Abstract: A device facilitating countersigning updates for multi-chip devices includes at least one processor configured to receive, from a collocated chip, a data item and a software update, the data item being signed using a private key corresponding to a primary entity associated with the collocated chip and the data item comprising an authentication code generated using a symmetric key corresponding to a secondary entity associated with the software update. At least one processor is further configured to verify the data item using a public key associated with the primary entity. At least one processor is further configured to verify the software update based at least in part on the authentication code and using the symmetric key corresponding to the primary entity. At least one processor is further configured to install the software update when both the data item and the software update are verified, otherwise discard the software update.

Abstract: A virtual machine (VM) system includes a network, hosts that are able to communicate over the network, a storage cluster of nodes made up by the hosts, and VMs running on the hosts. As part of the storage cluster, the nodes pool their storage devices into a clustered datastore shared across all the nodes. The VMs are stored in the clustered datastore. Two of the nodes take roles of a reflector node and a backup reflector node. The other nodes, excluding the reflector node but including the backup reflector node, are configured to establish unicast connections over the network with the reflector node. The nodes in the storage cluster are configured to communicate clustering service information over the unicast connections.

Abstract: Systems and methods are provided for providing information associated with media contents are provided. The method comprises broadcasting a communication address associated with a playing device configured to play the media contents, the broadcasted communication address enables a user terminal device to communicate with the playing device; receiving, from the user terminal device, a request to acquire information associated with the media contents; determining an identifier associated with the information; and transmitting the identifier to the user terminal device. The identifier enables the user terminal device to acquire the information.

Abstract: A non-volatile mass storage device is provided comprising memory circuitry accessible to a host data processing device via a communication link. The non-volatile mass storage device comprises processing circuitry for locally accessing the memory circuitry of the file system and is capable of triggering generation of a file for storage on the memory circuitry by connection of the non-volatile mass storage device to the host data processing device. The generated file comprises information dependent upon a state of the non-volatile mass storage device. A corresponding method of operating a non-volatile mass storage device is provided and a computer program is provided for obtaining the information dependent upon the state of the non-volatile mass storage device, for locally accessing the memory circuitry and for generating the file for storage on the memory circuitry.

Abstract: Systems and methods include: implementing a first machine learning model to generate an output of a global digital threat score for an online activity based on an input of the collected digital event data; implementing a second machine learning model that generates a category inference of a category of digital fraud or a category of digital abuse from a plurality of digital fraud or digital abuse categories; selecting a third machine learning model from an ensemble of digital fraud or digital abuse machine learning models based on the category inference generated by the second machine learning model, wherein the ensemble of digital fraud or digital abuse machine learning models comprise a plurality of disparate digital fraud or digital abuse category-specific machine learning models; and implementing the selected third machine learning model to generate a digital fraud or digital abuse category-specific threat score based on the digital event data.

Abstract: The invention enables a software application to be executed on a mobile station in dependence of a SIM. Challenge data originating from the software application is input to the SIM to generate first response data using a security function of the SIM. The software application is enabled to be executed in dependence of the first response data. In addition, the challenge data may be transmitted to a verification server for the generation of second response data in dependence of the challenge data and possibly using an authentication center. The software application is then enabled to be executed in further dependence of the second response data.

Abstract: It is disclosed a method and a capillary gateway, CGW, (50, 60, 204, 304) capable to determine whether to allow a first machine-to-machine, M2M, device network access. The CGW is adapted to intercept (310) an authentication request message sent from a M2M device, and intercept (318) an authentication response message sent from a M2M management service. If the CGW determines that the authentication is successful based on the authentication response message and that there is a valid subscription for the M2M device and the authentication response message is received from a trusted management service, the CGW may allow (414) the first M2M device network access. Embodiments of the present disclosure have the advantage that disclosure can provide low-powered devices Internet reachability based on user subscriptions in non-traditional scenarios such as where devices are deployed straight out-of-the-box, i.e., without any customization.

