Abstract: Disclosed and described herein are systems and methods that bring together edge technologies into a single, streamlined process that automates the tracking and usage of assets (containers, equipment, mobile storage, etc.). These systems and methods include the use of smart beacons, low power cellular, sensors (strain gauges, level, contact, ohm/voltage, etc.), voice, video, microcontroller advancements, and the like. Conventional systems that have electronic service order and/or tickets are still limited in their functionality because of data, communication and processing hurdles. Disclosed are modern electronic data capture systems (IoT sensors) along with algorithms to assist on the tracking of assets and workers, more quickly capture authorized transactions for billing and remove the manual processes.

Abstract: A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.

Abstract: A blockchain network management system implements an associated method comprising the steps of: a) providing a blockchain network configured for providing individual blockchain users with access to a blockchain; b) providing individual blockchain users with a smartphone having a GPS receiving unit associated with a communications network and with a biometric user identification technology coupled to the smartphone; c) identifying an individual blockchain user with the biometric user identification technology by obtaining biometric characteristics that are unique to each human via the communications network; d) authenticating the individual blockchain user's identity and geolocation in an authentication network coupled to the communications network; and e) providing access of authenticated individual blockchain users to the individual blockchain. The blockchain network management system further includes tokens issued to individual authenticated users for providing access to the individual blockchain.

Abstract: A Wi-Fi network includes one or more access point devices configured to connect to one or more devices; wherein the Wi-Fi network is designated by a Service Set Identifier (SSID); wherein each Wi-Fi client device accesses the Wi-Fi network using the SSID and a key of a plurality of keys each being a password or certificate for the Wi-Fi network; and wherein each of the plurality of keys designates an access zone of a plurality of access zones each defining rules for network and/or device access such that the one or more access point devices provide selective access based on which of the plurality of keys is used for each of the one or more devices.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: Systems and methods for a bifurcated self-executing program that wraps a first self-executing program (e.g., a first smart contract) on a blockchain within a second self-executing program (e.g., a second smart contract), in which the second self-executing program enforces the requirement for particular security credentials/certificates. The bifurcated self-executing program comprises a single compiled self-executing program that combines the first self-executing program and the second self-executing program.

Abstract: A computer implemented method for wireless communications access security, the method comprising steps a computer processor of a client device is programmed to perform, the steps comprising: receiving at least one reference set of values from a server computer, each one of the received reference sets pertaining to a respective access point, measuring at least one parameter during wireless communication with an active access point, and determining a threat indication for the active access point based on a deviation of at least one of the measured parameters from a respective one of the received reference sets of values pertaining to the active access point.

Abstract: A computer-implemented method of securing vulnerabilities in a program, the method including receiving, by a computer, state information generated by an executed application program, training, by the computer, a constraints model based on the state information, generating, by the computer, one or more constraints with the constraints model, each of the one or more constraints describing an execution constraint for executing the application program, wherein the execution constraint enforces an intended operation of the application program, and applying, by the computer, the one or more constraints to the application program.

Abstract: A backend computer and methods of using the backend computer are described. The method may comprise: receiving, at a first backend computer, sensor data associated with a vehicle; determining a labeling of the sensor data, comprising: determining personal data and determining non-personal data that is separated from the personal data, wherein each of the personal and non-personal data comprise labeled data, wherein the personal data comprises information relating to at least one identified or identifiable natural person; and performing via the personal data and the non-personal data that is separated from the personal data, at the first backend computer, data processing associated with collecting sensor data associated with the vehicle.

Abstract: A sending security edge proxy SEPP receives a first message sent by a first network function to a second network function. The first message has a plurality of first message parts including: a request line or a response line; at least one header; and payload. Second message parts are formed from the features and optional sub-features of the first message parts. A security structure defines a required security measure individually for each second message part. The SEPP applies, according to the security structure definition, to each second message part by encrypting; integrity protecting; or modification tracking with integrity protecting; and forms a second message that contains the second message parts; and sends the second message towards the second network function. Corresponding methods, structures, computer programs and a system are disclosed for intermediate nodes and receiving SEPP.

Abstract: A system architecture for managing access to data and managing operations performed by applications using the data. In one example, a secure edge module is provided. In some embodiments, a secure edge module may be provided. The secure edge module may be a secure environment that is trusted to control/manage access to different sets of data. The secure edge module may identify/authenticate applications that may perform operations on the data. The secure edge module may decrypt the data within the secure edge module and allow the operations to execute within the secure edged module, using the decrypted data.

