Abstract: There is provided a computerized method of secure communication between a source computer and a destination computer, the method performed by an inspection computer and comprising: receiving data sent by the source computer to the destination computer; inspecting the received data using one or more filtering mechanisms, giving rise to one or more inspection results; separately signing each of the one or more inspection results; determining, based on an inspection management policy, whether to send at least some of the inspection results and/or derivatives thereof for manual inspection; upon a positive determination, providing manual inspection of the at least some inspection results and/or derivatives thereof, and providing signing of the at least one manual inspection result; and analyzing signed inspection results and performing additional verification of the signed inspection results when a result of the analyzing meets a predefined criterion specified by the inspection management policy.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to encrypt media for identification. An example apparatus includes a mesh generation controller to generate a mesh based on an encryption matrix; an overlap controller to eliminate overlapping ones of edge connections of the mesh; an edge labelling controller to generate random labels for the edge connections based on a number of remaining ones of the edge connections of the mesh; an encrypted value controller to generate encrypted values based on the random labels; and an encryption controller to encrypt an input matrix with the encrypted values to enable identification of the input matrix.

Abstract: Techniques are disclosed to automate TLS certificate rotation. For example, a certificate rotation event may be detected from a certificate management tool. The certificate rotation event may be associated with a first certificate and may indicate that the first certificate is to be updated with a second certificate. An application server that is running on a host and to which the first certificate is bound may be identified. A certificate identifier for the second certificate may be provided to one or more agents running on the host. A distribution service may obtain certificate information, e.g., a public key, a private key, or a certificate identifier for the second certificate, from the certificate rotation tool. Some or all of the certificate information for the second certificate may be obtained by the one or more agents running on the host. The one or more agents may instruct the application server to bind the second certificate.

Abstract: Techniques described herein can be utilized to implement a protocol for performing an unbiased selection of a particular worker node among a plurality of worker nodes to execute a computational task. Nodes of a distributed network may register to join a group membership by generating quantities derived at least in part from a hierarchical data structure, such as an accumulation tree, whose parameters are defined by a manager node. The manager node may utilise the quantities provided by the plurality of worker nodes to perform an unbiased selection of a worker node from among the plurality of worker nodes to perform a computational task. The invention is particularly suited, but not limited to, for use in a blockchain network such as Bitcoin. In at least some cases, the manager node cannot determine, based on quantities supplied by the worker nodes, whether a particular worker node was selected to perform the computational task.

Abstract: Embodiments disclosed herein relate to allowing unauthenticated UEs to gain restricted access to an operator network to access network access subscription service. Once the unauthenticated UE successfully downloads a subscription profile for accessing the operator network, the unauthenticated UE can disconnect and can, thereafter, authenticate to the operator network using the subscription profile. Embodiments disclosed herein can perform one-way authentication to the operator network for obtaining a limited connectivity to reduce DoS attacks on the operator network. More specifically, these embodiments can support unauthenticated UEs to allow unauthenticated UEs to access the operator network for RLOS while minimizing DoS attack.

Abstract: A method including obtaining, by a key management computer, a key rotation period based on at least an adversarial storage limit. The key management computer can then generate a first cryptographic key. The key management computer can then generate a second cryptographic key to replace the first cryptographic key according to the key rotation period.

Abstract: A technique provides access to content within a computing environment. The technique involves identifying a network address to a resource which is currently blocked from being accessed via the network address due to operation of a content filter. The technique further involves, based on previously accessed content, modifying the operation of the content filter to unblock access to the resource via the network address. The technique further involves, after the operation of the content filter is modified to unblock access to the resource via the network address, permitting access to the resource via the network address.

Abstract: A method is provided for monitoring the integrity of a physical object, wherein the object receives a request of a server via a communication network. The request includes a digital character string, and in response to the received request, an electronic system of the object ascertains the digital fingerprint of the object and combines the ascertained digital fingerprint with a digital secret, which is known to the server and is stored in a memory device, and with the received character string (C) in order to form a response. The object transmits the response to the server via the communication network for analysis.

Abstract: An authenticated, ID-based private/public key pair, with a self-certified public key, is generated using Kummer arithmetic without bilinear pairings. Two or more parties can generate such key pairs and use them as their respective long-term key pairs which, when combined with the parties' short-term key pairs, can allow the parties to establish an authenticated, short-term shared key. Some embodiments are suitable for connected vehicles communicating with each other and/or with other systems. Other features are also provided.

Abstract: Technology is disclosed for improving user privacy and providing user control over user-activity data collected from personal computing devices (i.e., user devices). User devices may be configured to operate in a private mode that enables a user to control, for example, which aspects of user-activity data are provided to applications and services running on their user device; to obscure or modify aspects of user-activity data so that certain applications and services, which may require this information to operate, may still function, but that the obscured information provided to these applications and services preserves user privacy or no longer may be used to identify the user; or to remove evidence of user-activity data created, monitored, reported, or otherwise collected by or on the user device while the user is operating their user device in the private mode setting.