Abstract: A data offloading path establishing method and device, for addressing a problem in which an eNB cannot offload a part of the traffic thereof to a WLAN network. The method comprises: determining, by a base station, that a user equipment (UE) is connected to a specified wireless local area network (WLAN) network, and transmitting a request message to the WLAN network; receiving, by the base station, a returned response message to the request message from the WLAN network; and transmitting, by the base station, an acknowledgement message of path switching to the UE to inform the UE that a path for offloading from the base station to the WLAN network is successfully established. Thereby, a part of the traffic originally to be transmitted via the base station can be offloaded to a WLAN access network, thus improving radio utilization rate of a 3GPP access network.

Abstract: A method for providing a transparent asynchronous network flow exchange is provided. The method may include receiving a query request from a requester, whereby the received query request is associated with a network packet. The method may also include determining if the network packet contains a plurality of defined signatures. The method may further include in response to determining that the network packet contains a plurality of defined signatures, authenticating a plurality of information associated with the network packet. The method may additionally include determining a plurality of flow related security information associated with the network packet based on the authentication of the plurality of information. The method may include sending the determined plurality of flow related security information to the requester.

Abstract: A method for updating seed data in a dynamic token comprises: an interaction interface sends user information to an application server for verification, receives a verification result returned by the application server, continuously receives dynamic token information when the verification result is valid, and sends same to the application server; the application server generates a request data packet containing the dynamic token information and application information and sends same to an authentication center; the authentication center acquires seed data corresponding to the dynamic token information and the application information and sends same to the application server; the application server converts the seed data into photosensitive data and displays same by means of the interaction interface; and the dynamic token obtains the seed data by acquiring the photosensitive data.

Abstract: Certain embodiments described herein are generally directed to normalizing service rules across multiple virtual interfaces (VIFs). For example, certain embodiments described herein relate to a method for managing service rules. The method may include receiving a plurality of service rules for a set of VIFs, wherein each service rule corresponds to at least one network address and grouping the network addresses into non-overlapping groups of network addresses, wherein the grouping is performed over the service rules corresponding to the set of VIFs. In certain embodiments, flow entries may be generated based on the grouping of the network addresses.

Abstract: A malicious website access method and apparatus are provided. The method includes: determining whether a website is a malicious website; and acquiring a non-executable preview interface of a web page of the malicious website for a terminal to display, if the website is a malicious website. A user may view, through a non-executable preview interface, information about a website to be accessed by the user. Moreover, because a terminal does not access a malicious website directly, the terminal is not exposed to malicious websites, thereby enhancing security of the terminal.

Abstract: A method includes requesting a controller, which controls one or more field devices in an industrial control network, to report code currently used by the controller for controlling the field devices. The code reported by the controller is compared with a stored baseline version of the code, and a notification is issued upon detecting a discrepancy between the code reported by the controller and the baseline version.

Abstract: There is provided a method for authenticating an attempt at establishment of a network connection by allowed code, comprising: providing a dataset having previously observed stack trace templates each representing a stack trace pattern prevailing in stack traces recorded by monitoring stacks of clients executing an allowed code during a connection establishment process for establishing network connections related to the allowed code; receiving a new stack trace recorded during a new connection establishment process for a new network connection by a new client; measuring a similarity between the new stack trace and the plurality of stack trace templates to identify a match to a stack trace template; evaluating the matched stack trace template for a predefined rule requirement; and updating a rule-set database with the matched stack trace template to authenticate new network connection establishments associated with stack templates matching the matched stack trace template.

Abstract: Methods and systems for joining a wireless connection advertisement include connecting to a commissioning device via a wireless point-to-point communication in response to receiving an advertisement broadcast to establish an advertisement-based connection. The commissioning device is configured to manage access to a fabric. The methods and systems also include receiving network credentials from the commissioning device via the wireless point-to-point communication, the network credentials being configured to facilitate connection to a wireless network. Furthermore, the method and systems include connecting to the wireless network using the received network credentials.

