Abstract: In one embodiment, a Segment Routing network node provides processing and network efficiencies in protecting Internet Protocol version 6 (IPv6) Segment Routing (SRv6) packets and functions using Security Segment Identifiers, which are included in Segment Lists of a Segment Routing Header of a SRv6 packet. The Security Segment Identifier provides, inter alia, origin authentication, integrity of information in one or more headers of the packet, and/or anti-replay protection. In one embodiment, a Security Segment Identifier includes a value determined based on a secured portion of the packet. A typically secured portion includes the Source and Destination Addresses, one or more Segment Identifiers in a Segment List and the Segments Left value. In one embodiment, the Destination Address and/or a Segment Identifier in the Segment List includes and an anti-replay value (e.g., sequence number or portion thereof) which is also in the secured portion of the packet.

Abstract: A machine has a network interface circuit to provide connectivity to networked machines. A processor is connected to the network interface circuit. A memory is connected to the processor and the network interface circuit. The memory stores cryptographically protected data, a data access policy and a steward group specifying individuals to administer the data access policy. The memory stores instructions executed by the processor to receive a request to access the cryptographically protected data. Authentication tokens from individuals in the steward group are collected. It is determined that the authentication tokens satisfy the data access policy to establish a data access state. A decrypted version of the cryptographically protected data is supplied to one or more of the networked machines to establish a transaction. The transaction is recorded with a distributed ledger associated with at least a subset of the networked machines.

Abstract: A virus scanning router may manages a local network, including routing network traffic between devices on the network and routing network traffic being sent to and from such devices via an external communication system. The virus scanning router remotely scans for viruses the files stored on one or more such devices on the network. The virus scanning router may be a device trusted by the other devices on local network to facilitate the virus scanning router reading and scanning one or more files stored on such devices for viruses. The virus scanning router also takes corrective actions such as isolating the infected device or isolating an affected network zone to which the remote device belongs.

Abstract: Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network slice information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network slice information.

Abstract: Methods, systems, and devices are described for orchestrating server management in a modern IT network. The described techniques may be implemented to manage any number of networked severs, whether local, remote, or both. Server orchestration may leverage a central, cloud-based management system and/or one or more autonomous agents installed on servers with the network. The autonomous agents may each be registered with the supervisory server and may have awareness of one another.

Abstract: Methods, systems, and computer program products for vehicle wireless internet security are provided. A connection request is received from a mobile device. A data request is transmitted to the mobile device. The data request includes a request for location-based data of the mobile device. A first data is received from the mobile device that corresponds to the data request. A vehicle data is generated that comprises location-based data of the vehicle. A match between the first data and the vehicle data is determined. A match is determined where the location based data of the mobile device is with a pre-determined threshold of the location-based data of the vehicle.

Abstract: A key generating method includes obtaining a first error correcting code (ECC) for original data, obtaining read data from a cell array of a memory comprising the original data, generating a second ECC for the read data, obtaining a location of a cell in which an error occurs from the cell array of the memory in response to the second ECC being different from the first ECC, and generating a key for the memory based on the location of the cell in which the error occurs.

Abstract: Methods, computer-readable media, software, and apparatuses may assist in proactively warning a consumer they are a victim or possible target of a cyber-attack or cyber-threat. To discover whether a consumer may be a victim, the methods, computer-readable media, software, and apparatuses will monitor the Surface Web, Deep Web, and Dark Web for potential cyber-threats and cyber-attacks. If one is discovered, the methods, computer-readable media, software, and apparatuses will compare the criteria of victims of targeted in the cyber-attack and compare that criteria with consumer profiles. If a consumer profile matches the criteria, the methods, computer-readable media, software, and apparatuses will notify the consumer of the threat.

Abstract: Validating additively manufactured components is carried out by transmitting to a distributed validation network printing specification data for a component that is to be additively manufactured, validating the printing specification data, and adding the printing specification data, together with a cryptographically encoded checksum, to a print history log, transmitting the printing specification to a 3D printing device, and implementing a generative manufacturing process for the component that is to be additively manufactured in accordance with the transmitted printing specification data. While the generative manufacturing process is being carried out, in each case following specified manufacturing stages, a plurality of manufacturing parameters prevailing in the preceding manufacturing stage are transmitted to the distributed validation network.

Abstract: Techniques for performing data analytics using anomaly detection systems and methods are disclosed. The anomaly detection system provides an incident response and monitoring solution, built for distributed processing, that streamlines cyber defense by unifying datasets, via a data translator, from sensors and tools into a uniform schema to provide real-time anomaly detection, via an anomaly detection system that may prevent malware from establishing a foothold on the network. The anomaly detection system may allow for the scalability to provide large-scale data aggregation and anomaly detection without compromising performance. The anomaly detection system may use a distributed architecture to support advanced cyber threat detection across large datasets in real-time for monitoring and rapid incident response. The anomaly detection system may leverage open protocols and interfaces to promote third-party support for development and interoperability.

