Abstract: Disclosed is a method of loading a signature rule and a network device thereof. According to an example of the method, the network device may first receive a signature rule library sent by a cloud server, wherein the signature rule library contains one or more signature rules, each of which is associated with corresponding device type configuration information. The network device may determine for each signature rule whether device type configuration information associated with the signature rule matches local device type configuration information of the network device. If the device type configuration information associated with the signature rule matches the local device type configuration information of the network device, the network device may load the signature rule.

Abstract: A method includes: obtaining, by a second terminal, an interface address of a first terminal, where the interface address of the first terminal is MAC1; receiving, by the second terminal, a first message sent by the first terminal, where an interface address of the first terminal in the first message is MAC3 obtained after a change, and the first message includes first identification information; and comparing, by the second terminal, the first identification information with second identification information, and if the first identification information is consistent with the second identification information, determining, by the second terminal, that the MAC3 in the first message and the MAC1 that is obtained by the second terminal are used to identify a same device, where the same device is the first terminal.

Abstract: A system and method for improved security in a networked computing environment. The method includes receiving, from a user device, a registration request comprising a user identifier for a user; receiving, from the user device, user credentials to access one or more online accounts associated with the user; accessing the one or more online accounts to retrieve user activity data for the user; analyzing the retrieved user activity data to determine one or more merchants associated with the user; storing, in a database coupled to a server device, a mapping between the user and the one or more merchants; receiving, from a monitoring service, an indication that a first merchant of the one or more merchants has experienced a data breach; and sending a notification to the user in response to determining that the first merchant has experienced a data breach.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: Disclosed in some examples are methods, systems, devices, and machine-readable mediums for authenticating a user using biometric data without distributing unencrypted biometric data or decrypting biometric data during authentication, including selecting, based on a first set of data points representing a biometric characteristic of a user, an encryption parameter of an encryption function, generating first encrypted challenge data by encrypting, by applying the encryption parameter to the encryption function, challenge data to create encrypted authentication data, receiving, from a network based authentication device, during an authentication process, second encrypted challenge data for authenticating the user, and determining whether to authenticate the user using a comparison of the first encrypted challenge data to the second encrypted challenge data.

Abstract: Identity access and management (“IAM”) systems with resiliency features and methods related to the same are provided. Two or more identity provider (“IDP”) systems each have a matching copy of user authentication data for users authorized to access the system of an organization. An identity proxy is interposed between user systems and each of the two or more IDP system. The identity proxy routes authentication requests, challenges, and responses between the user systems and the IDP systems based on availability.

Abstract: A method for labeling object of operating system is adapted to a target object of a target operating system, wherein the target object has a target attribute. The method comprises: generating a default label by a labeling tool according to the target attribute; obtaining a reference object of a reference operating system, wherein the reference object has a reference attribute and a reference label; comparing whether the target attribute and the reference attribute are identical and generating a comparison result; and labeling the target object with the default label, the reference label, or one of a plurality of candidate labels according to the comparison result and a type of the target object.

Abstract: Embodiments of methods and systems for managing traffic across a WAN are disclosed. A method for managing traffic across a WAN involves identifying incoming traffic as Direct Internet Access (DIA) traffic at a first node, identifying incoming traffic as SD-WAN traffic at the first node, policing the DIA traffic at the first node, and adapting the policing of the DIA traffic at the first node in response to a comparison between the SD-WAN traffic and an SD-WAN traffic threshold.

Abstract: A method includes identifying a binary file to be executed on a client device. The method further includes comparing, by a processing device, the binary file to an authenticated version of the binary file stored on a blockchain, in response to identifying the binary file and before executing the binary file. The method further includes, in response to determining that the binary file and the authenticated version of the binary file match, executing the binary file. The method further includes, in response to determining that the binary file and the authenticated version of the binary file do not match, triggering a predefined remedial action.

Abstract: An information processing device according to one embodiment of the present disclosure comprises a processor. The processor is configured to generate a distributed component aimed at a three dimensional printing task. The distributed component is used for controlling, independent of the information processing device, execution of the three dimensional printing task after establishing a connection with a user equipment, and comprises decryption information of three dimensional model data used for the three dimensional printing task. The processor is further configured to control the arrangement of the distributed component to the user equipment.

Abstract: Methods, systems, and devices for facilitating the automated configuration of one or more new 802.11 access points (APs) are disclosed herein. A cloud server may receive a message associated with a customer account for one or more new APs. The cloud server may associate a first AP of the one or more new APs based on the message. The cloud server may then retrieve a public key associated with the first AP which has a reciprocal private key. The cloud server may send the public key to a gateway (GW) associated with the customer account. The GW may encrypt the GW credentials, such as a password and SSID, into a ciphertext using the public key and then broadcast this information. When the first AP has been powered on it may decrypt the ciphertext using the private key and use the credentials to act as a node in the GW's network.

