Abstract: Enabling End-to-End Efficient Encryption (E2EEE) with security chaining in an Information Handling System (IHS) network includes: a data source IHS writing metadata containing a key slot, in a trailer of a data block and sending an out-of-band signal to use the key slot; an IHS security chaining logic regenerates the signal to each next IHS E2EEE data connection segment interface; and an encryption configuration state machine of each interface setting a use slot and an active slot to the key slot, in response to the signal. Disabling E2EEE with security chaining includes: the data source IHS sending an out-of-band signal to not use a key slot; the IHS security chaining logic regenerating the signal to each next interface; and the state machine of each interface changing the state machine state to not use a key slot and to not set an active key slot, in response to the signal.

Abstract: A lighting device includes: a communication unit that communicates with a vehicle which drives autonomously; a diagnostic unit that performs, via the communication unit, diagnosis as to whether the vehicle is being hacked; and a light emitter that emits illumination light onto at least one of the vehicle, a road on which the vehicle travels, or a parking space in which the vehicle parks.

Abstract: An apparatus is disclosed for storing a private key on an IoT device for encrypted communication with an external user device and includes a proximity-based communication interface, encryption circuitry and IoT functional circuitry.

Abstract: There may be provided a flow consolidation method, system and non-transitory computer readable medium. The method may include (a) obtaining connection information about a set of connections, wherein each connection comprises a source address, a destination address and a service identifier; and (b) compressing the connection information to provide flow information about a group of flows; wherein each flow comprises a source Classless Inter-Domain Routing (CIDR) block, a destination CIDR block and a service; wherein the compressing comprises determining one or more prefix sizes of CIDR blocks of the group of flows based on a density of the CIDR blocks and one or more additional numeral constraints.

Abstract: A secure communication system is disclosed for communication between first and second party devices. An input interface is provided for receiving from an external host a unique host factor in addition to a user input interface for receiving from a user a unique PIN for a user and a selection input for selecting one of the plurality of stored entropy stores as a user selected entropy store A first private key generator is operable for generating a private key using a key generation algorithm requiring the selected entropy store, the host factor and the unique user PIN. The second party device includes a second storage device for storing a plurality of entropy stores. An input interface is provided for receiving the same unique host factor as received by the first party device. A communication interface facilitates communication with the first party device to receive from the first party device a user PIN and an indication of the user selected entropy store.

Abstract: Disclosed herein are an apparatus and method for issuing delegated credentials between digital wallets possessed by multiple users connected to a Decentralized Identifier (DID) registry through wired/wireless communication. The method includes receiving, by a digital wallet of a first user, a delegated credential issuance request message including a newly created DID document from a digital wallet of a second user, generating, by the digital wallet of the first user, a delegated credential using both the delegated credential issuance request message, received from the digital wallet of the second user, and an original credential, previously issued by the digital wallet of the first user, and transmitting, by the digital wallet of the first user, the generated delegated credential and the original credential, together with a delegated credential registration request message, to the digital wallet of the second user.

Abstract: Systems and methods may generally be used to automatically curate a blocklist of internet protocol (IP) addresses. An example method may include using risk factor scores for a particular IP address that was blocked by a traffic control component to determine whether to add the particular IP address to a blocklist. The example method may include, in response to a determination to add the particular IP address to the blocklist, generating an IP address entry in the blocklist for the particular IP address, the IP address entry optionally including a corresponding time-based expiration. The example method may include outputting the blocklist or the IP address entry, such as in response to a request from a firewall.

Abstract: Various embodiments provide apparatuses, systems, and methods for establishing, by a data object exchange (DOE entity) of a peripheral component interconnect express (PCIe) device, a first session for communication between a first host entity of a host device and a first PCIe entity of the PCIe device, and a second session for communication between a second host entity of the host device and a second PCIe entity of the PCIe device. The first session may have a first security policy and be a session of a first connection between the PCIe device and the host device. The second session may have a second security policy and be a session of a second connection between the PCIe device and the host device. Other embodiments may be described and claimed.

Abstract: A system and method of authenticating a development environment include receiving, by one or more processors associated with a source code repository, a development profile from a development environment. Sending the development profile to a trusted profile verifier to be registered as a trusted development profile. Receiving a pending source file commit request, where the pending source file commit request includes source code files and a current development profile. Facilitating verification of whether the current development profile matches the trusted development profile. When it is verified that the current development profile matches the trusted development profile, accepting the source code files.

Abstract: Key derivation for account management is disclosed, including: generating an account private key associated with a new account; generating a compute key associated with the new account based at least in part on the account private key, wherein the compute key is usable to verify a new transaction to be confirmed on a blockchain, and wherein the new transaction is initiated by the new account; and generating a view key associated with the new account based at least in part on the account private key, wherein the view key is usable to decrypt a portion of a confirmed transaction on the blockchain that belongs to the new account.

