or more laws, rules, or regulations.

Abstract: An attack communication detection device that is robust against a deviation from the design value of a communication interval is provided.

Abstract: A computer-implemented method comprises receiving an input associated with the arrival of an entity, performing a classification on the input to determine a purpose of the arrival of the entity, and based on a determined classification of the purpose of the arrival of the entity, invoking an action.

Abstract: A traceback solution is provided. For a network of autonomous systems, the traceback solution traces the autonomous system path taken by traffic flows. Every link in the traceback path is created, verified, and audited by autonomous systems. Multiple autonomous systems may take part in the process, making the system robust against fake information. The database used to store the validated traceback paths is a decentralized and distributed storage. Multiple copies of the database may be maintained by the network of autonomous systems. The database may be accessible by any participating autonomous system; and is not accessible from outside the network of autonomous systems. The traceback solution achieves both validation and non-repudiation property among the ASes. The traceback solution mitigates some important attack scenarios that might be targeted specifically at the traceback solution.

Abstract: Some embodiments of the invention provide a method of facilitating routing through a software-defined wide area network (SD-WAN) defined for an entity. A first edge forwarding node located at a first multi-machine site of the entity, the first multi-machine site at a first physical location and including a first set of machines, serves as an edge forwarding node for the first set of machines by forwarding packets between the first set of machines and other machines associated with the entity via other forwarding nodes in the SD-WAN. The first edge forwarding node receives configuration data specifying for the first edge forwarding node to serve as a hub forwarding node for forwarding a set of packets from a second set of machines associated with the entity and operating at a second multi-machine site at a second physical location to a third set of machines associated with the entity and operating at a third multi-machine site at a third physical location.

Abstract: A system, method, and computer-usable medium are disclosed for generating a cyber behavior profile comprising monitoring user interactions between a user and an information handling system; converting the user interactions into electronic information representing the user interactions, the electronic information representing the user interactions comprising temporal detail corresponding to the user interaction; and generating a user behavior profile based upon the electronic information representing the user interactions, the generating the user profile including a layer of detail corresponding to the temporal detail corresponding to the user interaction.

Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

Abstract: Methods, systems, computer-readable media, and apparatuses for determining partitions and virtual processes in a simulation are presented. A plurality of partitions of a simulated world may be determined, and each partition may correspond to a different metric for entities in the simulated world. A plurality of virtual processes for the simulated world may also be determined. The system may assign a different virtual process to each partition. An indication of the partitions may be sent to one or more partition enforcer services, and an indication of the virtual processes may be sent to a virtual process manager.

Abstract: A method may include receiving a digital certificate through a secure connection from a network access server, the secure connection passing through a network address translation device, validating the digital certificate with a policy management system, and establishing a secure tunnel between the network access server and the policy management system when the digital certificate is validated. Also, receiving, through the secure tunnel and from the network access server, a remote authentication dial-in user service access request having a network access server internet protocol address, validating the network access server with the network access server internet protocol address by the policy management system, and allowing a remote authentication dial-in user service traffic when the internet protocol address of the network access server is validated and closing the secure tunnel when the validating the network access server fails.

Abstract: A method of determining whether to provide user access to a computer resource may comprise receiving a request for the computer resource from a user device; obtaining, from the user device, an encrypted persistent cookie responsive to determining that the encrypted persistent cookie is present on the user device, wherein the encrypted persistent cookie comprises a fingerprint signature field comprising a previous device fingerprint encoded into the fingerprint signature field as part of a previous session; obtaining, from the user device, an obtained device fingerprint of the user device; comparing the obtained device fingerprint with the previous device fingerprint of the fingerprint signature field to derive a fingerprint variance representing a difference between the obtained device fingerprint and the previous device fingerprint of the fingerprint signature field; and processing the request for the computer resource based on the fingerprint variance.

Abstract: In accordance with aspects of the inventive concepts, a system and method provide ongoing authentication through processing of data that includes biometric data. Such systems and methods can use, as examples, face recognition and/or voice biometric data, or other biometric data, to identify the user in real-time and thereafter during an ongoing session. In various embodiments, the system can continuously or repeatedly authenticate one or more users using biometric data to control access to information and/or functions in real (or near real) time. The system can be configured to optimize and/or minimize resource consumption associated with the ongoing authentication process.

Abstract: A network system includes a refrigerator, a terminal, and a server that is capable of communicating with the refrigerator and the terminal and that provides, to the terminal, at least information based on an opening/closing operation of a door of the refrigerator. When the refrigerator starts an eco-mode, the server restricts an operation related to the watching service.

