Abstract: In an embodiment a method for managing access rights of software tasks executed by a processing unit (CPU) using a cache memory containing execution data of the tasks in memory locations, each execution data having an attribute representative of a level of access right of the respective task, includes changing the attributes of the locations of the cache memory when the access rights of at least one task changes and retaining the execution data contained in the locations of the cache memory.

Abstract: A memory system having a set of media, a set of resources, and a controller configured via firmware to use the set of resources in processing requests from a host system to store data in the media or retrieve data from the media. The memory system has a workload manager that analyzes activity records in an execution log for a time period where each of the activity records can indicate whether a processor of the controller is in an idle state during a time slot in the time period. The workload manager identifies idle time slots within the time period during which time slots one or more lightly-loaded processors in the plurality of processors are in the idle state, and adjusts a configuration of the controller to direct tasks from one or more heavily-loaded processors to the one or more lightly-loaded processors.

Abstract: A method and device for identity verification is provided. The method includes receiving a screen projection operation performed by a user to project a screen of a first electronic device onto a second electronic device, collecting, first identity verification information of the user in response to the screen projection operation, obtaining a first comparison result between the first identity verification information and second identity verification information pre-stored in the first electronic device, and displaying based on the first comparison result being consistent, a screen projection interface of the first electronic device, receiving an unlock operation performed by the user, collecting third identity verification information of the user, obtaining a second comparison result between the third identity verification information and the second identity verification information, and displaying or not displaying content based on the result of the identity verification.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.

Abstract: A method and apparatus for authenticating a physical asset is provided. The method includes obtaining information from a tag associated with the physical asset, wherein the information includes a uniform resource locater (URL) and encrypted information, wherein the encrypted information corresponds to a cryptographic token on a distributed ledger and information about the physical asset. The method further includes transmitting a first message towards an authentication server based on the URL, wherein the first message comprises the encrypted information. The method further includes receiving a second message from the authentication server, the second message comprising an indication of authenticity of the physical asset.

Abstract: A remote attestation method implemented by a network device where the network device obtains an integrity measurement value of a measurement object in the network device, and sends the integrity measurement value of the measurement object to at least one of a plurality of remote attestation (RA) servers to enable the at least one RA server to perform remote attestation on integrity of the measurement object in the network device.

Abstract: One embodiment includes retrieving firewall flow log data that indicates whether a flow was allowed or denied, an identifier of a rule that allowed or denied the flow, a source port, a protocol, a destination port, a source IP or FQDN, and a destination IP or FQDN. The method continues with processing the firewall flow log data, such as by identifying and counting occurrences of unique flows and counting flows allowed or denied by each rule. The method further includes generating a recommendation of at least one of limiting an existing rule, deleting an existing rule, and modifying rule application precedence. The recommendation may be generated based on at least one of the occurrences of unique flows and counted flows allowed or denied by each rule of a rule base. This method also includes providing the recommendation within a user interface as a selectable option for implementation.

Abstract: The disclosure relates to decentralized management of edge nodes operating outside an enterprise network using blockchain technology. A management node may operate within a firewall of the enterprise to manage the edge nodes operating outside the firewall using blockchain technology. The management node may coordinate management by writing change requests to a decentralized ledger. The edge nodes may read the change requests from its local copy of the distributed ledger and implement the change requests. Upon implementation, an edge node may broadcast its status to the blockchain network. The management node may mine the transactions from the edge nodes into the distributed ledger, thereby creating a secure and scalable way to coordinate management and record the current and historical system state. The system also provides the edge nodes with a cryptographically secured, machine-to-machine maintained, single version of truth, enabling them to take globally valid decision based on local data.

Abstract: An example operation may include one or more of receiving a uniform resource indicator (URI) of a blockchain peer node that has access to a blockchain distributed among a plurality of blockchain peer nodes, identifying blockchain channel identification information which identifies a unique channel name associated with the blockchain, generating a blockchain-based URI that includes an identification of the URI of the blockchain peer node and the channel name associated with the blockchain, and storing the generated blockchain-based URI on a distributed ledger.

Abstract: In some examples, a data aggregator and anonymizer is provided for selective encryption of test data.

