Abstract: Embodiments of the present disclosure relate to a method and apparatus for processing data. The method can include: receiving a SYN message with a destination address being a target IP; establishing a session based on a quadruple of the SYN message; and forwarding the SYN message to a server corresponding to the target IP.

Abstract: Methods and systems provide for preventing a false report of a compromised connection even though a security component receives an indication a connection is compromised, and the security component, by default, would report a compromised connection. In the method, the security component determines that captive portal authentication is enabled for a computing device. The security component requests a response from a server over a connection, with the response indicating that the connection is compromised. However, because captive portal authentication is enabled, the security component does not report the connection as being compromised.

Abstract: A firewall may identify a uniform resource locator (URL) being transmitted to a user device, the URL link pointing to a host system. The firewall can then modify the URL link to point instead to a sandbox system. Once a user at the user device selects the URL link (e.g., by clicking or touching it in a browser), the firewall receives the user device's HTTP request and directs it to the sandbox system, which generates a new HTTP request that is then sent through the firewall to the host system. The host system then sends host content to the sandbox system instead of to the user device. The user device may then be presented with a representation of the host content as rendered at the sandbox system (e.g., through a remote desktop interface).

Abstract: Aspects of the disclosure provide a technological improvement to a cipher by improving data security of format-preserving encryption (FPE), by, inter alia, embedding specific key identifiers for rotating keys directly into ciphertext. Aspects of the disclosure relate to methods, computer-readable media, and apparatuses for improving data security in a format-preserving encryption (FPE) context by using specific methods of rotating and identifying the appropriate encryption key from among numerous rotating keys stored in a key data store. Specific to FPE, a plaintext of the data and its corresponding ciphertext of the data remain the same in length/size; yet the methods, computer-readable media, and/or apparatuses disclosed herein permit embedding of an identification of a specific key among the plurality of rotating keys for the particular ciphertext without compromising the technical requirements of FPE.

Abstract: Techniques for a server-based association of a device with a user account are described. In an example, a computer system receives, from a second device, first data of a first device. The first data indicates a request for a first association between the first device and a user account. The computer system determines that the first data is valid based on second data associated with the first device. Based on the first data being valid, the computer system sends, to the second device, third data to initiate a user authentication. The computer system then receives, from the second device, a user identifier based on the user authentication and determines that a second association between the user identifier and the user account already exists. The computer system causes the first association between the first device and the user account to be generated based on the second association.

Abstract: In various example embodiments, a system and method for data mesh-based environmental augmentation are presented. Attribute data associated with a user may be received from a plurality of attribute sources. A portion of the attribute data may include real-time data. A portion of the real-time data indicative of an identity of the user may be identified. The identity of the user may be authenticated with respect to the real-time data by analyzing the identified portion of the real-time data. Based on the authentication of the identity of the user, a user activity being performed by the user may be identified based on the real-time data, and the user activity may be augmented according to a user setting.

Abstract: A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.

Abstract: A method for operating an industrial PC (IPC) device, wherein the IPC device includes a general-purpose operating system (GPOS) section implemented to execute program code under the GPOS, and a real time operating system (RTOS) section implemented to execute program code adapted to real-time data processing under the RTOS, includes providing a wrapped application program based on an application program including binary code designed to be executed under the RTOS and a security policy; validating the wrapped application program according to the security policy by an RTOS process for obtaining a validated application program; transferring the binary code of the validated application program and a security element from the RTOS process to a GPOS process; establishing a secure communications channel between the GPOS process and the RTOS section using the security element; and executing the binary code of the validated application program by the GPOS process.

Abstract: Method and system which provides an increase in the basic security, performance, and trust of consensus algorithms in distributed systems based on the use of quantum technology (quantum computing mechanisms). In order to do that, it is built a quantum trust network layer using quantum entanglement between nodes to avoid the current problems in consensus algorithms.

Abstract: The method includes receiving a challenge request sent by a first service trusted server and obtaining to-be-verified information of the first service trusted server in the challenge request; sending a verification request to a trusted remote proving server, wherein the verification request includes the to-be-verified information of the first service trusted server; and obtaining a verification response returned by the trusted remote proving server.