Abstract: A method in a virtual private network (VPN) environment, the method including determining, by a VPN server, an encrypted authentication packet based at least in part on utilizing an encryption key and a nonce to encrypt one or more fields of an initial authentication packet; transmitting, by the VPN server to an authentication server, the encrypted authentication packet to enable VPN authentication of a device requesting VPN services from the VPN server; determining, by the authentication server, a response regarding the VPN authentication based at least in part on decrypting the one or more fields utilizing a decryption key and the nonce; and transmitting, by the authentication server to the VPN server, the response regarding the VPN authentication. Various other aspects are contemplated.

Abstract: A method, computer system, and computer program product are provided for peer risk benchmarking. Customer data for a first network is obtained, wherein the customer data comprises a role of one or more network devices in the first network and a plurality of risk reports corresponding to the one or more network devices, and wherein each risk report is associated with a particular dimension of a plurality of dimensions of risk for the one or more network devices. A network profile image is generated by processing the plurality of risk reports. A generative adversarial network generates a synthetic network profile image from the network profile image, wherein the synthetic network profile image does not include the customer data. A second network is evaluated using the synthetic network profile image to identify differences between the first network and the second network.

Abstract: Examples to determine media impressions using distributed demographic information are disclosed. An example apparatus includes a reporter to detect at the client device a login event. The example apparatus also includes a communication interface to send a communication to an impression monitor system in response to the reporter detecting at the client device the login event via the login webpage, the login event associated with a first Internet domain different from a second internet domain of the impression monitor system. The example communication interface also sends a login reporting message to the database proprietor, the login reporting message including first and second cookie identifiers, the first cookie identifier associated with the first Internet domain, and the second cookie identifier associated with the second Internet domain of the impression monitor system.

Abstract: A wearable device includes an audio system. In one embodiment, the audio system includes a sensor array that includes a plurality of acoustic sensors. When a user wears the wearable device, the audio system determines an acoustic transfer function for the user based upon detected sounds within a local area surrounding the sensor array. Because the acoustic transfer function is based upon the size, shape, and density of the user's body (e.g., the user's head), different acoustic transfer functions will be determined for different users. The determined acoustic transfer functions are compared with stored acoustic transfer functions of known users in order to authenticate the user of the wearable device.

Abstract: A network device may send, to a Dynamic Host Configuration Protocol (DHCP) server, a request for an Internet Protocol version 6 (IPv6) address to be assigned to a management port of the network device, wherein IPv6 is disabled at the network device, and may receive a message that includes information associated with a network management system (NMS) and IPv6 configuration information for enabling IPv6 processing on the management port. In response to receiving the IPv6 configuration information, the network device may enable IPv6 processing on the management port of the network device and may register with the NMS based at least in part on the information associated with the NMS. The network device may, in response to receiving one or more configuration commands sent from the NMS to the management port of the network device, configure the network device according to the one or more configuration commands.

Abstract: Provided is a CAN communication based abnormal message detection method including obtaining reception times of reception messages; a reception filtering operation for performing a period calculation for comparing a difference between reception times of reception messages having the same message ID and a reference period of the corresponding message ID; an abnormal message detecting operation for determining the reception messages as abnormal messages when, as a result of the period calculation, the difference between the reception times is smaller than the reference period and determining the reception messages as normal messages when the difference between the reception times is greater than the reference period; and a blocking operation for blocking the abnormal messages.

Abstract: A lost or stolen mobile electronic device may attempt to attach to a foreign network where the phone is not blocklisted. During the foreign network/roaming attach process, a location update may be sent to the home network. The location update may include identifying information for the device. A mapping of the device and the foreign network's association may be stored within an operator database at the home network. Once the lost or stolen phone authenticates with an access point (AP), the mobile device may associate or register with the AP to gain full access to the foreign MNO. The lost or stolen phone may send an Association Request including updated location information and the phone's identification to the phone's home network. If the mapping does not include the phone's identification and the requesting foreign network, then the home network will deny the association request.

Abstract: A computer security system with enhanced whitelisting includes user interfaces that accept user inputs to create and modify a set of rules that define which programs are allowed to execute on one or more target systems. Upon an attempt to run a program, the set of rules are used to determine if the program is allowed to run. If any rule indicates that the program is allowed to run, the program is run. Otherwise, a user interface is presented to either block execution of the program or to create a new rule that would allow execution of the program this time and in the future.

