Abstract: Systems and methods for dynamic IP address whitelisting are disclosed. These techniques allow for better management of IP addresses and improve computer system and network security. In one embodiment, a system may execute a first task, at a first frequency, that includes determining, based on registered account activities corresponding to registered accounts with a service provider, at least one IP address associated with at least one registered account with the service provider. The first task may further include adding the at least one IP address to a dynamic whitelist (e.g., allowlist) of IP addresses. The system may execute a second task, at a second frequency, that includes removing, from the dynamic whitelist, at least one existing IP address identified as inactive. Thus, in various embodiments, inactive IP addresses can be removed from a whitelist while active IP addresses are periodically re-verified.

Abstract: A method to determine, by a computing system, a trust score for a network entity in a computer network, the trust score for the network entity indicating a level of trust in the network entity; and modifying, by the computing system, a traffic pattern of the computer network based on the trust score for the network entity.

Abstract: A method and system for automatically associating an Internet addressable endpoint device of an end-user with an account of the end-user at a remote system supporting a plurality of Internet addressable endpoint devices each associated with a respective end-user.

Abstract: Methods, systems, and apparatuses for improved content delivery are described herein. During delivery of content to one or more user devices of a content distribution network (CDN), a content session may be created for each user device. During each content session, each user device may send one or more upstream communications, such as heartbeat signals and bitrate requests, to the CDN. A monitoring module of the CDN may aggregate the upstream communications into session data. The monitoring module may use the session data to determine an impairment associated with content delivery to the one or more user devices.

Abstract: A computer-implemented method and system for global device management architecture with regional autonomy for devices on a cellular network are disclosed. The computer implemented method for optimizing device management architecture for IoT devices includes providing device information to a server in a master node for registering a device with the master node; providing rules to assign the device to at least one node based on the device information; assigning the device to the at least one node in response to the rules; and automatically configuring the device to connect the device to the assigned node.

Abstract: This application provides a message processing method, an access controller, and a network node. The method includes: an access controller receives a first message used to obtain Internet Protocol (IP) address information for a user-side device and a first access loop identifier of a first network node, where the first message and the first access loop identifier are sent by the first network node, the first access loop identifier is not carried in the first message; the access controller obtains an authentication, authorization and accounting (AAA) message according to the first access loop identifier, wherein the AAA message comprises the first access loop identifier; and the access controller sends the AAA message to an AAA server.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for dynamic resource interaction allocation based on geographic positioning and usage category information associated with a resource interaction system. The invention receives a base positional location and category of usage for a resource interaction system. The invention determines a set of parameters to be used for interactions having characteristics meeting the determined base positional location and category of usage information. When it receives a proposed interaction from a requesting system containing geographic information and usage category information associated with the proposed interaction, it determines whether the geographic information and usage category information associated with the proposed interaction correspond to the base positional location and category of usage for the resource interaction system.

Abstract: An image forming device includes a receiver and a switcher. The receiver receives data for executing a function of storing specific data in a preset private box. The switcher switches between first and second register modes when the function to be executed by using the data received by the receiver is copied into the image forming device. The first register mode is a mode in which a private box is manually registered in the image forming device. The second register mode is a mode in which a private box is automatically registered in the image forming device.

Abstract: Novel tools and techniques for are provided for implementing a hybrid spectrum access system and access probe framework. A system includes a base station coupled to a network, a spectrum access system, and user equipment coupled to the base station and the spectrum access system. The user equipment is configured to transmit, to the base station, a first network access request following a first access sequence while transmitting signals under a first power limit. If no response is obtained from the base station, the user equipment is configured to transmit a second network access request above the first power limit, but under a second power limit. The user equipment is configured to obtain spectrum access from the spectrum access system and transmit a second network access request to the base station.

Abstract: A wireless network device, for use within a wireless network, comprising: a processor; a memory; and an interface for receiving and transmitting data; wherein the wireless network device is adapted to: determine a first cost associated with communication between the wireless network device and a client device to which the wireless network device is connectable; determine a second cost associated with communication between the client device and a further wireless network device to which the client device is connectable; determine whether the first cost or the second cost is the lower cost; and if the second cost is the lower cost, the wireless network device is adapted to guide the client device to communicate with the further network device.

