Abstract: Disclosed herein are methods, systems, and processes for managing and controlling the collective behavior of deception computing system fleets. A malicious attack initiated by a malicious attacker received by a honeypot that is part of a network along with other honeypots is detected. Information associated with the malicious attack is received from the honeypot. Based on the received information, a subset of honeypots other than the honeypot are configured to entice the attacker to engage with the subset of honeypots or avoid the subset of honeypots.

Abstract: The disclosed computer-implemented method for controlling access to information stored in an information retention system may include (1) receiving, at a computing device, metadata associated with an object type of respective objects, where at least two of the respective objects are in different domains, (2) determining, from the metadata, the respective object types of at least two objects, (3) forming a hierarchy of the at least two objects based on relative features of the respective object types, and (4) performing a security action comprising (A) receiving at least one access rule controlling access by at least one user to the at least two objects and (B) storing, in at least one storage device in the information retention system, the at least one access rule, the hierarchy of the objects, and the at least two objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for automatically associating an Internet addressable endpoint device of an end-user with an account of the end-user at a remote system supporting a plurality of Internet addressable endpoint devices each associated with a respective end-user.

Abstract: Disclosed embodiments relate to systems and methods for enabling recovery of deactivated virtual computing instances that were previously instantiated in a dynamic virtualized computing environment. Techniques include identifying a status change for a virtual computing instance; archiving a plurality of environment properties representing a chain of activities comprising a plurality of activities executed by a processor of the virtual computing instance; and reactivating the virtual computing instance. Reactivating the virtual computing instance may include reinstantiation of the virtual computing instance based on the plurality of environment properties and chain of activities such that the virtual computing instance is reinstantiated to a state at a time of the status change.

Abstract: A scenario including a combination of procedures of multi-factor authentication required for a terminal to receive provision of a service is stored and managed in association with the service, and a probability that the procedure will succeed is stored and managed in association with each of the procedures, a success probability of the service through the scenario, is calculated based on the probability regarding the procedure to evaluate at least one of security and usability based on the success probability, and the service to the terminal, is controlled according to the evaluation result.

Abstract: A resource transfer system that provides intelligent distribution of resources based on resource routing selections, resource receipt selections, and/or resource processing advantages, and in response makes the resource transfers accordingly. The resources may be transferred based on the desired speed of distribution, the reason for distribution, the entities involved in the interaction, the level of security for distribution, level of protection for the interaction, or the like.

Abstract: A cloud-based onboarding server steers guest devices to a preferred SSID when detected as a guest of a homeowner access point also registered with the cloud-based onboarding server. Three different levels of network access include default, guest and private network access, and each network uses a different SSID from the homeowner access point.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: Aspects of the subject disclosure may include, for example, comparing an input received from a peripheral device associated with an execution of a gaming application with a threshold value, wherein the threshold value is based on a first identification of a first user, a second identification of the peripheral device, and a third identification of stimuli presented as part of the execution of the gaming application. Responsive to the comparing, a determination may be made that the input exceeds the threshold value. Responsive to the determination, a validation request may be transmitted to a user device of the first user. Other embodiments are disclosed.

Abstract: There is provided a method for privacy protection including: identifying an API request being related to a tracking service; generating and sending a predetermined number of initial requests to the tracking service when processing the API requests to the tracking service; storing the initial requests and respective responses related to the initial requests from the API in a database; analysing body objects of the stored initial requests and respective responses and generating a dynamic response recipe on the basis of the analysis; and generating a response including a response body acceptable by the tracking process on the basis of the generated dynamic response recipe.

Abstract: In aspects of shareable devices, a shareable device implements a device sharing module that can recognize a user intends to claim the shareable device for temporary use. For instance, the device sharing module can determine that multiple users are present within a distance threshold of the shareable device and identify one of the users as intending to claim the shareable device. The device sharing module can then authenticate the identified user to the shareable device, without requiring user input, to enable claiming of the shareable device. The shareable device can obtain personalized content associated with the identified user for use on the shareable device. The device sharing module can then establish an interactive session which enables the identified user to access the personalized content through applications and services available on the shareable device.

