Abstract: Techniques for determining whether a public encryption key is vulnerable as the result of deficiencies in pseudorandom number generation algorithms are provided. In some embodiments, a system may compile a database of cryptographic information received from a plurality of sources, including databases, and network traffic monitoring tools. RSA public keys extracted from the cryptographic information may be stored in an organized database in association with corresponding metadata. The system may construct a product tree from all unique collected RSA keys, and may then construct a remainder tree from the product tree, wherein each output remainder may be determined to be a greatest common divisor of one of the RSA keys against all other unique RSA keys in the database. The system may then use the greatest common divisors to factor one or more of the RSA keys and to determine that the factored keys are vulnerable to being compromised.

Abstract: The present disclosure relates to traffic monitoring through one or more access control servers configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data.

Abstract: Systems and methods include obtaining a plurality of parameters associated with a host; determining a fingerprint of the host utilizing the plurality of parameters; and providing the fingerprint to cloud service for enrollment and management of the host in the cloud service. The cloud service can include microsegmentation of the host. The cloud service can include any of Internet access for the host and private resource access by the host.

Abstract: There is provided a method of operating a network controller for enabling secure communication between network endpoints in a distributed network, as well as a network controller and a network switch and a method of operating a network switch. The network controller has a secure channel with each of the network endpoints. The network controller is providing, in connection with establishment of a network flow for communication between the network endpoints, symmetric keying material associated with and valid only for that network flow. The network controller is further enabling provisioning of the symmetric keying material to the network endpoints for allowing cryptographically secure communication between the network endpoints on a per-flow basis.

Abstract: A method including transmitting, by a first device included in a mesh network, a first public key associated with the first device; receiving, by the first device based at least in part on a determination that an external device is to be included in the mesh network, an external public key associated with the external device; and communicating, by the first device based at least in part on utilizing the external public key, with the external device to set up a meshnet connection associated with the mesh network. Various other aspects are contemplated.

Abstract: A registration device (200) generates an encryption keyword by encrypting a keyword with a registration key, generates an index including the encryption keyword and identification information which identifies a corresponding ciphertext, generates a conversion key from the registration key and a search key, and registers a plurality of ciphertexts, the index, and the conversion key in a server device (400). A search device (300) generates a search query by encrypting a keyword, and transmits the search query to the server device (400).

Abstract: A federation link is used to facilitate bi-directional identity federation between software applications. The federation link is created to include user and account identity information for software applications having respective authentication providers. The federation link is created by one of the software applications and shared, for example, with the authentication provider of the other software application. The federation link can be utilized by both software applications to facilitate automated user authentication when navigating in either direction between the software applications.

Abstract: A method including transmitting, by an external device not included in a mesh network, an external public key associated with the first device; receiving, by the external device based at least in part on a determination that the external device is to be included in the mesh network, a first public key associated with a first device included in the mesh network; and communicating, by the external device based at least in part on utilizing the first public key, with the first device to set up a meshnet connection associated with the mesh network. Various other aspects are contemplated.

Abstract: In one aspect, an illustrative methodology implementing the disclosed techniques includes, by a computing device, receiving input via an application of the computing device, the input to initiate navigation to an electronic resource, and determining that navigation to the electronic resource via the application is insecure. The method also includes, by the computing device, responsive to the determination that the navigation is insecure, modifying the navigation to the electronic resource so as to prevent navigation to the electronic resource via the application.

Abstract: In a particular embodiment, blockchain-based hybrid authentication is disclosed that includes receiving, by a smart contract controller, an invocation of a smart contract and accessing, by the smart contract controller, one or more parameters associated with a client account. In this embodiment, the smart contract determines whether the one or more parameters fulfill the smart contract. In response to determining that the one or more parameters fulfill the smart contract, the smart contract provides an attestation of an identity associated with the client account.

Abstract: Systems, methods, and computer-readable media for managing digital certificates and other security credentials. A routing and management server is communicatively connected to a certificate user device and to a plurality of certificate generators. The server performs operations that may include: optionally registering the certificate user device; receiving a request for one or more digital certificates from the certificate user device; analyzing the request to determine an appropriate certificate generator, from among the plurality of certificate generators, for producing the one or more digital certificates; optionally translating the request into a format required by the appropriate certificate generator; transmitting the request to the appropriate certificate generator; receiving the one or more digital certificates from the appropriate certificate generator; and providing the one or more digital certificates to the certificate user device.

