Abstract: A method, a system, and a non-transitory computer readable medium are disclosed for a voice based application blocker. The method includes receiving, on a gateway, a text message from a mobile device; tokenizing, on a processor of the gateway, the text message into at least a user and a purpose, the purpose being denying or granting access of the user to one or more applications from the gateway; and creating, on a firewall of the gateway, blocking rules for the user to the one or more applications from the gateway.

Abstract: A network apparatus receives a connection request from a client computing device toward a target computing device. Next a target identifier that identifies the target computing device is extracted from the connection request. The connection request is sent to the target computing device and a reputation request with the target identifier is sent to a web resource analyser engine. In response to detecting that a response from the target computing device is received before a response from the web resource analyser engine, the response to the connection request from the target computing device is held by performing a rewrite in a target section of a user-space utility program rule and by using operating system kernel module in user-space memory area of the network apparatus. In response to a receipt of the response from the web resource analyser engine, the response to the connection request is released.

Abstract: In accordance with a first aspect of the present disclosure, an enrollment device is provided, comprising: a token interface unit configured to couple the enrollment device to an external user authentication token; a user interface unit configured to provide visual information to a user through a plurality of optical output elements, said visual information being indicative of a progress of a biometric template enrollment in the authentication token; a user interface control unit configured to receive input data indicative of said progress from the authentication token through the token interface unit and to control the user interface unit using said input data.

Abstract: A new approach is proposed to support firewall protection of dynamically introduced routes in an internal communication network. Under the proposed approach, all routes dynamically introduced into the internal communication network via a dynamic routing service are dynamically learned and tagged by a route collection engine. A dynamic network object is created, which is a software component configured to store a plurality of single IP addresses and/or IP address ranges of the dynamically learned routes in a dynamic routing network. A firewall engine of the internal communication network is configured to create one or more firewall rules referencing the dynamic network object and apply various security measures/policies to network data packets routed on the dynamically learned routes in the dynamic routing network based on IP address matching with the dynamic network object.

Abstract: A document production system may construct a document from fragments based on a theme associated with the document. The theme may contain section(s), each section having an access control list (ACL) associated therewith. The ACL may specify role-based user group(s) and permission(s) for the role-based user group(s). The system may evaluable rules applicable to the document. At least one rule may pertain to the ACL(s). The evaluation may include, at least in part, utilizing user login information received over a network from a client device. In constructing the document, the system may assemble the document in accordance with the rules and utilizing the fragments and meta information that describes the document. The system may render the document thus assembled utilizing the ACL, generate a view of the document, and communicate the view of the document over the network to the client device for presentation on the client device.

Abstract: A mesh network system suitable for connection to a cloud server is provided. The system includes: a first node device, configured to store a first private key and encrypt to-be-verified data according to the first private key to generate first encrypted data; and a second node device, configured to receive the first encrypted data and send the first encrypted data to the cloud server. After sending the first encrypted data, the second node device obtains, from the cloud server, second encrypted data generated by encrypting a first key according to the first public key. The second node device sends the second encrypted data to the first node device. The first node device decrypts the second encrypted data according to the first private key to obtain the first key from the second encrypted data, and performs encrypted communication with the cloud server according to the first key.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to monitor, alert, authenticate, and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.

Abstract: An example method of enforcing granular access policy for embedded artifacts comprises: detecting an association of an embedded artifact with a resource container; associating the embedded artifact with at least a subset of an access control policy associated with the resource container; and responsive to receiving an access request to access the embedded artifact, applying the access control policy associated with the resource container for determining whether the access request is grantable.

Abstract: A method for authenticating a secure credential transfer to a device includes verifying user identity and device identity. In particular, the method includes verifying user identity by requesting and receiving a user identification input at a first client device and verifying device identity of a second client device by (i) determining a security status of the second client device from hardware of the second client device, (ii) invoking an identifier related to the security status of the second client device to an authentication server, and (iii) obtaining certification from the authentication server for the second client device based on the invoked identifier. After verifying the user identity and the device identity, the method includes establishing a secure channel between the first client device and the second client device for the secure credential transfer using one or more tokens generated by the authentication server.

Abstract: In some embodiments, a method may involve a computing system sending, to a client device, first data indicating that the client device is authorized to send an application programming interface (API) call to the computing system during at least a first time slot. The computing system may receive, from the client device, a first API call during the first time slot, and may process the first API call. In some embodiments, a method may involve a computing system sending, to a client device, first data indicating that the client device is prohibited from sending an API call to the computing system during at least a first time slot. The computing system may receive, from the client device, a first API call during a second time slot that is different than the first time slot, and may process the first API call.