Abstract: Disclosed is a method and terminal for wireless network access point connection. The method for wireless network access point connection includes: establishing at least one wireless network access point group in a terminal, and setting a common password of the wireless network access point group; and detecting whether a password of each wireless network access point in the wireless network access point group is the common password, and connecting to one wireless network access point with a password which is the common password in the wireless network access point group according to the common password.

Abstract: Methods, systems, and devices may be used for assigning names and bootstrapping of security credentials for Smart Objects inside a Digital Home environment. Methods, systems, and devices for identification and security bootstrapping of a smart object within a digital home environment may include automated assignment of a device level ID and security credential for each smart object in the home using a resource directory.

Abstract: According to one embodiment, a method for predicting the trustworthiness of a particular website comprising receiving information about a plurality of websites and constructing a hierarchy of groups from the received information, the hierarchy of groups comprising one or more tiers and each tier comprising one or more groups. The method further comprising receiving information about a particular website and predicting the trustworthiness of the particular website based on the hierarchy.

Abstract: A method, computer system, and/or computer program product controls access to a wireless local area network (WLAN) access point in a retail establishment. A predetermined retail activity threshold is established for a retail establishment, where the retail establishment has a patron service area with a WLAN access point, and where a determination has been made that exceeding the predetermined retail activity threshold without increasing patron traffic out of the retail establishment will cause an excessive wait time for occupying the patron service area. In response to determining that the predetermined retail activity threshold is being exceeded, a secondary criterion is examined in order to determine if the mobile device should be disconnected from the WLAN access point, in order to motivate a user of the mobile device to leave the patron service area. If so, then the mobile device is disconnected from the WLAN access point.

Abstract: The present disclosure relates to a method performed in a network server system of a service provider providing a service comprising media streaming. The method comprises receiving a detection message from a mobile radio device running the service for a user registered with the service provider, said message comprising an indication that said radio device has detected that it is within a predefined geographical area. The method also comprises determining that the predefined geographical area is registered with the service provider and associated with one or more actions. The method also comprises electing an action of the one or more actions. The method also comprises sending an instructions message to the radio device, said message comprising instructions to modify the service such that the radio device performs the elected action.

Abstract: A method for execution in a dispersed storage network operates to determine one or more slice names of one or more slices and determine whether to establish a new access policy corresponding to the one or more slices. When the new access policy is to be established, the method determines a timestamp; determines a new access policy; and sends the new access policy and the timestamp to one or more storage units that store the one or more slices.

Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.

Abstract: In one embodiment, a supervisory device in a network receives from a plurality of access points (APs) in the network data regarding a network availability request broadcast by a node seeking to access the network and received by the APs in the plurality. The supervisory device uniquely associates the node with a virtual access point (VAP) for the node and forms a VAP mapping between the VAP for the node and a set of the APs in the plurality selected based on the received data regarding the network availability request. One of the APs in the mapping is designated as a primary access point for the node. The supervisory device instructs the primary AP to send a network availability response to the node that includes information for the VAP. The node uses the information for the VAP to access the network via the set of APs in the VAP mapping.

Abstract: Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”.

Abstract: The present invention discloses a virus protection method and device. The virus protection method comprises: when an Android operating system needs to install an application, transmitting identification information of the application that needs to be installed from a framework layer to an application layer; at the application layer, activating a virus scanner application on the basis of the identification information of the application to allow the virus scanner application to run a virus scan on the application; acquiring a scan result of the virus scan, issuing a notification to the framework layer of whether or not to execute an installation operation for the application on the basis of the scan result; and at the framework layer, either executing the installation operation for the application or rejecting to execute the installation operation for the application on the basis of the notification.