Abstract: Embodiments disclosed provide a virtual currency system within a messaging application by performing operations comprising: launching, within a messaging application, a third-party application; receiving, by the messaging application from the third-party application, a request to perform an ecommerce transaction in relation to an item available for consumption on the third-party application; determining, by the messaging application, an expected attribute for the item based on accessing a database that stores expected attribute information for multiple items; verifying, by the messaging application, that an attribute of the item specified by the request corresponds to the expected attribute for the item; and processing, by the messaging application, the ecommerce transaction in response to successfully verifying that the attribute of the item satisfies a verification criterion based on the expected attribute for the item.

Abstract: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework.

Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator, EAP authentication server and computer program are also disclosed.

Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to receive a request to upload a file to a directory and determine whether the request is a request to upload a predefined type of file to the directory. In addition, based on a determination that the request is a request to upload the predefined type of file to the directory, the processor may determine, through application of a predictive model, whether the directory is a user content directory and based on a determination that the application of the predictive model indicates that the directory is a user content directory, block the request and/or output a notification regarding the receipt of the request.

Abstract: A system including a mobile terminal having an authenticator, a TPM with tamper resistance and a voice assistant. The voice assistant makes a process request corresponding to voice input of a user to a server in accordance with the input, receives a biometric authentication request from the server, makes a request for a biometric authentication process to the mobile terminal of the user in accordance with the request for biometric authentication via wireless communication, and transmits an authentication result from the mobile terminal to a server. The mobile terminal executes the biometric authentication process using biometric information stored in the authenticator and the TPM in accordance with the request for the biometric authentication process from the voice assistant, and transmits an authentication result to the voice assistant.

Abstract: A method for tracing individuals through physical spaces that includes registering cameras in groupings relating a physical space. The method further includes performing local video monitoring including a video sensor input that outputs frames from inputs from recording with the cameras in the groupings, a face detection application for extracting faces from the output frames, and a face matching application for matching faces extracted from the output frames to a watchlist, and a local movement monitor that assigns tracks to the matched faces. The method further includes performing a global monitor including a biometrics monitor for preparing the watchlist of faces, the watchlist of faces being updated when a new face is detected by the cameras in the groupings, and a global movement monitor that combines the outputs from the assigned tracks to the matched faces to launch a report regarding individual population traveling to the physical spaces.

Abstract: Techniques are described that enable a user to create and use a secret user account on a social networking system that is undiscoverable by other user accounts unless invited to interact by the secret account. In some cases, a social networking system receives a request to create a secret account, and creates the secret account. The social networking system may provide, in association with the secret account, account settings for the secret account that cause the social networking system to exclude the secret account from search results on the social networking system, and obscure activity by the secret account from a first user account. The social networking system may cause presentation of a control in a user interface associated with the secret account to invite a second user account to interact with the secret account.

Abstract: A content server can extend enterprise content management to a leading system in an efficient, automated, and seamless manner by leveraging the permission information provided by the leading system. The content server can sync the permission information with the leading system, evaluate user-manager relations, role-based rule definitions, and user-group associations defined in the leading system, and determine and/or update role memberships for workspaces created in the content server for users in the leading systems. In this way, even though the content server and the leading system have very different types of roles and permission models, the content server can evaluate complex relationships and role-based rules and intelligently, correctly, and quickly assign the right people to the right roles in the right workspaces in the content server.

Abstract: Server access channel correlation information for multiple web access sessions is captured. The server access channel correlation information includes, for each web access session, a session-originating server access channel identifier of a server access channel that originated the web access session, and at least one cross-session correlation identifier usable to correlate sets of web access sessions and usable to correlate the sets of web access sessions with orders. In association with an order placed by a consumer during one of the web access sessions, integrated server access channel correlation information is captured that documents each server access channel that originated each web access session associated with the order.

Abstract: A mobile application privacy analysis system is described, where the system scans a mobile device to identify files associated with a particular SDK and generates a tokenized name for the SDK. The tokenized name includes tokens representing the SDK vendor and one or more functions of the SDK. Using the tokenized name, the system then determines corresponding categories for each functionality token and score for each such category. Based on the scores, the system determines the most significant category and assigns that category to the SDK for use in privacy analysis. The system may also, or instead, determine a vendor category using the vendor token and assign that category to the SDK. Weighting factors may be applied to the scores for the categories associated with the functionality tokens and vendor tokens.