Abstract: A method for blending uncompiled source files and compiled binaries in a single Runtime container. The method may include receiving data at a configuration database. The method may include invoking a scheduler. The method may include determining whether it is time to rerun the software code referenced by the Runtime container. The method may include performing a hash function on source files comprising content and logic. The method may include retrieving source files that include updated hash signatures. The method may include storing an in-memory equivalent of the source files. The method may include invoking a class loader for each source file that has been parsed successfully. The method may include storing, for each successfully loaded source file, a name and reference location. The method may include loading classes based on received names. The method may include compiling the binaries and implementing the logic referenced by the received names.

Abstract: Methods, non-transitory computer readable media, and network traffic management apparatuses that obtain one or more custom selection rules and one or more custom priority rules via a graphical user interface (GUI). One or more of the custom selection rules are applied to a cipher suite database to generate a result set of cipher suites. The cipher suite database includes a plurality of cipher suite sets. One or more of the custom priority rules are applied to the result set of cipher suites to generate an ordered result set of cipher suites. A cipher string is generated based on the ordered result set of cipher suites. The cipher string is stored in a secure socket layer (SSL) profile to be used during negotiation of secure network sessions.

Abstract: Embodiments of the present disclosure provide a system, computer program product, and method for monitoring a non-production computing environment to determine the introduction of unexpected data into the non-production computing environment and, in the event that unexpected data is determined to be present, trigger requisite actions to address the concerns, such as notifying, via alert or the like, requisite entities of the unexpected data determining of the cause of the unexpected data in the non-production computing environment, determining whether the unexpected data is valid/acceptable for the non-production, and, if the unexpected data is invalid/unacceptable for the non-production computing environment, determining if un-sanitized data exists in the unexpected data and, if so, sanitize the data.

Abstract: Method and system for executing a one-time program comprising at least one instruction operating on at least one input value (a, b) and returning at least one output value (O), wherein each instruction of the one-time program is encoded onto a state of an elementary quantum system, comprising: encoding the at least one input value (a, b) onto a quantum gate according to a pre-defined input-encoding scheme; applying the quantum gate to the at least one elementary quantum system; making a measurement of a resulting state of the at least one elementary quantum system after the quantum gate; and determining the at least one output value from a result of the measurement.

Abstract: Secure vehicular communication is described herein. An example apparatus can include a processor and a vehicular communication component. The vehicular communication component can be configured to generate a vehicular private key and a vehicular public key, provide the vehicular public key to a plurality of external communication components wherein each respective one of the plurality of external communication components is positioned on a different transportation assistance entity, provide data to at least one of the plurality of external communication components, receive, in response to providing the data, additional data from the at least one of the plurality of external communication components, wherein the additional data is encrypted using the vehicular public key, and decrypt the additional data using the vehicular private key.

Abstract: A host processor receives an address translation request from an accelerator, which may be trusted or un-trusted. The address translation request includes a virtual address in a virtual address space that is shared by the host processor and the accelerator. The host processor encrypts a physical address in a host memory indicated by the virtual address in response to the accelerator being permitted to access the physical address. The host processor then provides the encrypted physical address to the accelerator. The accelerator provides memory access requests including the encrypted physical address to the host processor, which decrypts the physical address and selectively accesses a location in the host memory indicated by the decrypted physical address depending upon whether the accelerator is permitted to access the location indicated by the decrypted physical address.

Abstract: A system and method are described in which a document transaction management platform coordinates performance of trust actions across a plurality of trust service providers. For example, a method can include operations executing on a connector module in communication with a digital transaction management platform and a trust service provider, such as the following. Receiving, from the digital transaction management platform, a transaction request including a token and a requested trust action. Accessing user information for a recipient involved in the requested trust action using the token. Obtaining, from the digital transaction management platform, transaction data associated with the requested trust action. Coordinating, with the trust service provider, performance of the trust action on at least a portion of the transaction data. Transmitting, to the digital transaction management platform, a proof received from the trust service provider confirming performance of the trust action.

Abstract: Methods and apparatus are provided for delivering segment-based electronic content. One method for providing segment-based electronic content comprises: obtaining a request for the segment-based electronic content, wherein the request comprises an encrypted cookie previously provided to a device of a user associated with the request by an origin server using a handshake protocol, wherein the encrypted cookie comprises a fingerprint and a segment key identifying one of a plurality of predefined user segments of the user; processing the encrypted cookie to evaluate whether the user is authorized to access the segment-based electronic content based on the fingerprint; and providing the segment-based electronic content to the user of the one predefined user segment if the user is authorized.

Abstract: Systems and methods for governing access to or use of assets in an analytics platform. Access to assets is controlled with policies that reference attributes. A context of an access request is defined by collecting attributes associated with an access request. The context is then evaluated in light of attributes referenced by the policy applicable to the asset or with a class of the asset. The access request is granted, denied, or partially granted based on whether the attributes defined by the context of the access request comport with the policy.

Abstract: In some examples, an access point (AP) receives, from a wireless device during a pre-associated state between the AP and the wireless device, a request, a first value, and an encrypted version of the first value. The AP sends, to the wireless device during the pre-associated state, an encrypted version of a second value relating to an encryption key that is based on the first value, and a response to the request, the response encrypted using the encryption key.