Abstract: Aspects of the subject disclosure may include, for example, obtaining, from a user device, a master-slave agreement and a first network configuration for a federated blockchain network, transmitting to a cloud service provider (CSP) node the first network configuration, generating first credentials, and transmitting the first credentials to the CSP node. The CSP node configures a first group of blockchain nodes according to the first network configuration and the first credentials. Further embodiments include transmitting the first credentials to a public server that sends it to a public blockchain node and an indication to generate a portion of the federated blockchain network. The public blockchain node configures a second group of blockchain nodes according to a second network configuration based on a public blockchain smart contract. The federated blockchain network comprises the first group of blockchain nodes and the second group of blockchain nodes. Other embodiments are disclosed.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for autonomous device authentication and compartment unlocking. Example methods may include determining, by a user device, an identifier associated with a target Bluetooth Low Energy peripheral device, receiving a beacon from a Bluetooth Low Energy peripheral device, and determining, using the beacon, that the Bluetooth Low Energy peripheral device is the target Bluetooth Low Energy peripheral device. Example methods may include establishing a connection with the target Bluetooth Low Energy peripheral device, and sending a signal to the target Bluetooth Low Energy peripheral device to implement an action, where the signal comprises a resource identifier, and where the target Bluetooth Low Energy peripheral device controls access to a plurality of resources, and uses the resource identifier to identify a resource of the plurality of resources at which to implement the action.

Abstract: Some embodiments enable distributing data (e.g., recorded video, photographs, recorded audio, etc.) to a plurality of users in a manner which preserves the privacy of the respective users. Some embodiments leverage homomorphic encryption and proxy re-encryption techniques to manipulate the respective data so that selected portions of it are revealed according to an identity of the user currently accessing the respective data.

Abstract: A system, method and computer program product for open innovation including an asset valuation device receiving asset information about tangible or non-tangible assets, and generating a valuation signal, based on the asset information; a self-executing code device receiving the valuation signal, and generating a self-executing code signal, based on the valuation signal; an air router device having both a low band radio channel, and an internet router channel for redundant internet communications, and a malicious code removal device for scrubbing malicious code from data received, receiving the valuation signal, and generating a node voting request signal, based on the valuation signal; and a mesh network having a plurality of node devices receiving the node voting request signal, and generating vote confirmation signals, based on the node voting request signal. Computing devices are connected to the node devices to perform problem solving, smart contract processing, and/or cryptocurrency mining.

Abstract: A communication device includes a plurality of key distributing units, a plurality of communicating units, a monitoring unit, and a switching unit. The plurality of key distributing units have a quantum key distribution function for sharing a quantum key with an external distribution device. The plurality of communicating units communicate with an external communication device using the quantum key. The monitoring unit monitors operational status indicating at least one of transmission-reception status of photons in the quantum key distribution function, generation status of generating the quantum key, and obtaining status of obtaining the quantum key. The switching unit switches a control target, which either represents one of the key distributing units or represents one of the communicating units, from a first control target to a second control target other than the first control target according to the operational status.

Abstract: A service consumer that utilizes a cloud-based access service provided by a service provider has associated therewith a network that is not capable of being controlled by the service provider. An enterprise connector is supported in this uncontrolled network, preferably as an appliance-based solution. According to this disclosure, the enterprise configures an appliance and then deploys it in the uncontrolled network. To this end, an appliance is required to proceed through a multi-stage approval protocol before it is accepted as a “connector” and is thus enabled for secure communication with the service provider. The multiple stages include a “first contact” (back to the service) stage, an undergoing approval stage, a re-generating identity material stage, and a final approved and configured stage. Unless the appliance passes through these stages, the appliance is not permitted to interact with the service as a connector.

Abstract: A system, method and computer program product for computer based open innovation including an asset valuation device receiving asset information regarding one or more tangible or non-tangible assets, and generating a valuation signal, based on the asset information; a self-executing code device receiving the valuation signal, and generating a self-executing code signal, based on the valuation signal; an air router device having both a low band radio channel, and an internet router channel for redundant internet communications, and a malicious code removal device for scrubbing malicious code from data received, receiving the valuation signal, and generating a node voting request signal, based on the valuation signal; and a mesh network having a plurality of node devices receiving the node voting request signal, and generating vote confirmation signals, based on the node voting request signal. The node devices are employed to perform problem solving, smart contract processing, and/or cryptocurrency mining.

Abstract: Systems, computer program products, and methods are described herein for implementing multi-dimensional data obfuscation. The present invention is configured to electronically receive, from a computing device of a user, a request to implement a multi-dimensional data obfuscation on a first database; initiate a data obfuscation engine on the first database based on at least receiving the request, wherein initiating further comprises: determining one or more data types associated with the one or more data artifacts; determining one or more exposure levels of the one or more data artifacts; retrieving, from a data obfuscation repository, one or more data obfuscation algorithms; and implementing the one or more data obfuscation algorithms on the one or more data artifacts based on at least the one or more data types; and generate an obfuscated first database based on at least initiating the data obfuscation engine on the first database.

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.

Abstract: According to an example aspect of the present invention, there is provided a method, comprising: receiving an input ordered set of transactions after a genesis block or a preceding compressed block in a chain of blocks, generating a compressed block on the basis of the input ordered set of transactions, wherein processing of the compressed block results to an equivalent final state as processing of the input ordered set of transactions, and providing the compressed block to a distributed network for establishing a new chain epoch and replacing a set of uncompressed blocks associated with the input ordered set of transactions.