Abstract: Aspects of the subject disclosure may include, for example, a process that continuously connects the processing system to a control plane of a wireless communication network, which includes equipment operating in at least one of the control plane or a user plane. Control information is received across the control plane indicating that client data is to be provided to a client device via the user plane. Responsive to receiving a control signal, an awake signal is sent to the client device. The client device, in response to the awake signal, being placed from an idle state to an active state. The idle state consumes a lower level of power than the active state. The client data is further provided to the client device over a premises communication network via a protocol stack of a client function. Other embodiments are disclosed.

Abstract: Embodiments disclosed herein provide secure communication among enterprise users utilizing social networking sites. A server computer may encrypt a post intended for a social networking site and forward the encrypted data or may save the post locally and send a placeholder to the social networking site. The server may receive a message from the social networking site containing the encrypted data or placeholder and determine that a recipient is authorized to view the original post. The server may then decrypt the data or retrieve the original post for servicing the request. In this way, authorized users of an enterprise can utilize social networking sites, which are independently owned and operated, to communicate with each other in a secure manner.

Abstract: Disclosed are various embodiments for updating account data with multiple account providers. Account management logic determines that data associated with a user has been updated. A validation procedure is performed on the updated data. Multiple accounts of the user that may use the data are determined. The accounts are with multiple account providers. Corresponding account update requests for the accounts are sent to the account providers. The account update requests specify the data that has been updated.

Abstract: A method, an apparatus, a system and a computing system for policy deployment of a trusted server are provided. The method includes sending a metric policy of at least one metric object and a verification policy of at least one verification object in a process of policy deployment of a trusted server to a service center; the trusted server receiving reminder information returned by the service center, wherein the reminder information is used for representing a reminder to the trusted server to redeploy a metric algorithm and a verification algorithm that are consistent if a metric algorithm of a metric object is detected to be inconsistent with a verification algorithm of a corresponding verification object. The present disclosure solves the technical problems of poor independence and flexibility due to the use of a same metric algorithm for all metric objects by existing trusted server policy management solutions.

Abstract: Cloud based router with policy enforcement. In some implementations, a system is provided. The system includes a plurality of access points. The plurality of access points receive data packets from a plurality of client devices. The system also includes a plurality of tunnel devices coupled to the plurality of access points. The plurality of tunnel devices generate encapsulated packets based on the data packets received by the plurality of access points. The system further includes a plurality of packet forwarding components coupled to the plurality of tunnel devices via a first set of tunnels. The plurality of packet forwarding components receive the encapsulated packets from the plurality of tunnel devices and forward the encapsulate packets. The system further includes a plurality of network access controllers coupled to the plurality of packet forwarding components via a second set of tunnels.

Abstract: An example method comprising detecting that an unidentified client device joins a network, retrieving information related to a device property of the unidentified client device from network traffic to and/or from the unidentified client device, sending a query based on the information to a fingerprinting server, and receiving the device property of the unidentified client device in response to the query.

Abstract: A distributed system and method for associating reputation to device registration is disclosed herein. The systems and methods can include receiving a request for a device interaction from a requesting device. A blockchain registry can then be accessed in response to the request. An approval threshold can be prepared for an approval of the request. Input votes regarding the approval can be received from one or more acting member devices. In response to achieving the approval threshold, the device interaction can be established between the requesting device and one or more connected devices. Then, the device interaction can be recorded in the blockchain registry.