Abstract: When upgrading a software installed in an analysis device PC (1) that is not connected to the Internet (4), a user performs a predetermined operation with the analysis device PC (1) to acquire a license authentication cancellation key. When the user accesses a server (5) from a user terminal (2) with a predetermined account and enters the license authentication cancellation key, a license authentication cancellation unit (52) cancels authentication of a license for a previous version. Furthermore, when the user enters a product serial number of an upgrade version software 3 and the like, an upgrade verification unit (53) confirms that the user owns the license for the previous version and that the authentication has been canceled, and an activation key issue unit (54) issues an activation key for an upgrade license. Using this, a device user activates the upgraded software installed in the analysis device PC (1).

Abstract: This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices.

Abstract: Provided is a computing device of a group based communication system configured to securely validate a client device associated with a group-based communication interface user. An example computing device is configured to identify a validating request transmitted from the client device. If a validating request is identified, the example computing device will transmit a temporary device code to the client device associated with the group-based communication interface user and an e-mail code to an e-mail address associated with a user profile associated with the group-based communication interface user. The example computing device also stores the codes transmitted. The example computing device then receives a confirmation exchange from the client device and determines whether the confirmation exchange satisfies client device validation parameters.

Abstract: Systems and methods for authenticating a user on an augmented, mixed and/or virtual reality platform are provided. Once the user is authenticated, advertisements, experiences, appless apps, and/or tools may be deployed to a user, such as transforming an object on gaze into an advertisement, experience, scripted or un-scripted 3D object, animated or still 2D image, appless app, and/or tool. Using augmented, mixed and/or virtual reality technology, when a user looks/gazes at a virtual object, the bubble may then pop, transitioning into a video screen. The video screen is not being augmented on the virtual object itself.

Abstract: A firmware managing method of a computing system includes receiving a first firmware image, a second firmware image, first model information of a first electronic device corresponding to the first firmware image, and second model information of a second electronic device corresponding to the second firmware image, selecting a first codesigner version using the first model information and a second codesigner version using the second model information, sending the first firmware image and the second firmware image to a hardware security module, receiving a first signature generated using the first firmware image and a second signature generated using the second firmware image, and generating a signed first firmware image, in which the first signature and the first firmware image are combined, using the first codesigner version and generating a signed second firmware image, in which the second signature and the second firmware image are combined, using the second codesigner version.

Abstract: An example network security and threat assessment system is configured to determine, based on one or more events that have occurred during execution of one or more applications, a potential security vulnerability of a target computing system, where the one or more events correspond to a node represented in the hierarchical risk model. The system is further configured to identify, based on a mapping of the node represented in the hierarchical risk model to a node represented in a hierarchical game tree model, one or more actions that are associated with the potential security vulnerability and that correspond to the node represented in the hierarchical game tree model, and to output, for display in a graphical user interface, a graphical representation of the potential security vulnerability and the one or more actions associated with the potential security vulnerability.

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

Abstract: Certain aspects of the disclosure are directed to methods and apparatuses of intrusion detection for integrated circuits. An example apparatus can include a wired communications bus configured and arranged to carry data and a plurality of integrated circuits. The plurality of integrated circuits can include a first integrated circuit configured and arranged to operate in a scan mode during which the first integrated circuit performs a scan test to detect one or more faults in circuitry of the plurality of integrated circuits. The plurality of integrated circuits can further include a second integrated circuit configured and arranged to operate in a mission mode and supervise data traffic by monitoring communications including data patterns and accesses on the wired communications bus. In response to identifying a suspected illegitimate access, the second integrated circuit can perform a security action to mitigate a suspect illegitimate action in the plurality of integrated circuits.

Abstract: An opportunity to assist with remediation of a file at a remote particular host device is identified. One or more remediation techniques are identified that can be applied to assist with remediation of the file at the particular host device. In one aspect, one or more remediation scripts are identified from a plurality of remediation scripts for remediation of the file and provided to the particular host device for execution on the particular host device. In another aspect, a remediation tool is identified and launched on a computing device remote from the particular host device with operations of the remediation tool applied to resources of the particular host device. In another aspect, at least a portion of the remediation techniques are remotely initiated to be performed locally at the particular host device.

Abstract: Implementations of the present disclosure are directed to providing remote access to electronic documents stored in a server system using a virtual secure room, and include actions of authenticating a user at least partially based on credentials the user, at least partially in response to authenticating the user, providing a secure connection between a computing device of the user and the server system, transmitting at least one electronic document for display to the user on the computing device, monitoring the user, while the at least one electronic document is displayed to the user on the computing device, and selectively closing the secure connection in response to one or more of at least one activity and at least one state of the user.