Abstract: Methods, systems, and computer readable media for implementing bandwidth limitations on specific application traffic at a proxy element are disclosed. One exemplary method includes receiving, at a proxy element, a packet flow from at least one source client, identifying encrypted packets associated with a specific application traffic type from among the packet flow, and directing the identified encrypted packets to a bandwidth limiter in the proxy element. The method further includes applying a bandwidth limitation operation to the identified encrypted packets and decrypting the identified encrypted packets if an accumulated amount of payload bytes of the identified encrypted packets complies with the parameters of the bandwidth limitation operation.

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

Abstract: An integrated circuit features technology for generating a keystream. The integrated circuit comprises a cipher block with a linear feedback shift register (LFSR) and a finite state machine (FSM). The LFSR and the FSM are configured to generate a stream of keys, based on an initialization value and an initialization key. The FSM comprises an Sbox that is configured to use a multiplicative mask to mask data that is processed by the Sbox when the LFSR and the FSM are generating the stream of keys. Other embodiments are described and claimed.

Abstract: Computer-implemented methods for locking a blockchain transaction based on undetermined data are described. The invention is implemented using a blockchain network. This may, for example, be the Bitcoin blockchain. A locking node may include a locking script in a blockchain transaction Node to lock a digital asset. The locking script includes a public key for a determined data source and instructions to cause a validating node executing the locking script to verify the source of data provided in an unlocking script by: a) generating a modified public key based on the public key for the determined data source and based on data defined in the unlocking script; and b) evaluating a cryptographic signature in the unlocking script based on the modified public key. The blockchain transaction containing the locking script is sent by the locking node to the blockchain network. The lock may be removed using a cryptographic signature generated from a private key modified based on the data.

Abstract: A blockchain network control system and method is disclosed. The system includes a processor coupled to a storage comprising a plurality of network entity definitions each defining a different network entity that make up a target network architecture for a permissioned blockchain network. The system also includes a control object communicatively coupled to an ordering service and a plurality of organizations. The plurality of organizations was established by the blockchain network control system by instantiating the organizational membership service provider, registering and enrolling each peer node within each organization, storing the cryptographic identity generated for the peer node, and then instantiating the plurality of peer nodes.

Abstract: A block cipher encryption device for encrypting a data unit plaintext into blocks of ciphertexts, the data unit plaintext being assigned a tweak value and being divided into one or more plaintext blocks. The block cipher encryption device comprises: a combinatorial function unit associated with each plaintext block, the combinatorial function unit being configured to determine a tweak block value by applying a combinatorial function between a value derived from the tweak value and a function of a block index assigned to the plaintext block, a first masking unit in association with each plaintext block, the first masking unit being configured to determine a masked value by applying a data masking algorithm to the tweak block value determined by the combinatorial function unit associated with the plaintext block.

Abstract: Multi-factor authentication systems and methods are provided that include receiving a request to authenticate a user of a mobile device. The request for authentication may include credential information associated with the user and vehicle data. A determination may be made regarding whether the vehicle data was obtained from a vehicle via the mobile device. The received vehicle data and received credential information may be compared to stored data. When there is a match between the received vehicle data and received credential information and corresponding stored data, a notification may be provided to the user device, indicating that the user has been authenticated.

Abstract: Technologies are disclosed herein for secure data access. A client device accesses a slice of data using a ticket retrieved from a permissioned blockchain. To obtain the ticket, the client device submits ticket requests to multiple nodes of the permissioned blockchain. Each request identifies the slice of data, e.g. a particular row in a particular database table. Each request also includes parameters describing the circumstances of the request, such as the requesting user account, the geographic location of the computing device, etc. The permissioned blockchain stores each authorized combination of request parameters and data slices in a different access level block. If an access level block can be found that is associated with the requested slice of data and with all of the supplied parameters, and if that access level block grants permission, then the requested ticket is returned to the client device.

Abstract: A configurable hardware device comprises a configuration memory of a known total size, and a configurable fabric arranged for being configured according to information from the configuration memory and segmented in a static partition and at least one dynamic partition. A static partition is arranged for receiving a bit stream and a cryptographic nonce and comprises a read/write mechanism for interacting with the configuration memory. The received bit stream is stored in the configuration memory and used to configure an intended application in the dynamic partition. The static partition is arranged for computing, based on the cryptographic nonce, a checksum of the entire configuration memory and for outputting the checksum.