A process for authenticating a communication device may include receiving an authentication request including an access credential having a timestamp generated by the communication device may be received by the server. A determination can be made as to whether the communication device had successfully executed a predetermined shutdown sequence by determining whether the access credential has reliable timestamp information. The communication device can be authenticated when the timestamp has a non-reset value indicating that the communication device had successfully executed the predetermined shutdown sequence, and that the access credential has not expired. Step-up authentication for the communication device can be requested when the access credential has unreliable timestamp information indicating that the communication device did not successfully execute the predetermined shutdown sequence.

Systems and methods for enhanced network connection privacy. An example method may comprise: receiving a selection to activate a non-persistent mode for a network manager of a client device, the non-persistent mode preventing tracking of network locations accessed by the client device; activating the non-persistent mode for the network manager; and while the non-persistent mode is activated for the network manager: receiving a request to connect to a network; and performing, via the network manager, a set of operations to establish a connection with the network, the set of operations excluding storing information revealing the network connection in persistent memory of the client device.

A method for a traffic volume publication system to publish traffic volumes in a road traffic network includes: receiving traffic information including information on a plurality of road segments and original traffic volume data for the road segments at a first timestamp and calculating a first window size for each road segment for the first timestamp; predicting a second window size for a third timestamp subsequent to the first timestamp, either based on the first window size calculated at the first timestamp or based on the first window size and a window size calculated in advance at a second timestamp prior to the first timestamp; determining a privacy budget allocated to the first timestamp based on the first window size and the second window size; and returning noisy traffic volume data which is obtained by inserting noise into the original traffic volume data, based on the determined privacy budget.

Methods and systems are described in which a system provides a user interface to confirm whether to review or take an action associated with an untrusted email. A driver on a device monitors the startup of any processes. Responsive to monitoring, the driver detects an application process that was created that indicates than an application was launched, and notifies a user console about the creation of the application process. The user console determines if the application process is of significance, if so, it injects a monitor library into the process. Once injected into the process, the monitor library detects if the application process receives an action of a user to access a domain that is not identified as trusted. The monitor library notifies the user console of the user's URL-access request.

A method for enabling access by a first network subscriber to a second network subscriber in a network includes receiving a communication request from the first network subscriber and determining whether the second network subscriber has carried out an authentication of the first network subscriber during a first phase. The second network subscriber allows communication with the first network subscriber when the second network subscriber has carried out authentication of the first network subscriber during the first phase. The second network subscriber receives an access request from the first network subscriber and determines a level of trustworthiness of the first network subscriber. The second network subscriber enables access of the first network subscriber based on the determination of the level of trustworthiness of the first network subscriber.

In some examples, a system counts a number of digits in a domain name. The system compares a value based on the number of digits to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.

A method for creating rules for recognizing anomalies in a data stream of data packets. The method includes: providing a reference time signal having successive reference points in time; for at least two data portions from one or multiple data packets determined by a selected data packet type in a data stream section, ascertaining a time series of successive values of the relevant data portion, the values of the time series corresponding to the values of the relevant data portion or being a function of these values, the values of the relevant data portion each being assigned to a respective reference point in time of the respective reference points in time; carrying out a correlation method in order to ascertain, in each case, one correlation value for at least two different time series; creating a rule for the rule-based anomaly recognition method as a function of the ascertained correlation values.

Approaches provide for monitoring attempted network activity such as network port connections and corresponding payloads of network data obtained by a network device and, based on the attempted connections and/or payloads, identifying malicious network activity in real time. For example, network activity obtained from a plurality of network devices in a service provider environment can be monitored to attempt to detect compliance with appropriate standards and/or any of a variety of resource usage guidelines (e.g., network behavioral standards or other such rules, guidelines, or network behavior tests) based at least in part on network port connection activity with respect to at least one network device. If it is determined that network activity is not in compliance with the usage guidelines, or other such network behavior test, the system can take one or more remedial actions, which can include generating a notification identifying the malicious network activity.

Vehicle diagnostic access authentication techniques comprise, in response to receiving a request for diagnostic access to the vehicle that comprises a public key certificate, transmitting an authentication challenge back to an external testing tool that causes it to obtain, from a PKI computing system, and return to the vehicle a signed authentication challenge comprising a digital signature. The vehicle then determines whether the digital signature is valid using the public key certificate and, when valid, a set of diagnostics associated with a diagnostic role specified by the diagnostic access request are unlocked. When any of the set of unlocked diagnostics associated with the diagnostic role match any of the set of diagnostics for the set of components specified by the diagnostic access request, the external testing tool is granted diagnostic access to the vehicle to execute the one or more matched diagnostics.

Disclosed embodiments relate to detecting temporal deviations indicative of suspicious network identities or activities. Techniques include identifying data communications exchanged between two or more connected resources; accessing a temporal profile for the data communications, the temporal profile indicating a time for one or more of the data communications to be exchanged; deploying the temporal profile for analyzing future data communications exchanged between the two or more connected resources; identifying a first data communication; determining an elapsed time parameter of the first data communication; comparing the elapsed time parameter to the temporal profile; determining, based on the comparison, that the elapsed time parameter exceeds the temporal profile; and determining, based on the elapsed time parameter exceeding the temporal profile, an existence of a suspicious connected identity or activity in a communication path between the two or more connected resources.