Abstract: A point card management system includes a multifunction peripheral that processes an image and a server that is connectable to the multifunction peripheral via a network. The multifunction peripheral includes a read request receiving unit, an image read control unit, and a description information acquisition unit. The description information acquisition unit acquires description information of the point card from the image of the point card read by the image reading unit. The server includes a server hard disk and an extraction unit. The extraction unit extracts the accumulation information of the point card from pieces of information of the point card, which have been stored in the server hard disk, based on the description information of the point card, which has been received.

Abstract: A content delivery server may provide content to a requesting client device using a streamlined HTTP enhancement proxy delivery technique. For example, an HTTP proxy server may receive a request for video content or a fragment of video content from a client device. The request may be associated with a timeout scheduled to occur if no content has been received after a specified amount of time. The server may then transmit a request for the content to a remote server, such as an upstream cache server in the proxy server's CDN. When the proxy server receives a portion of the requested content from the remote server, the proxy server begins transmitting the portion to the client device before the requested content has been completely received and buffered. The client device may then begin receiving data from the proxy server before timeout has occurred.

Abstract: An information processing apparatus includes an input portion for a user to enter information, the input portion including a first input portion, and a second input portion with which information being entered is hard to be seen by a person around the user as compared with the first input portion. The information processing apparatus also includes a determination portion configured to determine whether or not entry target information to be entered by the user is sensitive. The information processing apparatus further includes a call portion configured to, prior to entry of the entry target information, call the first input portion when the determination portion determines that the entry target information is not sensitive, and call the second input portion when the determination portion determines that the entry target information is sensitive.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.

Abstract: The present description discloses a method for performing network selection and traffic routing by a mobility management entity (MME).

Abstract: A system on chip (SoC) having an integrated circuit (IC) integrating into a single chip advance driver assistance systems (ADAS) processing unit(s), application processing unit(s), at least one memory storing ADAS code comprising ADAS computer instructions adapted to be executed on the ADAS processing unit(s) for processing vehicle sensor data and VM code for executing VM(s) on the application processing unit(s) and a hypervisor which manages an execution of at least one operation system of the VM(s) and an access to a processor shared memory of the ADAS processing unit(s) for acquiring an outcome of executing the ADAS computer instructions for the completion of an ADAS enhancing function by the execution of the VM(s) on the application processing unit(s).

Abstract: A request to pair a first device with a second device is received. An indication is sent from the second device to the first device. The indication confirms that the second device is paired with the first device. One or more actions are received from the first device. The one or more actions may be taken on the second device.

Abstract: As may be implemented in accordance with one or more embodiments, specific electronic magazines are generated based on user interests as follows. Respective sets of media content data, associated with disparate electronic magazines provided by disparate publishers, are accessed and formatted into a common computer data format type. The formatted sets of media content data are broken into subsets and stored. Remote access to the respective subsets of media content data is provided to a user at a remote interface circuit based on authorization data specifying disparate electronic magazines that the user is authorized to access. This user access is tracked and a specific electronic magazine is generated for the user by combining disparate ones of the subsets of media content data based on both the tracked access and the user's authorization data.

Abstract: A method of updating a registered device using a development system and a release management system. The method includes: building an update package; signing the update package using a provider signing key, wherein a first digital signature is included in the update package; encrypting the signed update package using a publisher public key; requesting, by an update client on the device, an update package; preparing, by the update service, a set of signed update packages for the device; reencrypting and resigning, by the update service, the signed update package by decrypting the initial encryption using a publisher private key of the update publisher, signing the update package using a signing key of the update publisher, and finally encrypting the update package using a device public key from the device certificate, for final encryption of the update package; and decrypting the encrypted update package using a device private key.

Abstract: An image processing apparatus includes plural communication interfaces, a request receiving unit, and a restricting unit. The request receiving unit receives, by using a communication interface, a request for system information including management information concerning the image processing apparatus from a communication device. The restricting unit restricts at least part of the system information to be sent to the communication device if an IP address assigned to the communication interface used for receiving the request is a global IP address.