Abstract: Methods and systems for providing a wireless communication service are disclosed. A device identifier for a wireless communication service can be used to generate a connection profile (e.g., communication profile, wide-area network profile, service profile, network profile, etc.) for the wireless communication service that requires credentials for authentication. The connection profile can be generated in response to a user accessing or signing up for the wireless communication service. The connection profile can comprise a username that includes and/or mirrors the device identifier and a password generated by inputting the device identifier into a predefined function. The connection profile also can comprise an authentication identifier. A service provider applies a specific type of authentication for devices that provide the authentication identifier as part of an authentication request message.

Abstract: A method for detecting unauthorized eavesdropping. A first subscriber determines a transit time for the transmission of data to a second subscriber, adds the random value to the transit time to obtain a waiting time, waits for the waiting time, creates a data packet containing a time stamp and transmits this data packet to the second subscriber. The second subscriber records the time it receives the data packet and compares it with the time stamp contained in the data packet, determines that the data packet has arrived either: before the time indicated in the time stamp, more than a predefined tolerance time after the time indicated in the time stamp, or before or more than a predefined tolerance time after a time at which it can be expected in the second subscriber as an indication that communication between the first subscriber and the second subscriber is being eavesdropped on.

Abstract: Disclosed herein are systems and methods for continuous user authentication during access of a digital service. In an exemplary aspect, a continuous authentication module may receive, at a computing device, initial authentication credentials of the user. The initial authentication credentials enable access to a service via the computing device. While the service is being accessed, the continuous authentication module may continuously monitor whether an unauthorized user has replaced the user in accessing the service by comparing usage attributes of the service with historic usage attributes associated with the user. In response to determining that the unauthorized user has replaced the user, the continuous authentication module may cease the access to the service via the computing device.

Abstract: A method for distributing an application for an edge computing device performed by a computing device according to an embodiment of the present invention includes selecting a cluster including two or more edge devices from among a plurality of edge devices, distributing a first application to a second edge device included in the cluster, modifying routing information such that a service request incoming to a first edge device included in the cluster is transmitted to the second edge device, and replacing the first application running in the first edge device with a second application.

Abstract: A system for providing security to a fleet of vehicles, the system comprising: a plurality of modules, each module configured to monitor messages propagating in an in-vehicle network of a vehicle comprised in the fleet; a memory having data characterizing messages, and software executable to: identify an anomaly in communications over the in-vehicle communication network; and instruct a communication interface, configured to support communication with an entity external to the vehicle, to transmit monitoring data responsive to the messages; and a processor configured to execute the software in the memory; and a data monitoring and processing hub external to the vehicles comprised in the fleet and operable to receive transmission of monitoring data from the plurality of modules.

Abstract: A method for handling a security procedure in a MC communication system is provided. The method includes selecting, by a MC service server, the security procedure, including a signaling procedure parameter during a key management procedure, and indicating, by the MC service server, the selected security procedure to protect at least one MC service signaling field by including the signaling procedure parameter to at least a MC service client during the key management procedure.

Abstract: Unstructured data items are stored at an object storage service. A filtering requirement to be used to generate a result set for an access request is determined. Using a transformed representation of the filtering requirement, a target set of tokens of the filtering requirement which are to be obfuscated within a log record is identified. A log record that comprises substitute tokens for the target set of tokens is generated and stored.

Abstract: A system for providing network services is provided. The system includes a device configured to interface with the network to receive a container, where the container is configured to interface with an operating system of the device and a plurality of applications operating on the device. The container is further configured to interface with a network services provider of one or more network services and one or more third party service providers.

Abstract: A quantum entanglement communication service can be provided by detecting a request to access data stored at a first computer. In response to detecting the data access request, a request can be generated to request that a server computer generate an entangled particle pair. Measurement data can be received, the measurement data corresponding to a measurement observed after interacting a first bit of a token stored at a second computer with a first entangled particle from the entangled particle pair. An operation to perform on a second entangled particle of the entangled particle pair at the first computer can be determined and performed. A state of the second entangled particle can be measured to obtain a value, and a bit string can be generated, where the bit string can include a number that corresponds to the value.

Abstract: An information processing apparatus includes a processor configured to receive, from a first user, data and data identification information for identifying the data, generate association information that associates the data identification information with cloud-storage identification information for identifying a cloud storage for storing the data from among multiple cloud storages, and store the data in the cloud storage.