Abstract: A secure memory device for secure data storage and related method are provided. The device may include an accessible data storage area configured to store data, a start location register that points to a start of the accessible data storage area, and a size-related register that allows a size of the accessible data storage area to be determined. A secret area comprises a device secret that is a value unique to the device, and that is not accessible from external to the device, and is accessible under at least one predefined conditions internal to the device, an access control element configured to prevent external access to the secret data. A generator generates a derived secret based on the storage data and the secret data that is usable to authenticate the storage data. The device may also include a memory bus over which the derived secret is communicated.

Abstract: A system, method, and computer program product are provided for implementing zero round trip secure communications based on a noisy secret. In operation, a sender system utilizes a randomly generated message key for encrypting a message to send to a receiver system. The sender system selects a plurality of different sub-keys from a negotiated noisy secret to encrypt the randomly generated message key. The sender system encrypts the message utilizing the randomly generated message key. The sender system sends the encrypted message, all encrypted message keys, and a message MAC that is calculated and added for every sub-key, to the receiver system such that the receiver system is able to perform a MAC-based verification to test sub-key validity of the plurality of different sub-keys.

Abstract: A method for reading an identity document, a readout terminal and a readout system, which simplifies the multiple reading of identity documents. According to the method, an authentication key and an information item are stored in hidden fashion in the chip of the identity document.

Abstract: Systems and methods for encrypting a dataset are provided. The methods may include deriving an ephemeral key, and encrypting the dataset using the ephemeral key to produce a ciphertext. The ephemeral key, without being saved after the encrypting, may be re-derivable on demand and operable to decrypt the ciphertext.

Abstract: A method of detecting cyber attacks on a cyber physical system is disclosed, and the system includes at least one computing device coupled to at least one sensor and/or actuator for controlling a physical process. The method comprises: deriving at least one invariant for the computing device, based on a system design of the system or computer code configured to control the system in relation to the physical process or data collected from the system during testing or operation of the system, the invariant defining a set of conditions that enable determination from the sensor and/or actuator regarding process anomalies of the physical process being controlled; configuring the invariant as corresponding computer code; and executing the invariant as the computer code on the computing device to monitor the physical process via the sensor and/or actuator and detect the process anomalies for detecting the cyber attacks.

Abstract: Embodiments of the present disclosure provide an access point name (APN) authorization method, apparatus, and system. The APN authorization method includes: determining, by a network device, a target APN of user equipment UE and a type of an access network that the UE currently accesses; obtaining, by the network device, information about an authorized access network type corresponding to the target APN of the UE; and determining, by the network device according to the type of the access network that the UE currently accesses and the information about the authorized access network type corresponding to the target APN of the UE, whether the target APN of the UE is authorized. In the present disclosure, when APN authorization determining is performed, an operator can appropriately control the APN which the UE is allowed to access.

Abstract: A device for adapting the use of an apparatus is provided. The device has a processing unit for checking if a license for the apparatus exists and for producing a certificate request and a transmitting/receiving unit for transmitting the certificate request to a certification server and for receiving a certificate from the certification server in response to the certificate request. The processing unit is designed to check if information contained in the certificate match the license information and to adapt the use of the apparatus on the basis of the certificate. The invention further relates to a system having such a device and to a corresponding method for adapting the use of an apparatus. By the device, acceptance of a certificate by an apparatus can be restricted such that the newly obtained certificates can be subjected to certain conditions. The conditions can, for example, define the use of the apparatus.

Abstract: Systems and methods for synchronizing an EMACVLAN FDB among cluster units of an HA cluster are provided. According to one embodiment, real-time synchronization of a first FDB maintained within a kernel space of a first network security operating system running on a primary unit and a second FDB maintained within a kernel space of a second network security operating system running on a secondary unit is performed by: transferring information regarding an entry from the kernel space of the first network security operating system to a first synchronization unit running within a user space of the first network security operating system, and causing the second forwarding database to be updated by the first synchronization unit in response to receipt of the information regarding the entry, by transmitting the information regarding the entry to a second synchronization unit running within the user space of the second network security operating system.

Abstract: A system for hardware offloading programs a network interface card with a mapping between (i) a connection identification (CID) for one or more Quick User Datagram Protocol Internet Connections (QUIC) data packets and (ii) a symmetric key and a crypto algorithm. When one or more data packets are received over a network, the one or more data packets are parsed to identify the one or more data packets as QUIC data packets and then obtain the CID for the QUIC data packets. The CID is sent to the network interface card that identifies the symmetric key and the crypto algorithm based on the CID to perform a crypto decrypt operation on the QUIC data packets, and reassembles the QUIC data packets, and an encrypt and large send offload (LSO) on transmit. A software control complexity and processing burden is thereby reduced.

Abstract: A method and system for detecting vulnerable root certificates in container images are provided. The method includes receiving an event to scan at least one container image hosted in a host device, wherein the least one container image includes resources utilized to execute, by the host device, at least a respective software application container; extracting contents of layers of the at least one container image; scanning the extracted contents to generate a first list designating all root certificates included in the at least one container image; generating a second list designating all root certificates trusted by the host device; comparing the first list to the second list to detect at least one root certificate designated in the first list but not in the second; and determining the at least one detected root certificate as vulnerable.