Abstract: The disclosure describes methods and arrangements for caching encrypted content. Embodiments of the described inventions make use of a middle box to serve encrypted content rather than requiring a server to answer each request for content with a separate and distinct response, thereby allowing a network to operate effectively and efficiently even when serving encrypted content that looks different each time it is requested.

Abstract: According to an aspect of the present invention, a procedure and a communicator for initial registration of UE or periodic or mobility-based registration for achieving Network Slice Specific Authentication and Authorization in 5GS. Furthermore, a communicator for achieving a function related to Network Slice Specific Authentication and Authorization in 5GS is provided by providing a procedure and a communicator for changing a UE configuration initiated by a network, the procedure being initiated based on the Network Slice Specific Authentication and Authorization initiated by the network and completion of the Network Slice Specific Authentication and Authorization.

Abstract: Methods, systems, and computer-readable media that manage cloud computing environments. A pool manager creates a pool of cloud computing environments according to a pool specification specifying a headroom threshold of the pool. The pool manager receives, from a requester computer, a request to claim a cloud computing environment. The pool manager determines that one or more cloud computing environments are available. In response, the pool manager provides to the requesting computer credentials for accessing the cloud computing environment. The pool manager designates the cloud computing environment as claimed and unavailable to other requester computers until receiving a notification indicating that the cloud computing environment is unclaimed. The pool manager ensures that the correct number of environments are available on a pre-determined schedule.

Abstract: A method for transmitting security settings between a first automation engineering field device and a second automation engineering field device includes: identifying and authenticating an operator by means of a service unit; assigning an authorization group based on the identifying and authenticating of the operator; in the case, in which the operator is assigned the administrator authorization group: encrypting at least one security setting, which is present in cleartext, by the first field device; exporting the encrypted security setting; importing the encrypted security setting into the second field device; decrypting the encrypted security setting; loading the decrypted security setting into the data memory of the second field device and operating the second field device with the loaded security setting of the first field device.

Abstract: After receiving an authorization result from a user, an authorization server sets a deadline for re-authorization, performs wait processing until the deadline, and thereafter issues an access token.

Abstract: A method of delaying computer network clients from sending DNS queries. The method includes receiving a DNS query from a client and consulting a client record in a client record database and/or a flow record in a flow record database storing information about the flow including about one or more previous DNS queries and/or responses in the flow. The method further includes formulating a response to the DNS query as a function of the information about the client and/or the information about the flow, updating the client record with information about the client and/or the flow record with information about the DNS query and the response as formulated, and transmitting the response as formulated to the client. The DNS query includes a question and the response is intentionally defective or incomplete and causes the client to be delayed in sending another DNS query as part of an attack.

Abstract: A system for automatic recognition of security incidents includes a processor coupled to a memory storing instructions, the processor being configured to implement the instructions for an automatic incident generator (AIG) with at least one type of events related to the system, and access to a repository of information about previously recorded incidents with the events related to these previously recorded incidents, to monitor a plurality of events, identify sequences of events including suspected signatures that are capable of constituting an incident, calculate a degree of variance (DoV) of the suspected signatures and at least one signature related to a previously recorded incident, compare the DoV to at least one threshold and, if the DoV is less (or less or equal) to the threshold, identify the incident and optionally initiate the workflow related to the identified incident.

Abstract: Described herein are various methods of securing a computer system. One or more methods include starting a security process after basic functionality on a computer is initiated at startup. The security process performs one or more reviews, such as audits, of the computer to verify that there have not been unauthorized changes to the computer, such as to any settings or executable files.

Abstract: A method, system, and computer program product for behavior-based Internet of Things (IoT) device security are provided. The method detects an action from a set of IoT devices. A context is identified for the action and at least one IoT device of the set of IoT devices. The action and the context are validated for the at least one IoT device. The action is identified as an anomaly based on the validating of the action and the context. A potential state change is identified for the at least one IoT device based on the anomaly. The method determines a responsive action based on the potential state change and the anomaly.

Abstract: The disclosed embodiments relate to virtual distributed ledger networks provisioning using distributed ledger technology. In one embodiment, a system is disclosed, comprising a hardware processor and a memory device storing instructions executable by the hardware processor to perform operations. The operations comprise creating one or more virtual machines, and executing a plurality of microservices via the one or more virtual machines. At least two of the plurality of microservices are associated with different distributed ledger technology networks.