Abstract: Disclosed are a device enabling coffee preparing apparatus to provide user with ordered coffee and method for operating same, which may enable the coffee preparing apparatus to block a user other than an orderer from picking up the prepared coffee and provide the prepared coffee to the orderer by generating identification information matched to a coffee order requested from each of user terminals to enable picking-up of the coffee corresponding to the coffee order, transmitting the identification information matched to the coffee order requested from each of the user terminals to each of the user terminals, transmitting an identification information input request message to a user terminal requesting a coffee order corresponding to a coffee preparation completion message from the coffee preparing apparatus, comparing identification input from a user of the user terminal in response to the identification information input request message with identification information transmitted to the user terminal, and req

Abstract: A method for providing personal information of a user requested by a given online service. The method includes, by a security server of a mobile terminal operator of be user: (a) receiving a request for the personal information, including comprising a unique identifier of the user and an identifier of the online service; (b) sending, to the mobile terminal, a response authorisation request; (c) if a response authorisation confirmation is received, sending data, which is associated in a database with the unique identifier and the identifier of the online service. Each pair of a unique identifier and an online service identifier is also associated in the database with a parameter representative of a level of security required in order to confirm the response authorisation on the mobile terminal. The step (b) includes: determining the value of the parameter; and integrating the determined value in the response authorisation request.

Abstract: Examples associated with operating system retrieval are described. One example includes presenting a reference to an operating system image file. The image may be presented by a personal computer basic input/output system (BIOS). The personal computer may connect to a mobile device that has retrieved the operating system image file from a remote location based on the reference. The operating system image file is received from the mobile device, and initiated by the personal computer.

Abstract: A method for a database system includes storing table data for a database, the table data including information in rows and columns of one or more database tables. The method includes storing metadata on immutable storage, the metadata including information about the table data for the database. In one embodiment, mutable metadata may be periodically consolidated in the background to create new versions of metadata files and which allows for deletions of old metadata files and old data files.

Abstract: A method of assigning tenancy to a device during bootstrapping between a device and a server in a network includes transmitting a device identifier to a bootstrap server. The method further includes receiving, at the device, a device server address to enable the device to register with the device server. The tenancy is assigned to the device with the device server address.

Abstract: Systems, methods, and computer-readable media provide for secure access to virtual machines in heterogeneous cloud environments. In an example embodiment, client credentials, such as a public key of a public-private key pair, are provided to a virtual machine in a first cloud, such as a private cloud. The virtual machine can be migrated from the first cloud to a second cloud, such as one of a plurality of heterogeneous public clouds. The virtual machine in the second cloud can be accessed from the first cloud via Secure Shell (SSH) authentication using the client credentials. The client credentials can be updated, and the updated client credentials can be used for subsequent SSH access to the virtual machine in the second cloud.

Abstract: In an example, one or more member profiles and corresponding elapsed times indicating, for each of the one or more member profiles, how long the corresponding member of a social networking service took to respond to a request for confidential data with a submission of confidential data are obtained. Then a first set of one or more features are extracted from the one or more member profiles. The first set of one or more features and corresponding elapsed times are fed into a machine learning algorithm to train a confidential data response time prediction model to output a predicted time to respond to a request for confidential data for a candidate member profile. A second set of one or more features are obtained from a candidate member profile and fed to the confidential data response time prediction model, outputting the predicted time to respond to a request for confidential data.

Abstract: A system that includes a first network device in a first network configured to send a file from a plurality of files to a compliance controller in the first network. The compliance controller is configured to determine whether the file satisfies a set of compliance rules and to send the file to the virtual machine in the first network in response to determining that the file satisfies the set of compliance rules. The virtual machine is configured to send the file to a second network device in a second network via a network interface. The network interface is configured to block the first network device from sending the file from the first memory to the second network device in the second network. The network interface is also configured to send the file from the virtual machine to the second network device in the second network.

Abstract: Disclosed are: a communication technique and a system therefor for fusing, with IoT technology, a 5G communication system for supporting a data transmission rate higher than that of a 4G system. Provided is a method for installing a profile of a terminal having an embed universal integrated circuit card (eUICC) in a mobile communication system, the method comprising: requesting for an eUICC authentication certificate to an eUICC and receiving the eUICC authentication certificate; and transferring a profile package to the eUICC so as to install a profile, wherein the received eUICC authentication certificate further comprises an eUICC manufacturer (EUM) authentication certificate.