Abstract: An information processing apparatus includes an input portion for a user to enter information, the input portion including a first input portion, and a second input portion with which information being entered is hard to be seen by a person around the user as compared with the first input portion. The information processing apparatus also includes a determination portion configured to determine whether or not entry target information to be entered by the user is sensitive. The information processing apparatus further includes a call portion configured to, prior to entry of the entry target information, call the first input portion when the determination portion determines that the entry target information is not sensitive, and call the second input portion when the determination portion determines that the entry target information is sensitive.

Abstract: A method of checking the authenticity of the content of a non-volatile memory of an electronic device including a microcontroller and an embedded secure element includes starting the microcontroller with instructions stored in a first non-reprogrammable memory area associated with the microcontroller, starting the secure element, executing, with the secure element, a signature verification on the content of a second reprogrammable non-volatile memory area associated with the microcontroller, and if the signature is verified, using the secure element to send the first key to the microcontroller.

Abstract: A cloud access control server and method provides a cloud service access control database to implement cloud services access control policy. The cloud service access control database stores thereon cloud service identifiers associated with cloud service providers having high risk scores. In some embodiments, the cloud service identifiers form a block list of cloud services which is provided to network device of the enterprise data network to implement cloud service access control. In other embodiments, a cloud access control server and method implements cloud services access control policy for an enterprise. The cloud access control server and method receives network traffic data from the installed firewall or proxy at the enterprise and process the network traffic data with respect to cloud service access. The cloud access control server provides instructions to the firewall or proxy to allow or deny the network access at the enterprise.

Abstract: Systems and methods are provided to authenticating an electronic device with a wireless network using a presence-based authentication process. As part of the presence-based authentication process, an authentication entity may receive a registration message from an electronic device. The authentication entity may respond to the registration message by transmitting an authentication challenge associated with providing access to the wireless network and/or network feature thereof. If the electronic device provides a successful response to the authentication challenge, then the authentication entity may authenticate the electronic device to utilize the wireless network and/or network feature thereof.

Abstract: Embodiments disclosed herein provide systems and methods for digital meeting management within a blockchain. Before a meeting, a computer may generate a digital meeting record containing a plurality of data fields and linked to various smart contracts to capture meeting activities. During the meeting, a first smart contract may authenticate and record attendees in the digital meeting record based on biometric information received from the attendees' devices. Furthermore, a second smart contract may capture in the digital meeting record, meeting actions of each attendee, including date, time, and location associated with the meeting actions. After the meeting, a third smart contract may autopopulate post meeting documentation. After review by the attendees, the third smart contract may store a hash of the documentation to the digital meeting record and store the documentation in a repository. Once appended to the blockchain, the digital meeting record becomes an immutable record of the meeting.

Abstract: Automated classification of applications (“apps”) for mobile devices is provided. In some embodiments, automated classification of apps for mobile devices includes receiving an application (“app”); performing an analysis of the app using a classification engine; and determining an app category for the app based on the analysis performed using the classification engine.

Abstract: An approach is provided for providing real-time controlled location privacy as the location evolves, and providing a user with alternate routes and applications depending on the level of desired location privacy. A location privacy platform determines at least one location associated with at least one device. The location privacy platform also processes and/or facilitates a processing of contextual information associated with the at least one location, the at least one device, one or more applications associated with the at least one device, or a combination thereof to determine one or more privacy metrics for the one or more applications with respect to the at least one location; wherein the one or more privacy metrics relate, at least in part, to an exposure of user data by the one or more applications at the at least one location.

Abstract: A device management system facilitates an automatic pairing of an electronic device with a management account. The device management system receives a public network address associated with a computer device on a private network accessing the management account. The system retrieves the metadata including a public network address associated with a registration of the electronic device with the device management system. The public network address registered with the metadata is provided by a router on the private network and therefore should match the public network address used by computer devices on the private network. The management account is paired with the electronic device if the electronic device has the same public network address as the computer device accessing the management account. Pairing the management account to the electronic device allows the management account to communicate with the electronic device over the public network through the device management system.

