Abstract: The method includes receiving a challenge request sent by a first service trusted server and obtaining to-be-verified information of the first service trusted server in the challenge request; sending a verification request to a trusted remote proving server, wherein the verification request includes the to-be-verified information of the first service trusted server; and obtaining a verification response returned by the trusted remote proving server.

Abstract: Presenting, at a graphical user interface (GUI), device photos and risk categories associated with devices in a network is described. Data packets communicated in a network are detected. Based on the detected data packets, a set of devices in the network are determined. A set of device photos associated respectively with the set of devices are determined. A GUI concurrently presents the set of device photos to indicate the set of devices detected in the network. The set of devices may be filtered, sorted, and/or grouped based on various criteria. The GUI may present the device photos according to the filtering, sorting, and/or grouping. Additionally or alternatively, risk scores associated respectively with the set of devices are determined. The set of devices are categorized into respective risk categories based on the associated risk scores. A GUI concurrently presents a set of risk categories and information associated with each risk category.

Abstract: A communication device includes a plurality of key distributing units, a plurality of communicating units, a monitoring unit, and a switching unit. The plurality of key distributing units have a quantum key distribution function for sharing a quantum key with an external distribution device. The plurality of communicating units communicate with an external communication device using the quantum key. The monitoring unit monitors operational status indicating at least one of transmission-reception status of photons in the quantum key distribution function, generation status of generating the quantum key, and obtaining status of obtaining the quantum key. The switching unit switches a control target, which either represents one of the key distributing units or represents one of the communicating units, from a first control target to a second control target other than the first control target according to the operational status.

Abstract: Implementations of this specification provide for monitoring time certificate generation requests. An example method performed by a database service that stores data in a blockchain includes, in response to receiving a time certificate generation request, determining a starting block height H1 and an ending block height H2 of a target ledger of the blockchain corresponding to the time certificate generation request; in response to determining that the starting block H1 of the target ledger is greater than a block height H of time authenticated data blocks maintained by the database service, executing the time certificate generation request; and in response to receiving a time certificate generated by a time authentication service for the time certificate generation request, changing a value of the block height H of time authenticated data blocks maintained by the database service to the ending block height H2 of the target ledger.

Abstract: A firewall is described that is integrated in an input stage of a packet processing pipeline so that it recognizes and has access to internal information regarding the different services, such as conduit, intranet, Internet, local vs WAN, applications, and security zones, of a communication network, such as an adaptive private network (APN). The integrated firewall is able to dynamically access the service type, respond to the service type, and adjust the service type based on conditions in the network. Since application awareness and security functions are integrated, customers can set security policies on software applications. The integrated firewall also provides automatic detection of applications, classifies applications based on domain names, steers traffic to services according to software applications, reports on software applications in passthrough traffic, and provides analysis of traffic that does not match a software application so that a user can investigate and define custom applications.

Abstract: The present disclosure provides confidential verification for FPGA code. Confidential verification for FPGA code can include receiving the policy from a cloud service provider (CSP) computing device, wherein the policy comprises a plurality of policy requirements used to determine whether to configure the FPGA using the code, receiving the code and the code encryption key from the user computing device, determining whether the code fulfills the plurality of policy requirements, and when the code fulfills the plurality of policy requirements encrypting and integrity protect the code using the code encryption key and providing the encrypted and integrity protected code to an accelerator loader to configure the FPGA using the code.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes causing display of one or more first graphical controls enabling a user to define a filter of an anomaly action rule, the filter defining at least one of an attribute of an anomaly or an attribute of a computer network entity. The method also includes causing display of one or more second graphical controls enabling a user to define an action to take with respect to the anomaly action rule. The method further includes generating the anomaly action rule based on interaction by a user with the one or more first and second graphical controls, wherein the anomaly action rule causes performance of the action upon detecting an anomaly that satisfies the anomaly action rule.

Abstract: A service consumer that utilizes a cloud-based access service provided by a service provider has associated therewith a network that is not capable of being controlled by the service provider. An enterprise connector is supported in this uncontrolled network, preferably as an appliance-based solution. According to this disclosure, the enterprise configures an appliance and then deploys it in the uncontrolled network. To this end, an appliance is required to proceed through a multi-stage approval protocol before it is accepted as a “connector” and is thus enabled for secure communication with the service provider. The multiple stages include a “first contact” (back to the service) stage, an undergoing approval stage, a re-generating identity material stage, and a final approved and configured stage. Unless the appliance passes through these stages, the appliance is not permitted to interact with the service as a connector.

Abstract: A local segment analysis and security (LSAS) engine method, computer program product, and apparatus are provided. The LSAS engine collects status metrics indicating a current operational status of the computing resources within a first segment of a computing environment, analyzes the status metrics to determine whether the first segment is the target of a first attack, and receives, from another LSAS engine of a second segment of the computing environment, a message indicating a status of the second segment with regard to the second segment being a target of a second attack. The LSAS engine determines a security response action to implement based on the received message and results of the analysis and transmits a control message to a computing resource of the first segment to implement the determined security response action. The security response action is at least one of a segmentation, dilution, or scaffolding security response action.