Abstract: A computerized method for increasing throughput of encapsulated data through tunnels, the computerized method including receiving data at a first network device for transmission over a network to a second network device. Then determining at the first network device the number of available processing cores on the second network device and generating a plurality of tunneling sessions between the first network device and the second device. Associating the received data with a particular tunneling session and then generating translation data unique to the associated tunneling session prior to encapsulating the received data with the translation data. Finally, transmitting the encapsulated data to the second network device and processing the transmitted encapsulated data received at the second network device with a particular processing core based on the received translation data.

Abstract: A method for steering of roaming (SOR) in wireless communication networks includes sending by a mobile equipment (ME) a registration message to a visited public land mobile network (VPLMN). The ME receives a first message from a home public land mobile network (HPLMN) through the VPLMN. The ME determines that the first message has failed a security check. In response to determining that the first message has failed the security check, the ME sends a second message to the VPLMN, the second message including an indication that the first message has failed the security check.

Abstract: A biometrically encrypted access policy is provided. A commercial transaction request to access a client-supported institution received from a client device is identified. A database structure associates each of a plurality of client-supported institutions with one or more respective biometric tokens for authentication. A one-time password is associated with the client-supported institution based on biometric tokens. An encrypted code is associated with the client-supported institution based on biometric tokens. A encrypted OTP is transmitted to client device, and instructions to capture a biometric scan data via the client device are generated based on parameters of biometric tokens. A decryption key is generated via the client device, and the decryption key is determined to authenticate the user of the client device, and, in response, the commercial transaction request to access the client-support institution is approved.

Abstract: A method and system for authorizing software in an electronic device is provided. The electronic device has a unique identifier (UID) and is connected to a server of the software through a terminal device. The method includes: generating and transmitting at least one section of audio/video data embedded with the UID corresponding to the electronic device to the terminal device; uploading the audio/video data through the terminal device and sending an authorization request to the server of the software; returning authorization audio/video data from the server of the software through the terminal device, wherein the authorization audio/video data includes an authorization key corresponding to the electronic device; and enabling the electronic device to obtain the authorization audio/video data by means of audio/video communication, so as to obtain the authorization key and authorize the software in the electronic device.

Abstract: Methods, systems, and media are shown for providing a reverse proxy system with SSO capability involving receiving an authentication response message from a client that includes an authentication token and a unique session identifier and determining whether the identifier is stored on the proxy service. If the session identifier is stored on the proxy service, sending the authentication response message to a service provider to which the authentication response message is directed. If the session identifier in the authentication response message is not stored on the proxy service: sending a login request message to the service provider to which the authentication response message is directed, receiving an authentication request message from the service provider that includes an other unique session identifier and redirects the authentication request message to an identity provider, storing the other session identifier, and sending the authentication request message with the other identifier to the client.

Abstract: The invention relates to a method for discovering a home agent serving a mobile node upon the mobile node changing its mobility management scheme in a packet-switched network and the implementation of such method in a mobile node or home agent. In order to propose a home agent discover scheme that maintains session continuity in a seamless manner upon a mobile node changing its mobility management scheme, a mobile node comprises information on its location prior to changing the mobility management scheme to one of the first signaling messages transmitted upon changing the mobility management scheme (home agent discovery message). The receiving node uses this information to identify the home agent serving the mobile node or to provide a hint to the home agent where the mobile node is registered in a response message to the mobile node.

Abstract: A user authentication system that analyzes call forwarding information obtained from telecommunication networks, such as through the use of Signaling System No. 7 (“SS7”) protocols, to detect the possibility of fraud. In response to a request to access a network-accessible service, the system performs an initial authentication of provided user account credentials. The system then obtains a telecommunication subscriber identifier that is associated with the user account. Prior to performing additional device-based user authentication, the system obtains call forwarding information for the user. The obtained call forwarding information is then evaluated for potentially fraudulent call forwarding configurations. For example, call forwarding to certain call forwarding numbers, or the use of different call forwarding types, may be indicative of fraud intended to undermine further user authentication.