Abstract: A method for controlling the admission of slices in a virtualized telecommunication network and the congestion generated between services with different priorities instantiated on the slices and likely to share a given quantity of resources comprising the following steps of: defining a priority scale to be assigned to the network slices, defining a low priority threshold, determining the quantity of available and used network resources sp(t) and xp(t), determining the quantity of resources allocated to slices with a priority lower than the low priority threshold and which may be temporarily assigned to new slices with a priority higher than the threshold, and determining the slices likely to be accepted into the network, taking into account the available resources and the priority of the slices.

Abstract: Systems, devices, media, and methods are presented for transmitting shared visual content between networked devices with a linked source for the visual content by accessing and presenting visual content, receiving a network location for a network resource associated with the visual content, linking the network location to the visual content to generate linked visual content, and cause presentation of the linked visual content in a draft message within a graphical user interface.

Abstract: Described herein are methods and a system for managing devices in remote data centers using a cloud service user interface (UI). The cloud service UI receives device management requests to device management application program interface (API). At the cloud service side, the device management requests to device management application program interface (API) are intercepted and converted to device cloud management REST interfaces. The device cloud management REST interfaces to a remote data center of devices, and converted to device native API used to manage a specific device.

Abstract: Systems and methods are provided for monitoring and logging all activity occurring in a system. The logged activity may include keystroke entries input into the system, user and/or application interactions with the system, access restriction conflicts, and the like. The logged activity may be stored in at least two datastores, at least one of which is an immutable, append-only datastore. Storage of the logged activity in the immutable, append-only datastore is performed using hash algorithms. Attempts at manipulating or at hiding malicious or unauthorized activity can be recognized due to all activity being captured in the immutable, append-only datastore.

Abstract: Generally discussed herein are devices, systems, and methods for improving phishing webpage content detection. A method can include identifying first webpage content comprises phishing content, determining, using a reinforcement learning (RL) agent, at least one action, generating, based on the determined at least one action and the identified first webpage content, altered first webpage content, identifying that the altered first webpage content is benign, generating, based on the determined at least one action and second webpage content, altered second webpage content, and training, based on the altered second webpage content and a corresponding label of phishing, a phishing detector.

Abstract: A computer-implemented method comprises receiving an input associated with the arrival of an entity, performing a classification on the input to determine a purpose of the arrival of the entity, and based on a determined classification of the purpose of the arrival of the entity, invoking an action.

Abstract: The disclosed embodiments can be used to automate the acquisition and management of user consents for one or more campaigns, thus reducing the possibility of unintended violations of consent requirements as compared with existing systems. In accordance with the disclosed embodiments, each user consent may be associated with at least three different values. The consent management system may be configured to filter consent values for various users and send user-consent requests to certain users based on their filtered user-consent values. In some disclosed embodiments, a user may provide consent to allow communications of the user's information to certain “connected parties.” The connected parties, moreover, may need to separately provide user consent(s) as necessary to effectuate communications for a campaign in compliance with one or more laws, rules, or regulations.

Abstract: A traceback solution is provided. For a network of autonomous systems, the traceback solution traces the autonomous system path taken by traffic flows. Every link in the traceback path is created, verified, and audited by autonomous systems. Multiple autonomous systems may take part in the process, making the system robust against fake information. The database used to store the validated traceback paths is a decentralized and distributed storage. Multiple copies of the database may be maintained by the network of autonomous systems. The database may be accessible by any participating autonomous system; and is not accessible from outside the network of autonomous systems. The traceback solution achieves both validation and non-repudiation property among the ASes. The traceback solution mitigates some important attack scenarios that might be targeted specifically at the traceback solution.

Abstract: An attack communication detection device that is robust against a deviation from the design value of a communication interval is provided.

Abstract: Some embodiments of the invention provide a method of facilitating routing through a software-defined wide area network (SD-WAN) defined for an entity. A first edge forwarding node located at a first multi-machine site of the entity, the first multi-machine site at a first physical location and including a first set of machines, serves as an edge forwarding node for the first set of machines by forwarding packets between the first set of machines and other machines associated with the entity via other forwarding nodes in the SD-WAN. The first edge forwarding node receives configuration data specifying for the first edge forwarding node to serve as a hub forwarding node for forwarding a set of packets from a second set of machines associated with the entity and operating at a second multi-machine site at a second physical location to a third set of machines associated with the entity and operating at a third multi-machine site at a third physical location.