Abstract: Media, system, and method for providing encryption key management to a channel within a group-based communication system. The contents of the channel is encrypted according to the encryption key management policy of the organization to which the author of the content belongs and is stored in a data store. Responsive to a revocation request from a first organization, the encryption keys associated with any content in the channel submitted by the authors of said first organization may be revoked from a second organization, such that users of the second organization no longer have access to the content.

Abstract: A method for securing data flows in a communication device configurable from a remote terminal, the method comprising steps of recording a first encryption key in a memory of the device, the generation, from the first key, of a public key and of a private key corresponding to the public key, the reception of a request for securing sent by the remote terminal and a sending of the public key to the remote terminal in response to the request for securing, the operations of receiving the request and of sending the public key being performed when the device and the terminal are connected to the same local network. Another object of the invention is a communication device configured to implement the method described.

Abstract: In some embodiments, systems and methods provide distributed item authentication. In some embodiments systems comprise: a housing; a set of sensor systems; a transceiver; and an authentication control circuit configured to: obtain first sensor data of an item being authenticated, obtain an initial identification of the item; access an item authentication block specific to the item; obtain a first set of authentication instructions; control one or more sensor systems in accordance with the first set of authentication instructions; compare multiple current authentication sensor data to the set of multiple historic authentication sensor data; confirm that each of a threshold number of the multiple current authentication sensor data is consistent within a threshold variation of a corresponding one of the set of multiple historic authentication sensor data; and cause the item authentication block to be updated to include the confirmation of authentication of the item.

Abstract: In implementations of NGAC graph evaluations, a computing device implements a next generation access control (NGAC) graph that includes user elements representing users, object elements representing resources, and multiple policy classes. Policy binding nodes can be modeled as user attributes in the NGAC graph for each of the multiple policy classes, and each policy binding node is assigned to a corresponding one of the multiple policy classes. A user element is assigned as a member of a policy binding node, and the policy binding node delineates at least one policy permission on an object element and grants the policy permission on the object element to the user element. The computing device implements a policy decision module to evaluate the NGAC graph with a graph evaluation procedure to determine graph analysis information relative to at least one of the user element, the granted policy permission, or the object element.

Abstract: A directive based access system and method manage access permissions in systems. In one embodiment, the directive based access system and method may be used to orchestrate effective secure access control and communications in multi-cloud distributed systems. In one implementation, the directive based access system and method may include a lineage traceability enforcement engine that uses a lineage traceability. The directive based access system and method may also be implemented using other mechanisms such as blockchain based Hyperledger based system.

Abstract: A computer implemented method includes detecting a current workstream of development tasks associated with a software development project. An activity attempting to access a resource is detected. Access rights to the resource are determined with respect to the activity as a function of the current workstream of development tasks. Access to the resource is controlled in accordance with the access rights.

Abstract: The present disclosure relates an electronic locking system. In certain embodiments, the electronic locking system includes a passive electronic lock, active electronic key and passive electronic key. The passive electronic key stores a passive digital key, and the active electronic key stores an active digital key. Each of passive and active electronic keys includes a communication channel and an electronic key power supply port. The active electronic key includes electrical power source providing electrical power supply to active electronic key, passive electronic lock and passive electronic key through passive electronic lock to operate passive electronic lock.

Abstract: The present invention discloses an intelligent cloud server for cloud storage information management and encryption. In some embodiments, the intelligent cloud server can save and store documents without the need of first saving them in a local drive for upload. Upon storage, the document can be scanned and classified in a security level according to pre-determined settings and parameters. In some embodiments, depending on the classification, the system can encrypt portions of the document in order to facilitate the sharing and access of information in a secure way. Encryption keys and access to the encrypted portions are only provided upon authentication of the user, network, and/or need, according to corresponding protocols for the information.

Abstract: A GM acquires a first certificate revocation list designating revoked public key certificates and distributed from a certificate authority server. The GM generates a second certificate revocation list produced by extracting information on a plurality of home electric appliances from the first certificate revocation list. The GM restricts communication with a device for which the public key certificate is revoked, by distributing the second certificate revocation list generated to the plurality of home electric appliances.