Abstract: A dynamic workflow-based composite web service system and method for the creation and definition of a web service, its properties, methods, and functions through the combination of an event trigger which defines the web service endpoint, actor classes which defines the service's properties and metadata, and a workflow which defines its methods and functions. The dynamic workflow-based composite web service system and method generally includes one or more web service endpoints (the URL where the service can be accessed by a client application), an event trigger defined for each endpoint, actors which define the properties and metadata of the service, and a workflow which receives input from the endpoint, returns the result of the process, and defines the web service functions and methods.

Abstract: In one embodiment, a system, apparatus and method is described, the system including a local controller by executed by a processor of an Internet of Things (IoT) device, the local controller being operative to perform, at least one of a push or a pull operation with at least one other IoT device, to request extended control functionality from a central controller, to receive extended control functionality from the central controller, to exercise said extended control functionality over the least one other IoT device, to receive an instruction from the central controller retracting control functionality and, in response to receiving said instruction, to retract said control functionality, and to receive a command to delete itself from the IoT device. Related systems, apparatus, and hardware are also described.

Abstract: According to certain embodiments, a method by a wireless device is provided for beam-based random access. The method includes receiving, from a network node, a handover command, the handover command comprising at least one suitability threshold. Measurements of each of a plurality of beams detected by the wireless device are performed. The measurements of the plurality of beams are compared to the at least one suitability threshold. A particular beam is selected based on the comparison, and a random access procedure is initiated.

Abstract: A method for selecting a communication protocol for a virtual desktop instance in a service provider environment may include providing to a client computing device, access to a virtual desktop instance running on a server computer using a first communication channel associated with a first communication protocol. A request for functionality from a user of the device is detected, the requested functionality being unsupported by the first communication protocol. A second communication protocol from a plurality of available communication protocols may be selecting based on the requested functionality. The second communication protocol may support the requested functionality. A user authorization for using the second communication protocol can be verified.

Abstract: A method for protecting a login process of a user to a service provider against brute force attacks is provided. A financial value is transferred from the user to a token provider for a temporary login token. A login attempt is performed by the user on the service provider, wherein the login attempt requires user specific login data and the temporary login token. If the login on the service provider was successful within a predefined number of login attempts, the financial value is transferred back to the user.

Abstract: A user management server, a terminal, an information display system, a user management method, an information display method, a program, and an information storage medium are provided to enable a user to have less trouble than with existing techniques in registering users disclosing their real names. In response to a first operation to designate a user, a friend management data registration part registers the user as a user in a first relation involving disclosure of a nickname. In response to a second operation to designate a user already registered as a user in the first relation, the friend management data registration part registers the user as a user in a second relation involving disclosure of a real name as well. In response to a third operation to designate a user not registered as a user in the first relation, the friend management data registration part registers the user as a user in the first and the second relations.

Abstract: An information processing method performed by an information processing system including a storage device to process a plurality of data frames flowing in an in-vehicle network including at least one electronic control unit includes a receiving step of sequentially receiving a plurality of data frames flowing in the in-vehicle network, a frame collection step of recording, in a reception log held in the storage device, reception interval information indicating reception intervals between the plurality of data frames as frame information, a feature acquisition step of acquiring, from the reception interval information, a feature relating to distribution of the reception intervals between the plurality of data frames, and an unauthorized data presence determination step of determining the presence/absence of an unauthorized data frame among the plurality of data frames.

Abstract: Disclosed are methods, systems and paradigms for opt-in compliance with regulations. A region in physical space is defined. A condition for the region is defined, the condition being a capability of a communicator such as video recording, still image recording, audio recording, audio output, text messaging, audio communication, or remote connection. The presence and location of a communicator with the capability is detected in the region, and a message is sent to the communicator with a request for a response accepting or rejecting remote deactivation of the capability of the communicator. If an acceptance response is received, the communicator capability is deactivated. If an acceptance response is not received, a notification is generated that includes the lack of acceptance response and the location of the communicator.