Abstract: A system, method, and computer-usable medium are disclosed for generating a cyber behavior profile comprising monitoring user interactions between a user and an information handling system; converting the user interactions into electronic information representing the user interactions, the electronic information representing the user interactions comprising temporal detail corresponding to the user interaction; and generating a user behavior profile based upon the electronic information representing the user interactions, the generating the user profile including a layer of detail corresponding to the temporal detail corresponding to the user interaction.

Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

Abstract: A method may include receiving a digital certificate through a secure connection from a network access server, the secure connection passing through a network address translation device, validating the digital certificate with a policy management system, and establishing a secure tunnel between the network access server and the policy management system when the digital certificate is validated. Also, receiving, through the secure tunnel and from the network access server, a remote authentication dial-in user service access request having a network access server internet protocol address, validating the network access server with the network access server internet protocol address by the policy management system, and allowing a remote authentication dial-in user service traffic when the internet protocol address of the network access server is validated and closing the secure tunnel when the validating the network access server fails.

Abstract: Methods, systems, computer-readable media, and apparatuses for determining partitions and virtual processes in a simulation are presented. A plurality of partitions of a simulated world may be determined, and each partition may correspond to a different metric for entities in the simulated world. A plurality of virtual processes for the simulated world may also be determined. The system may assign a different virtual process to each partition. An indication of the partitions may be sent to one or more partition enforcer services, and an indication of the virtual processes may be sent to a virtual process manager.

Abstract: A method in a virtual private network (VPN) environment, the method including determining, by a VPN server, an encrypted authentication packet based at least in part on utilizing an encryption key and a nonce to encrypt one or more fields of an initial authentication packet; transmitting, by the VPN server to an authentication server, the encrypted authentication packet to enable VPN authentication of a device requesting VPN services from the VPN server; determining, by the authentication server, a response regarding the VPN authentication based at least in part on decrypting the one or more fields utilizing a decryption key and the nonce; and transmitting, by the authentication server to the VPN server, the response regarding the VPN authentication. Various other aspects are contemplated.

Abstract: A network system includes a refrigerator, a terminal, and a server that is capable of communicating with the refrigerator and the terminal and that provides, to the terminal, at least information based on an opening/closing operation of a door of the refrigerator. When the refrigerator starts an eco-mode, the server restricts an operation related to the watching service.

Abstract: A method of determining whether to provide user access to a computer resource may comprise receiving a request for the computer resource from a user device; obtaining, from the user device, an encrypted persistent cookie responsive to determining that the encrypted persistent cookie is present on the user device, wherein the encrypted persistent cookie comprises a fingerprint signature field comprising a previous device fingerprint encoded into the fingerprint signature field as part of a previous session; obtaining, from the user device, an obtained device fingerprint of the user device; comparing the obtained device fingerprint with the previous device fingerprint of the fingerprint signature field to derive a fingerprint variance representing a difference between the obtained device fingerprint and the previous device fingerprint of the fingerprint signature field; and processing the request for the computer resource based on the fingerprint variance.

Abstract: In accordance with aspects of the inventive concepts, a system and method provide ongoing authentication through processing of data that includes biometric data. Such systems and methods can use, as examples, face recognition and/or voice biometric data, or other biometric data, to identify the user in real-time and thereafter during an ongoing session. In various embodiments, the system can continuously or repeatedly authenticate one or more users using biometric data to control access to information and/or functions in real (or near real) time. The system can be configured to optimize and/or minimize resource consumption associated with the ongoing authentication process.

Abstract: A method, computer system, and computer program product are provided for peer risk benchmarking. Customer data for a first network is obtained, wherein the customer data comprises a role of one or more network devices in the first network and a plurality of risk reports corresponding to the one or more network devices, and wherein each risk report is associated with a particular dimension of a plurality of dimensions of risk for the one or more network devices. A network profile image is generated by processing the plurality of risk reports. A generative adversarial network generates a synthetic network profile image from the network profile image, wherein the synthetic network profile image does not include the customer data. A second network is evaluated using the synthetic network profile image to identify differences between the first network and the second network.

Abstract: Examples to determine media impressions using distributed demographic information are disclosed. An example apparatus includes a reporter to detect at the client device a login event. The example apparatus also includes a communication interface to send a communication to an impression monitor system in response to the reporter detecting at the client device the login event via the login webpage, the login event associated with a first Internet domain different from a second internet domain of the impression monitor system. The example communication interface also sends a login reporting message to the database proprietor, the login reporting message including first and second cookie identifiers, the first cookie identifier associated with the first Internet domain, and the second cookie identifier associated with the second Internet domain of the impression monitor system.