Abstract: An apparatus is provided including at least one platform; an intrusion prevention system configured to communicative couple with the at least one platform; a firewall configured to communicative couple with the at least one platform; at least one first data storage configured to communicative couple with the at least one platform; and at least one second data storage configured to communicative couple with the at least one platform. The at least one platform is configured to perform a plurality of operations that collective protect one or more networked devices.

Abstract: A logic circuit for managing reception of secure data packets in an industrial controller snoops data being transferred by a Media Access Controller (MAC) between a network port and a shared memory location within the industrial controller. The logic circuit is configured to perform authentication and/or decryption on the data packet as the data packet is being transferred between the port and the shared memory location. The logic circuit performs authentication as the data is being transferred and completes authentication shortly after the MAC has completed transferring the data to the shared memory. The logic circuit coordinates operation with the MAC and signals a Software Packet Processing (SPP) module when authentication is complete. The logic circuit is further configured to decrypt the data packet, if necessary, and to similarly coordinate operation with the MAC and delay signaling the SPP module that data is ready until decryption is complete.

Abstract: An authentication method for a telecommunications system comprising a computer network and a telephone network that includes receiving, at an Authentication System across the computer network, data indicative of an authentication request. The request is typically made by a provider in connection with a user (e.g. by a provider to obtain authentication from a user as the result of an authentication trigger detected by a provider system). A telephone call is establishing by the telephone network between the Authentication System and a telephone device with a telephone number associated with the user. A PIN is received from the user at the Authentication System during the telephone call. It is then determined if the received PIN is valid. The authentication request is authenticated if the PIN is determined to be valid.

Abstract: A software and/or hardware facility that can be used by content owners to assert ownership of content so that copyright friendly websites and services can take action against copyright piracy effectively, efficiently and is scalable is disclosed. The facility makes available to all content owners watermarking/fingerprinting technology so an identifier (e.g., a unique code) can be embedded in the content (e.g., video/audio portion of each video content asset). The facility utilizes blockchain technology to add information related to each unique identifier in a database and allows an authorized user (e.g., the owner) to update the information through a blockchain transaction.

Abstract: A network controller configured to provide network access to client devices, receives a network access request from a client device. The network access request includes a media access control (MAC) address of the client device and information about a first private key. The network controller sends to a server an authentication request, which includes the MAC address of the client device. The network controller receives an authentication response from the server, which includes a second private key. The network controller determines whether the first private key is the same as the second private key. In response to determining that the first private key is different from the second private key, network access is denied to the client device, and in response to determining that the first private key is the same as the second private key, network access is granted to the client device.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment. A method, system and apparatus include/are configured for maintaining a secure vault, accessing building block modules and implementing an orchestrator. The vault stores code. The building block modules are formed using the code stored in the secure vault. The orchestrator controls access to the building block modules.

Abstract: An apparatus for managing a security policy of a firewall according to an embodiment includes a rule request module that receives one or more requested rules to be applied to a firewall, a rule merge module that merges a pre-applied rule of the firewall and the one or more requested rules when the number of rules applied to the firewall exceeds a maximum number of rule registrations of the firewall due to the requested rule, and a firewall interface module that receives the pre-applied rule from the firewall and provides the pre-applied rule to the rule merge module, and re-registers a merged rule merged through the rule merge module in the firewall, and the rule merge module is configured to merge the pre-applied rule and the one or more requested rules so that a security vulnerable space occurring due to the merging is minimized.

Abstract: A method for improving data transmission security at a user equipment comprises receiving, from a source network node, a connection release message including instructions for computing a hash value for data to be included in a connection request message; computing the hash value based on the instructions included in the connection release message; calculating a token based on the hash value, and sending, to a target network node, the connection request message including the token. The method may further forward the data from the target network node directly to a gateway after the token has been verified. The method may reduce a signaling overhead by having a fixed-size hash value for data. Furthermore, the method may improve a transmission security by including the token in an RRC message, in which the token is calculated based on the hash value representing the data.

Abstract: Managing the loading of third-party tools on a website is described. Configuration is received for loading the third-party tools. An intermediary server receives a request for a page that is hosted at an origin server. The intermediary server retrieves the page and modifies the page including automatically including a third-party tool manager to the retrieved page. The third-party tool manager includes a set of one or more client-side scripts that, when executed by the client network application, collects and transmits information to the intermediary server for loading the third-party tools. The intermediary server loads the third-party tools based on the received information and the configuration. The intermediary server causes event data to be transmitted to third-party tool servers that correspond with the third-party tools.