Abstract: A method and a system for controlling tracking of web-browsing activities of a user in a browser application are provided. The method comprises: receiving, from a given web server, data representative of a web page to be displayed in the browser application; identifying, based on the data, elements of the web page linked to at least one in-use third-party web resource; obtaining in-use data including at least data of past user interactions of the user with the at least one in-use third-party web resource; feeding the in-use data to an MLA to determine a probability value of the user allowing sharing a respective third-party cookie of the at least one in-use third-party web resource therewith while browsing the web page; in response to the probability value being lower than a threshold value, determining that the user is unlikely to allow sharing the respective third-party cookie while browsing the web page.

Abstract: An enterprise owned multi-function device (MFD) is disclosed. For example, the MFD includes, a communication interface to establish a communication session with an authentication server, a re-activation timer, a processor and a non-transitory computer readable medium storing instructions, which when executed by the processor, cause the processor to authenticate the enterprise owned MFD over the communication session when the enterprise owned MFD is activated at a remote location of an employee, create a local account of the employee for local authentication, and authorize access to the employee via the local account of the employee until the re-activation timer expires.

Abstract: A vehicle diagnostic device includes: a communication unit that communicates with a vehicle which drives autonomously; and a diagnostic unit that performs, via the communication unit, diagnosis as to whether the vehicle is being hacked. The diagnostic unit performs the diagnosis by checking resilience of software which runs a travel system provided in the vehicle.

Abstract: A method, computer system, and a computer program product for smart SDN is provided. The present invention may include recording and clustering a pod's behavior to generate a behavior transition model for the pod. The present invention may include watching a behavior of the pod and comparing the behavior to the generated behavior transition model. The present invention may include triggering a network policy change based on determining that the behavior of the pod is a misbehavior.

Abstract: A system for analyzing a computing system for potential breach points, the system comprising a memory device having executable instructions stored therein, and a processing device, in response to the executable instructions, configured to parse a breach scenario file, the breach scenario file comprising a graph including action component nodes connected by edges, determine a root node from the action component nodes, execute the root node with breach point data, generate a root node return value based on the execution of the root node, the root node return value including a modified copy of the breach point data, determine children nodes from the action component nodes connected to the root node, execute the children nodes wherein each execution of the children nodes produces children node return values for a subsequent one of the children nodes, and return a final return value from the execution of the children nodes.

Abstract: A client computing device includes an entropy driver and a volume driver for protecting the client computing device against potential ransomware. The entropy driver is configured to determine one or more entropy values for a file in response to a determination that the file has been modified or changed. The determined entropy value may then be compared with a known entropy value for a filetype of the changed or modified file. Where the known entropy value and the determined entropy value differ, the volume driver may engage one or more protection operations to secure the client computing device from further corruption and/or modifications by potential ransomware and/or malware. The protection operations may include revoking and/or restricting one or more permissions on one or more storage volumes of the client computing device and backing up one or more files of the client computing device to secondary storage.

Abstract: A system that provides responses to requests obtains a key that is used to digitally sign the request. The key is derived from information that is shared with a requestor to which the response is sent. The requestor derives, using the shared information, derives a key usable to verify the digital signature of the response, thereby enabling the requestor to operate in accordance with whether the digital signature of the response matches the response.

Abstract: An improved authentication, identification, and/or verification system is provided in various embodiments. The system is provided for use in relation to provisioning access or establishing identity in relation to one or more human users, and may be used in a single site/scenario/system, or across multiple sites/scenarios/systems. A combination of biometric modalities and authentication mechanisms having diverse characteristics are utilized to establish identity, the diverse characteristics being utilized to modify aspects of identity management and access provisioning.

Abstract: According to at least one aspect, a hardware system include a host processor, a policy engine, and an interlock is provided. These components can interoperate to enforce security policies. The host processor can execute an instruction and provide instruction information to the policy engine and the result of the executed instruction to the interlock. The policy engine can determine whether the executed instruction is allowable according to one or more security policies using the instruction information. The interlock can buffer the result of the executed instruction until an indication is received from the policy engine that the instruction was allowable. The interlock can then release the result of the executed instruction. The policy engine can be configured to transform instructions received from the host processor or add inserted instructions to the policy evaluation pipeline to increase the flexibility of the policy engine and enable enforcement of the security policies.

Abstract: Disclosed are a service server capable of performing Internet access management services according to grades and the operating method thereof, which when a request for permission to access a web page is received from a client terminal, confirm an access authority degree set in the client terminal based on unique identification information of the client terminal, determine whether the client terminal is a terminal having an authority capable of accessing the web page based on access authority degree, and control whether the client terminal accesses the web page based on a determination result.