Abstract: A wearable device includes an audio system. In one embodiment, the audio system includes a sensor array that includes a plurality of acoustic sensors. When a user wears the wearable device, the audio system determines an acoustic transfer function for the user based upon detected sounds within a local area surrounding the sensor array. Because the acoustic transfer function is based upon the size, shape, and density of the user's body (e.g., the user's head), different acoustic transfer functions will be determined for different users. The determined acoustic transfer functions are compared with stored acoustic transfer functions of known users in order to authenticate the user of the wearable device.

Abstract: A network device may send, to a Dynamic Host Configuration Protocol (DHCP) server, a request for an Internet Protocol version 6 (IPv6) address to be assigned to a management port of the network device, wherein IPv6 is disabled at the network device, and may receive a message that includes information associated with a network management system (NMS) and IPv6 configuration information for enabling IPv6 processing on the management port. In response to receiving the IPv6 configuration information, the network device may enable IPv6 processing on the management port of the network device and may register with the NMS based at least in part on the information associated with the NMS. The network device may, in response to receiving one or more configuration commands sent from the NMS to the management port of the network device, configure the network device according to the one or more configuration commands.

Abstract: Provided is a CAN communication based abnormal message detection method including obtaining reception times of reception messages; a reception filtering operation for performing a period calculation for comparing a difference between reception times of reception messages having the same message ID and a reference period of the corresponding message ID; an abnormal message detecting operation for determining the reception messages as abnormal messages when, as a result of the period calculation, the difference between the reception times is smaller than the reference period and determining the reception messages as normal messages when the difference between the reception times is greater than the reference period; and a blocking operation for blocking the abnormal messages.

Abstract: A lost or stolen mobile electronic device may attempt to attach to a foreign network where the phone is not blocklisted. During the foreign network/roaming attach process, a location update may be sent to the home network. The location update may include identifying information for the device. A mapping of the device and the foreign network's association may be stored within an operator database at the home network. Once the lost or stolen phone authenticates with an access point (AP), the mobile device may associate or register with the AP to gain full access to the foreign MNO. The lost or stolen phone may send an Association Request including updated location information and the phone's identification to the phone's home network. If the mapping does not include the phone's identification and the requesting foreign network, then the home network will deny the association request.

Abstract: A computer security system with enhanced whitelisting includes user interfaces that accept user inputs to create and modify a set of rules that define which programs are allowed to execute on one or more target systems. Upon an attempt to run a program, the set of rules are used to determine if the program is allowed to run. If any rule indicates that the program is allowed to run, the program is run. Otherwise, a user interface is presented to either block execution of the program or to create a new rule that would allow execution of the program this time and in the future.

Abstract: Embodiments disclosed provide a virtual currency system within a messaging application by performing operations comprising: launching, within a messaging application, a third-party application; receiving, by the messaging application from the third-party application, a request to perform an ecommerce transaction in relation to an item available for consumption on the third-party application; determining, by the messaging application, an expected attribute for the item based on accessing a database that stores expected attribute information for multiple items; verifying, by the messaging application, that an attribute of the item specified by the request corresponds to the expected attribute for the item; and processing, by the messaging application, the ecommerce transaction in response to successfully verifying that the attribute of the item satisfies a verification criterion based on the expected attribute for the item.

Abstract: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework.

Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator, EAP authentication server and computer program are also disclosed.

Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to receive a request to upload a file to a directory and determine whether the request is a request to upload a predefined type of file to the directory. In addition, based on a determination that the request is a request to upload the predefined type of file to the directory, the processor may determine, through application of a predictive model, whether the directory is a user content directory and based on a determination that the application of the predictive model indicates that the directory is a user content directory, block the request and/or output a notification regarding the receipt of the request.

Abstract: A system including a mobile terminal having an authenticator, a TPM with tamper resistance and a voice assistant. The voice assistant makes a process request corresponding to voice input of a user to a server in accordance with the input, receives a biometric authentication request from the server, makes a request for a biometric authentication process to the mobile terminal of the user in accordance with the request for biometric authentication via wireless communication, and transmits an authentication result from the mobile terminal to a server. The mobile terminal executes the biometric authentication process using biometric information stored in the authenticator and the TPM in accordance with the request for the biometric authentication process from the voice assistant, and transmits an authentication result to the voice assistant.