Abstract: A method and associated system. A server computer selects a re-ordering scheme from one or more re-ordering schemes, for re-ordering chunks of an original file. The server computer divides the file into the chunks. After the file is divided into the chunks, the server computer re-orders the chunks according to the selected re-ordering scheme to form an obfuscated file that includes the re-ordered chunks. The server computer sends, to a client computer, the obfuscated file along with a scheme access reference that enables the client computer to access the selected re-ordering scheme.

Abstract: Methods and systems, including computer programs encoded on computer storage media, for providing an indication of a direction a person passes through a door in a property, the method including receiving, at a sensing device and from a control panel of an alarm system in a property, instructions to provide an indication of a direction a person passes through a door in the property; obtaining motion data using a motion sensor that is included in the sensing device; detecting the opening of the door using a magnetometer included in the sensing device; based on the obtained motion data and detected opening of the door, determining a direction a person passed through the door; and providing, to the control panel, an indication of the direction the person passed through the door.

Abstract: Disclosed is a mobile terminal for transmitting WIFI hotspot key or certificate by using NFC, the mobile terminal including a transmission control module, a NFC module, a WIFI module and a SIM card module. The transmission control module, which connects to the NFC module, the WIFI module and the SIM card module, controls the work of the NFC module and the WIFI module. The NFC module, which connects to the transmission control module and the WIFI module respectively, obtains the WIFI hotspot key or certificate. The WIFI Module, which connects to the transmission control module and the NFC module respectively, completes WIFI network connection. The SIM card module, which connects to the transmission control module, saves user information of the mobile terminal. The mobile terminal in present invention that transmits the key or certificate by using NFC ensures certainty and security of client, thus greatly simplifies the actions of user.

Abstract: Methods and systems of provisioning an access point (AP). Certain example embodiments include using a gateway in communication with a network and a data storage and receiving user login information from a mobile device, retrieving user permission information from the data storage based on the user login information, sending authorization to the mobile device based on the permission information, sending a prioritized list of at least one AP to receive service to the mobile device, receiving at least one of a selection of a target AP on the list, and label information of a target AP, and sending information regarding the target AP for display on the mobile device.

Abstract: There are provided an inspection apparatus, an inspection system, and an inspection method capable of inspecting operation of a control device, accurately, during use. An inspection apparatus configured to inspect operation of an ECU coupled to automotive networks, includes an inspection performance control unit configured to transmit two pieces of data including operation-inspection data and security-check data used for inspecting the operation of the ECU, to the ECU, and configured to receive data output from the ECU. The operation-inspection data is data previously generated based on design information of the ECU. The security-check data is data including part or entirety of the operation-inspection data replaced with random data.

Abstract: Illegitimate use of IP addresses is counteracted. A network (1) includes a switch (5) with ports (P1,P2,P3) to subscribers (6,6A) and a port (PN) to a core network (2) with DHCP servers (4, 4a,4b). The switch includes a database (MAC1, MAC2), port numbers (P1, P2) and VLAN identities (VLAN1, VLAN2) for the subscribers (6, 6A) and the filter has a list over trusted DHCP servers. Initially only DHCP messages from the subscribers are allowed. When the subscriber (6) requests (M1, M3) for an IP address it is checked that it is a DHCP message with valid subscriber values (MAC1, P1, VLAN1). A respond (M2, M4) with an allocated IP address (IP1) and lease time interval (T1) is checked to come from a trusted DHCP server. If so, a list in the filter (9) with correct information is dynamically generated (MAC1, P1, VLAN1, IP1, T1). A message (M5) from the subscriber (6) with false IP address is discarded by the filter. Attempts by the subscriber to use false IP address are counted and a warning signal is generated.