Abstract: In some implementations, a system can be used to selectively transmit bandwidth-intensive data over a cellular network based on dynamically determining resource availability over the cellular network. Monitoring system data to be transmitted to a remote server can initially be obtained by a component of a monitoring system. One or more network performance tests may be performed on a carrier network associated with the monitoring system. One or more network performance parameters can be computed based on results of the one or more network performance tests. The one or more network performance parameters can then be evaluated in relation to transmission requirements associated with the monitoring system data. A particular transmission strategy to use in transmitting the monitoring system data to the remote server can then be selected from among multiple transmission strategies. The monitoring system data is then transmitted to the server in accordance with the particular transmission strategy.

Abstract: A system and method for determining human keystrokes in a secure shell (SSH) session from SSH session data traffic provides insight and evidence of an intrusion into a computer network. In one embodiment, the presence of human keystroke(s) in an SSH session may be inferred using a sensor appliance. In one embodiment, the SSH data traffic is encoded in a vector, one or more communication patterns are identified in the vector and the presence of human keystrokes may be inferred from the one or more communication patterns.

Abstract: A credential authorization device having a first fingerprint sensor, configured to detect first sensor data representing one or more elements of a finger from a first person in contact with the first fingerprint sensor; a second fingerprint sensor, configured to detect second sensor data representing one or more elements of a finger from a second person in contact with the second fingerprint sensor; and one or more processors, configured to determine an authorization for a transaction based on an authentication of the first sensor data and the second sensor data.

Abstract: A system can include a certificate application programming interface (API) device that is operable to receive, via an application programming interface (API), an enrollment request for the at least one computerized device. The certificate API device can also generate, via the API, an enrollment package and an end entity certificate package for the at least one computerized device by obtaining the enrollment package and the end entity certificate package from a certificate management service (CMS). The certificate API device can also transmit, via the API, the enrollment package and the end entity certificate package to the at least one computerized device. The system can also include the CMS that is operable to provide the enrollment package and the end entity certificate package to the certificate API device.

Abstract: Techniques are disclosed for generating intent-based policies and applying the policies to traffic of a computer network. In one example, a policy controller for the computer network receives traffic statistics for traffic flows among a plurality of application workloads executed by a first set of computing devices. The policy controller correlates the traffic statistics into session records for the plurality of application workloads. The policy controller generates, based on the session records for the application workloads, application firewall policies for the application workloads. Each of the application firewall policies define whether traffic flows between application workloads are to be allowed or denied. The policy controller distributes the application firewall policies to a second set of one or more computing devices for application to traffic flows between instances of the application workloads.

Abstract: Computing devices and method for performing a secure neighbor discovery. A local computing device transmits an encrypted local node identifier and an encrypted local challenge to a remote computing device. The remote computing device generates a local challenge response based on the local challenge; and transmits an encrypted remote node identifier and an encrypted local challenge response to the local computing device. The local computing device determines that the received local challenge response corresponds to an expected local challenge response generated based on the local challenge. The remote computing device further transmits an encrypted remote challenge. The local computing device generates a remote challenge response based on the remote challenge; and transmits an encrypted remote challenge response to the remote computing device.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: A method for communication between microservices, performed by a first host machine node, includes: obtaining a first microservice instance located on the first host machine node, determining a first microservice to which the first microservice instance belongs, and determining a list of triples corresponding to the first microservice according to the first microservice. The list of triples corresponding to the first microservice includes at least one triple, each triple of the at least one triple includes a visitor of the microservice, a visited party of the microservice, and an access port, and the visitor of the microservice of each triple included in the list of triples corresponding to the first microservice is the first microservice. The method also includes determining, by the first host machine node, an access policy of the first microservice instance according to the list of triples corresponding to the first microservice.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for network security using Root of Trust (RoT). A node in the vehicle networking system receives an authentication message from an adjacent node in the vehicle networking system. The authentication message included identifying information of the adjacent node that is digitally signed with a digital signature having been generated using a private key. The adjacent node accessed the identifying information of the second node from a source image authenticated during a secure boot of the adjacent node. The node accesses a public key available to the node and authenticates the adjacent node based on the public key and the digital signature included in the authentication message.

Abstract: Embodiments include cryptographic circuits having isolated operation with respect to embedded sensor operations to mitigate side-channel attacks. A cryptographic circuit, a sensor, and an analog-to-digital converter (ADC) circuit are integrated into an integrated circuit along with a cryptographic circuit. A sensed signal is output with the sensor, and the sensed signal is converted to digital data using the ADC circuit. Further, cryptographic data is generated using one or more secret keys and the cryptographic circuit. The generation of the cryptographic data has isolated operation with respect to the operation of the sensor and the ADC circuit. The isolated operation mitigates side-channel attacks. The isolated operation can be achieved using power supply, clock, and/or reset circuits for the cryptographic circuit that are electrically isolated from similar circuits for the sensor and ADC circuit. The isolated operation can also be achieved using time-division multiplex operations.