Abstract: Presenting, at a graphical user interface (GUI), device photos and risk categories associated with devices in a network is described. Data packets communicated in a network are detected. Based on the detected data packets, a set of devices in the network are determined. A set of device photos associated respectively with the set of devices are determined. A GUI concurrently presents the set of device photos to indicate the set of devices detected in the network. The set of devices may be filtered, sorted, and/or grouped based on various criteria. The GUI may present the device photos according to the filtering, sorting, and/or grouping. Additionally or alternatively, risk scores associated respectively with the set of devices are determined. The set of devices are categorized into respective risk categories based on the associated risk scores. A GUI concurrently presents a set of risk categories and information associated with each risk category.

Abstract: A method of authenticating a mobile device over Bluetooth advertisements according to one embodiment includes broadcasting, by an access control device, a first Bluetooth advertisement including a challenge message generated by the access control device, receiving, by the mobile device, the first Bluetooth advertisement including the challenge message, broadcasting, by the mobile device, a second Bluetooth advertisement including a challenge response message generated by the mobile device based on the challenge message, receiving, by the access control device, the second Bluetooth advertisement including the challenge response message, and determining, by the access control device, whether the mobile device is authorized to perform an action with respect to the access control device by verifying the challenge response message.

Abstract: In one embodiment, a method includes: receiving, by a first computing device on a first port of a plurality of ports, a data packet, wherein each of the ports corresponds to one of a plurality of security classes, and the first computing device comprises a plurality of cryptographic modules, each module configured to encrypt data for a respective one of the security classes; tagging the data packet, wherein tagging data identifies one of the security classes and the first port; routing, based on at least one header, the data packet to a first cryptographic module of the plurality of cryptographic modules; encrypting the data packet using the first cryptographic module; and storing the encrypted data packet in a first data storage device.

Abstract: A network apparatus controlling method includes: in a device configuration stage, causing the libraries of a plurality of node devices to have the same network key; electrically connecting to the intermediary node device; obtaining the device name of the intermediary node device; according to the device name, identifying the library of the intermediary node device and the content of the library to confirm an accessing encryption process used by the library; and switching to the accessing encryption process to complete the accessing encryption process between the network apparatus controlling device and the intermediary node device such that the network apparatus controlling device can send an order data to the plurality of node devices in the mesh network via the intermediary node device.

Abstract: Methods, systems, and apparatus, including a method for preventing fraud. In some aspects, a method includes: receiving, from multiple client devices, a measurement data element that includes a respective group member key and a group identifier for a given conversion as a result of displaying a digital component. Each client device uses a threshold encryption scheme to generate, based at least on network data that includes one or more of impression data or conversion data for the conversion, a group key that defines a secret for encrypting the network data and generate, based on data related to the application, the respective group member key that includes a respective share of the secret. In response to determining that at least the threshold number of measurement data elements having the same group identifier have been received, the network data is decrypted using the group member keys in the received measurement data elements.

Abstract: An information processing apparatus includes a processor configured to detect unauthorized access from a subject terminal to a subject host as a result of inputting subject input data into an autoencoder, an Internet protocol address of the subject terminal and an Internet protocol address of the subject host being used as at least part of the subject input data, the autoencoder having performed learning by using learning data, an Internet protocol address of a terminal and an Internet protocol address of a host to which the terminal has connected being used as at least part of the learning data.

Abstract: The technology described herein uses data in certificate transparency (CT) logs to identify security certificates that are likely to be used for phishing or brand violation. The technology described uses machine vision technology to analyze the domain name in a CT log as a user would view it. The domain name in the CT log is rendered as it might appear in a web browser's address bar. The rendered domain name is then converted to a text string using optical character recognition (OCR). The text string generated by OCR is then analyzed by a brand detection system to determine whether the text string matches a brand name. When a known brand is detected, a trust analysis is performed to determine whether the security certificate in the CT log is actually associated with the brand.

Abstract: A communication apparatus includes a first communication unit for unencrypted communication compliant with a first standard for communication, and a second communication unit for encrypted communication compliant with a second standard for communication, In a case where connection information used for the second communication unit to perform encrypted communication with an external apparatus has been received from the external apparatus via the first communication unit, a control unit records the connection information on a recording medium.

Abstract: A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.

Abstract: A system, method and computer program product for computer based open innovation, includes an asset valuation device receiving asset information regarding tangible or non-tangible assets, and generating a valuation signal, based thereon; a self-executing code device receiving the valuation signal, and generating a self-executing code signal, based thereon; an air router device having both low band radio, and internet router channels for redundant internet communications, and a malicious code removal device for scrubbing malicious code from data received, receiving the valuation signal, and generating a node voting request signal, based thereon; a mesh network having node devices receiving the node voting request signal, and generating vote confirmation signals, based thereon; and computing devices connected to each of the respective node devices, and configured to perform non-fungible token (NFT) generation based on the assets, including tracking respective ownership and valuation of the assets, based on the