Abstract: A security protection method and an apparatus to implement security protection for a plurality of non-access stratum (NAS) connection links. The method includes determining, by a terminal, a first parameter, where the first parameter is used to indicate an access technology used to transmit a non-access stratum NAS message. The terminal can support at least two access technologies, and can separately maintain a corresponding NAS COUNT for each of the at least two access technologies. The method further includes performing, by the terminal, security protection on the NAS message based on the first parameter, a NAS key, and a NAS COUNT corresponding to an access technology used to transmit the NAS message.

Abstract: A collective intelligence convergence system based on a required reading opinion and a method thereof which calculates a result using the required reading opinion which necessarily includes opinions of experts in a corresponding field and includes opinions of ordinary persons when a public opinion or questionnaire survey is conducted.

Abstract: Mechanisms are provided to implement a single input, multi-factor authentication (SIMFA) system. The SIMFA system receives a user input for authenticating a user via a single input channel and provides the user input to first authentication logic of an explicit channel of the SIMFA system, where in the first authentication logic performs a knowledge authentication operation on the user input. The SIMFA system further provides the user input to second authentication logic of one or more side channels of the SIMFA system, where the second authentication logic performs authentication on non-knowledge-based characteristics of the user input. The SIMFA system combines results of the first authentication logic and the second authentication logic to generate a final determination of authenticity of the user. The SIMFA system generates an output indicating whether the user is an authentic user or a non-authentic user based on the final determination of authenticity of the user.

Abstract: An affective computing server (ACS) is described herein that is incorporated into a mobile wireless network management infrastructure. The ACS is configured to carry out a method over a mobile wireless network for maintaining a comfort status of a user of a wearable device. The ACS registers the wearable device associated with the user. The ACS receives, via a mobile wireless technology link, a user comfort status profile (UCSP) message issued by the wearable device, where the UCSP message includes at least a parameter value indicative of the comfort status of the user. The ACS processes the UCSP message to render a comfort control request based upon the UCSP. The ACS causes a sending of the comfort control request over a mobile wireless technology to an actuator (e.g. a heating/air conditioning system) for affecting a change in the comfort status of the user of the wearable device.

Abstract: According to embodiments of the present invention, trust evaluation is performed on network entities including a host and a network node with privacy preservation to determine an unwanted traffic source. The trust evaluation is based on detection reports from the hosts and monitoring reports from the network nodes. The network nodes do not know contents of the detection reports, and an entity which executes the trust evaluation does not know real identifiers of the hosts and network nodes.

Abstract: In some embodiments, a processor can receive an input string associated with a potentially malicious artifact and convert each character in the input string into a vector of values to define a character matrix. The processor can apply a convolution matrix to a first window of the character matrix to define a first subscore, apply the convolution matrix to a second window of the character matrix to define a second subscore and combine the first subscore and the second subscore to define a score for the convolution matrix. The processor can provide the score for the convolution matrix as an input to a machine learning threat model, identify the potentially malicious artifact as malicious based on an output of the machine learning threat model, and perform a remedial action on the potentially malicious artifact based on identifying the potentially malicious artifact as malicious.

Abstract: The present application is to provide a method and device for obtaining access information of a shared wireless access point. The method includes obtaining a target wireless access point use request submitted by a user by means of a user equipment, sharing mode information corresponding to the target wireless access point being applicable to a wireless connection between the user equipment and the target wireless access point, and according to the use request, sending, to the user equipment, the access information of the target wireless access point used for establishing the wireless connection.

Abstract: Techniques to pre-authenticate an identity for an electronic account are described and claimed by the present disclosure. The electronic account may enforce a multi-factor authentication procedure that involves a number of steps. In addition to the electronic account, a user may have other accounts requiring authentications. Successful authentications with respect to those other accounts may provide evidence of the user's identity. If sufficient evidence is present, one or more steps of the multi-factor authentication procedure may be bypassed. Other embodiments are described and claimed.