Abstract: In a semiconductor device and an information processing system according to one embodiment, an external device generates external device unique information by using a unique code which is a value unique to the semiconductor device, and generates second information by encrypting the first information with the use of the external device unique information. The semiconductor device stores the second information and generates the principal device unique information independently of the external device, with the use of the unique code of the semiconductor device holding the second information, and decrypts the second information with the use of the principal device unique information to obtain the first information.

Abstract: An amount of data change associated with a version of a content file with respect to one or more previous versions of the content file is determined. The amount of change associated with the version of the content file is determined using a tree data structure associated with the content file that is stored on a storage cluster. One or more statistics associated with backup snapshot are provided to a server. The server is configured to determine that the amount of data change associated with the version of the content file is anomalous based in part on the one or more statistics associated with the backup snapshot. A notification that data associated with the backup snapshot is potentially infected by malicious software is received from the server. The version of the content file is indicated as being potentially infected by malicious software.

Abstract: The disclosure is directed towards systems and methods for improving security in a computer network. The system can include a planner and a plurality of controllers. The controllers can be deployed within each zone of the production network. Each controller can be configured to assume the role of an attacker or a target for malicious network traffic. Simulations of malicious behavior can be performed by the controllers within the production network, and can therefore account for the complexities of the production network, such as stateful connections through switches, routers, and other intermediary devices. In some implementations, the planner can analyze data received from the controllers to provide a holistic analysis of the overall security posture of the production network.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure filtering of transactions at a hardware and protocol level using a security device included on a server. In particular, various embodiments provide approaches for filtering transactions on various buses, such as SMBus, PMBus, I2C, and SPI, within a server. This filtering logic can be utilized to modify requests for access to devices on those busses, certain memory or registers within the devices, and/or limit the quantity of transactions on those busses. Embodiments may provide a policy engine through which the filtering logic applied to a given bus or buses may be modified. When a transaction is received, one or more attributes of the transaction can be compared to one or more policies. If there is a match, the transaction can be modified according to the matched policy.

Abstract: Implementations include receiving a user provided example value of personally identifiable information (PII). Occurrences of the received example value are automatically identified in a dataset of events, wherein each occurrence is identified in a portion of raw machine data of a respective event of the events. For each occurrence of the identified occurrences, an extraction rule is generated, which defines a pattern of the occurrence of the example value and is executable to identify PII values in portions of raw machine data of the events using the pattern. Values of the PII are identified in a set of events using a set of extraction rules comprising the extraction rule of a plurality of the occurrences.

Abstract: A portable power charger is provided for charging one or more electronic devices using wireless power transmission components, such as a transmitter and a receiver for recharging the charger as well as electronic devices via wireless power transmission methods. At least one generally flat surface is provided on the charger housing for receiving and preferably holding an electronic device in place for wireless charging of the device. The portable charger unit may also include at least one power connection for connecting the charger with an external power source, or at least one electronic device, or both, for direct charge connectivity. The power connection can be a power connection port or a power connector cable, attached to the charger housing, each capable of acting as a power input, a power output, or both. A processing unit controls operation of the charger unit for wireless and direct charging.

Abstract: Embodiments include a method for data masking such as receiving, by a first data masking component, data including unmasked data for a first attribute, the first data masking component including a data set and a masking algorithm; generating, by the first data masking component, masked attribute data for the first attribute by applying the masking algorithm to the unmasked data associated with the first attribute using the data set; and replacing, by the first data masking component, the data for the first attribute in the first data with the masked attribute data.

Abstract: One embodiment provides a storage management system. During operation, the system identifies a data file of a user. The system obtains an encrypted client registry from a primary cloud provider in a plurality of cloud providers that provide cloud storage to the user and retrieves a key associated with a device of the user by decrypting the encrypted client registry using a hash of a password associated with the user. The system obtains credentials of the plurality of cloud providers by decrypting a locally stored cloud configuration using the key and generates a plurality of coded fragments from the data file based on a generator matrix of erasure encoding. The number of coded fragments is determined based on a number of the cloud providers associated with the user. The system selects a respective coded fragment for uploading to a corresponding cloud provider in the plurality of cloud providers.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes receiving user input defining attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on the user input, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.

Abstract: Authenticating an E-tournament identity using personal identity credentials. A method includes determining that a gaming device is configured for use in an E-tournament. The method further includes receiving from the device, user personal identity credentials. As a result, the method further includes, signing in to an E-tournament identity using the personal identity credentials.

Abstract: System and method for digitally signing messages using multi-party computation.