Methods for communicating messages encoded in quantum objects comprise exchanging series of values on a classical communication channel between quantum communication devices. Basically, one of the quantum devices discloses a clue on its intention to use a polarization basis for a given quantum object while the other device discloses clue on a basis it will not use in a way similar to the Monty Hall Problem.

There is disclosed in one example a gateway apparatus, including: a hardware platform including a processor and a memory; and instructions stored within the memory to instruct the processor to: provide a domain name system (DNS) server, the DNS server to provide an encrypted DNS service, and to cache resolved domain names; receive an outgoing network packet; determine a destination address of the outgoing network packet; and upon determining that the destination address was not cached, apply a security policy.

The present disclosure discloses a signal sending method and device. The method includes: receiving, by a base station, an uplink pilot signal sent by authorized user equipment, and determining a direction vector parameter and a first channel fading parameter of a channel calculating, according to the direction vector parameter and the first channel fading parameter, a first signal beamformer parameter, determining a transmission area of an artificial noise signal according to the direction vector parameter, and calculating a second signal beamformer parameter; and processing a to-be-transmitted signal by using the first signal beamformer parameter and the second signal beamformer parameter, and transmitting the processed signal. In this way, in a non-target direction, energy leakage of the secrecy signal to the authorized user equipment is relatively small, and transmitted artificial noise signals are concentrated in an area with a relatively high secrecy signal leakage risk.

Described are a system, method, and computer program product for user network activity anomaly detection. The method includes receiving network resource data associated with network resource activity of a plurality of users and generating a plurality of layers of a multilayer graph from the network resource data. Each layer of the plurality of layers may include a plurality of nodes, which are associated with users, connected by a plurality of edges, which are representative of node interdependency. The method also includes generating a plurality of adjacency matrices from the plurality of layers and generating a merged single layer graph based on a weighted sum of the plurality of adjacency matrices. The method further includes generating anomaly scores for each node in the merged single layer graph and determining a set of anomalous users based on the anomaly scores.

Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.

A method, including identifying, in network data traffic, multiple scans, each of the scans including an access, in the traffic, of multiple ports on a given destination node by a given source node during a time period. A group of high-traffic ports are identified in the traffic that include one or more ports that receive respective volumes of the traffic that exceed a threshold, and respective signatures are generated for the identified port scans that indicate the ports other than the high-traffic ports that were accessed in each of the port scans. A respective frequency of occurrence of each of the signatures over the set of the port scans is computed, and a whitelist of the signatures for which the respective frequency of occurrence is greater than a threshold is assembled. Upon detecting a port scan for which the respective signature is not whitelisted, a preventive action is initiated.

Disclosed embodiments may include a system that may receive first level authentication data from a first user, identify a first user device associated with the first user, and determine whether a current location of the first user device is within a predetermined proximity of a first computing device. In response to the determination, the system may detect one or more objects within the predetermined proximity of the first computing device using the one or more positional sensors. The system may determine that at least one of the one or more objects is associated with a human, and in response, trigger a security measure. The system may transmit an indication of the triggered security measure to the first computing device, and may transmit instructions to the first user device configured to cause the first user device to provide an alert to the first user.

The described technology is generally directed towards homoglyph attack detection. A homoglyph attack detection service can create images of customer's protected domain names. A convolutional neural network can generate feature vectors based on the images. The feature vectors can be stored in a similarity search data store. Newly observed domain names can be compared to the customer's protected domain names, by also generating feature vectors for the newly observed domain names and conducting approximate nearest neighbor searches. Search results can be further evaluated by comparing protected domain names to newly observed domain names using a siamese neural network which applies a similarity threshold. Newly observed domain names that meet or exceed the similarity threshold can be flagged for further action.

A communication brokering device receives, from a first device, a measurement of at least one of a bit-error-rate (BER) or a signal-to-noise ratio (SNR) associated with receipt of a transmission at the first device. The communication brokering device determines whether the first device is vulnerable to message interception or eavesdropping based on the measurement of the at least one of the BER or the SNR. The communication brokering device controls communications between at least one second device and the first device based on the determination of whether the first device is vulnerable to message interception or eavesdropping.

The present invention disclose a key distribution method. The method includes obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element. According to present invention, data can be protected against an eavesdropping attack in a sending process.