Abstract: Disclosed herein is an apparatus for estimating randomness of a random number generator. The apparatus is configured to divide output data (302), generated by the random number generator (704), into blocks (310) of a length (L), estimate a Shannon entropy of a second sub-set (404) of the blocks (310), using a first sub-set (402) of the blocks (310) to initialize the estimating, solve an estimate function, that relates an argument parameter (?) to the Shannon entropy estimate, to determine a value for the argument parameter (?) that is indicative of a probability of a most probable block being generated by the random number generator (704) as a new block, and use the length (L) to tune an estimate of randomness of the random number generator (704) calculated based on the value for the argument parameter (?).

Abstract: Systems, methods, and apparatuses for a secure digital controls portal enabling enhanced control over account functionalities and usage of secure information provided to third party systems and devices maintained by various federated and non-federated provider computing systems of various product and service providers. The secure digital controls portal can interface with various provider computing systems via custom APIs protocols. The API protocols may utilize APIs that are particular to the software and hardware operated by the various provider computing systems. The secure digital controls portal can also standardize information from the various provider computing systems. The secure digital controls portal can be a central portal accessible via a client application running on a user device that enhances one-stop switch control and security of a user's digital footprint.

Abstract: An inner-product functional encryption scheme in which the maximum length of a ciphertext and the maximum length of a secret key are not restricted can be constructed. An encryption device (20) generates a ciphertext ctx in which a vector x is encrypted, using encryption setting information that is of a size depending on the size of the vector x and is generated using as input public information of a fixed size. A key generation device (30) generates a secret key sky in which a vector y is set, using key setting information that is of a size depending on the size of the vector y and is generated using as input the public information. A decryption device (40) decrypts the ciphertext ctx with the secret key sky to calculate an inner-product value of the vector x and the vector y.

Abstract: A method for communicating information relating to test results of a user includes obtaining test results of a user. An assertion is derived from the test results of the user. The test results are input to a pre-provisioned first algorithm. The assertion is encapsulated in a first data object by a PGE that controls an environment in which the first algorithm is executed. A first proof is generated which is configured to be usable to verify that the first algorithm used the test results to produce the assertion when provided to a PVE along with the first data object. The test results itself are excluded from the first proof and the first data object such that privacy of the test results is maintained. The first proof and the first data object are communicated to a receiving communication device from an enterprise communication device associated with the user and an enterprise.

Abstract: Embodiments establish a pool of tunnel connections using a secure protocol. A pool of tunnels can be initiated from endpoint connection managers to cloud connection managers, where a request is received from the endpoint connection managers by the cloud connection managers. A request from a cloud client to communicate with a secure computing device using a first of the endpoint connection managers is received at a first of the cloud connection managers. One of the pool of tunnels that is connected to the first endpoint connection manager is identified. The identified tunnel is configured to connect the cloud client and the first endpoint connection manager.

Abstract: Physical layer key generation provides privacy protection technique suitable for devices with limited computational ability. A key generation algorithm is based on OFDM waveforms. By exploiting the holistic CSI, key generation rate (KGR) is improved significantly. A cross-layer encryption protocol is based on the key generation algorithm and the AES. The secrecy of the encryption is enhanced compared to traditional encryption schemes with one pre-shared key (e.g., WPA2-PSK), even when some generated keys are leaked to the eavesdropper. The results lead to practical and robust applications of physical layer key generation.

Abstract: A data collecting system includes a central server and at least one edge server capable of bi-directionally communicating with the central server. The edge server includes a collecting unit that collects data generated by a group of devices, and an output processing unit that encrypts the collected data and transmits the encrypted data to the central server. The encryption of the collected data is performed in accordance with an encryption policy that defines encryption schemes for different combinations of a device type and a data type.

Abstract: Provided are embodiments for performing encryption and decryption. Embodiments include generating a random key address, obtaining a pre-stored key using the random key address, and re-arranging portions of the pre-stored key using the random key address and a first enable signal. Embodiments also include selecting a dynamic logic operation based on the random key address and a second enable signal, receiving data for encryption, and combining portions of the received data for encryption with the re-arranged portions of the pre-stored key using the dynamic logic operation to produce encrypted data. Embodiments include re-arranging portions of the encrypted data based on the random key address and a third enable signal, and combining the re-arranged portions of the encrypted data with the random key address into an encrypted data packet for transmission. Also provided are embodiments for a transmitter and receiver for performing the encryption and decryption.

Abstract: Techniques are disclosed to provide enforceable pseudonymous reputation through chained endorsers. In various embodiments, a request associated with a chained endorsement operation is received via a communication interface. A client identity information is extracted from the request. Data comprising or associated with the client identity information is combined with a secret value. A one-way transform of the combined value is performed. A result of the one-way transform is returned to a client with which the chained endorsement operation is associated.

Abstract: One embodiment provides a method, including: receiving, at an audio capture device associated with an information handling device, command input from a user; providing, to the user and responsive to receiving the command input, a confirmation query, wherein the confirmation query is formed utilizing context data associated with an authorized user; determining, using a processor, whether a response to the confirmation query provided by the user matches a predetermined answer; and performing, responsive to determining that the response matches the predetermined answer, a function corresponding to the command input. Other aspects are described and claimed.