Abstract: An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to receive an incoming partial reconfiguration (PR) bitstream corresponding to a new PR persona to configure a region of the apparatus; perform, as part of a PR configuration sequence for the new PR persona, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation, the second clear operation performed using a persona-dependent mask corresponding to the new PR persona.

Abstract: A system includes a device including one or more sensors that generate one or more signals used to detect whether an unauthorized activity has occurred at the device. The device is configured to transmit the one or more signals generated by the one or more sensors. The central monitoring device is configured to receive the one or more signals and compare the one or more signals with a baseline signal for the device. The baseline signal includes an expected signal for each of the one or more sensors when the unauthorized activity has not occurred. The monitoring device determines whether the unauthorized activity has occurred based on a result of the comparison.

Abstract: The present application relates to systems and methods using biometric data of an individual for identifying the individual and/or verifying the identity of an individual. These systems and methods are useful for, amongst many applications, more secure identification of high-risk individuals attempting to gain access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, and/or funds.

Abstract: A Real-Time Clock (RTC) block configured to output a current time as part of an ASIC configuration that guarantees that the RTC can never be rolled back beyond a checkpointed date and time. A checkpoint memory block is coupled to the RTC block and configured to include a stored active date/time checkpoint, and a set RTC logic block is coupled to the checkpoint memory block and to the RTC block and configured to permit setting the RTC block to an asserted new time request only when the asserted new time is in the future relative to the stored active date/time checkpoint. The active date/time checkpoint is stored in a non-volatile, single-write memory location such as in a one-time programmable (OTP) memory or in a bank of fuses so that the stored active date/time checkpoint is maintained whether or not power is interrupted to the checkpoint memory block.

Abstract: An electronic device and method are disclosed, the method including a communication circuitry, a memory storing an application, a display, and a processor operatively connected with the communication circuitry, the memory, and the display. The processor executes the method, including: receiving a request to execute the application, outputting an information input screen relevant to executing the application on the display based on the request, receiving at least one piece of input information to be entered into the information input screen, from a specific external electronic device via the communication circuitry, and automatically entering the at least one piece of input information into the information input screen.

Abstract: A method, apparatus, and computer program product for improved risk compliance management are provided. An example method includes receiving, by a computing device, a request for an authenticated online session. The method further includes obtaining, by identification circuitry of the computing device, one or more first risk parameters associated with a first session establishment process. The one or more first risk parameters are associated with a first vendor performing the first session establishment process. The method further includes determining, by risk compliance circuitry of the computing device, if the one or more first risk parameters satisfy one or more first risk thresholds. In response to this determination, the method includes modifying, by risk adjustment circuitry of the computing device, one or more second risk thresholds associated with a second session establishment process to be performed by a second vendor.

Abstract: Systems and methods of managing a shared cryptographic account for a first user and at least one second user in a blockchain based computer network, including: generating, by a first computing device of the first user, a first share of a cryptographic key, generating, by a server, a corresponding second share of the cryptographic key, wherein the cryptographic key corresponds to a public key and private key pair, and wherein the private key is configured to decrypt shares of the cryptographic key that are encrypted by the public key, generating a group ID for a group of users of the shared cryptographic account, distributing, by the server, the first share among each of the at least one second user, and enforcing a signing logic scheme for users of the group when signing with the shared cryptographic account.

Abstract: Embodiments described herein leverage web cookies to carry messages across cloud application communications, wherein the messages are between entities that are not part of the cloud application itself. For example, in embodiments, a proxy server is interconnected between a client computer that is executing a front-end component of an application and an application server that is executing a back-end component of the application. The proxy server intercepts a request from the front-end component that is intended for the back-end component and generates a response thereto that includes a command to create a web cookie at the client computer, wherein the web cookie includes data to be utilized by a custom code component of the client computer. The proxy server may further cause the custom code component to be injected into the front-end component of the application for execution by the client computer.

Abstract: A method, apparatus and computer program product, the method comprising: receiving by a device present at a mobile environment, data relating to a computerized task; obtaining information related to a future state of the device or the mobile environment or another device within the mobile environment; determining indications for resource availability associated with the future state; determining a scheme for performing at least part of the computerized task offsite, in accordance with the resource availability; and transmitting data over a communication channel to a remote computing platform for performing the at least part of the computerized task offsite, in accordance with the scheme.