Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: An example computing device incudes a main processor, a management firmware subsystem, and a controller to control operation of the management firmware subsystem. The controller is separate from a main processor. A memory stores subsystem data that is useable by the controller. The computing device further includes a set of instructions that determines a manufacturing mode of the computing device. The manufacturing mode is enabled when the computing device is under manufacture or maintenance. The manufacturing mode is disabled when the computing device is under normal operation. The set of instructions further determines a manufacturing state of the subsystem data. The manufacturing state indicates whether the subsystem data is complete. In response to determining that the manufacturing mode is disabled and that the manufacturing state of the subsystem data is incomplete, the set of instructions initiates a restoration of the subsystem data from a backup of the subsystem data.

Abstract: A method comprising receiving a plurality of signatures representing one or more proprietary files from a vendor generated without disclosure of the proprietary files, each signature corresponding to a segment of a proprietary file. The method further comprising and validating each of the plurality of the signatures, to ensure that the signatures are the proprietary code of the vendor. The method further comprises adding the plurality of the signatures to a global database, the global database used to compare the proprietary data of the vendor to other technology data and taking various action based on the results of the comparison.

Abstract: A computer-implemented method (900) and system (1) for verifying the integrity of a computer software for installation using a distributed hash table (13) and a peer-to-peer distributed ledger (14). This may be the Bitcoin blockchain or an alternative implementation. The method includes determining (910) a metadata associated with a transaction record stored on the peer-to-peer distributed ledger (14). An indication of an entry stored on the distributed hash table (13) may be determined (920) from the metadata. The method further includes determining (930) a third hash value based on the computer software and determining (940) a fourth hash value from the entry on the distributed hash table (13). The method further includes comparing (950) the third hash value and the fourth hash value and verifying (960) the integrity of the computer software based on the comparing of the third hash value and the fourth hash value.

Abstract: In a method of generating a secret key according to an embodiment, a share of each of a user and a plurality of other users for a secret key of the user are generated, the share of each of the plurality of other users is provided to a user terminal of each of the plurality of other users, a share of the user for a secret key of each of the plurality of other users is received from the user terminal of each of the plurality of other users, and a new secret key of the user is generated using the share of the user for the secret key of the user and the shares of the user for the secret key of each of the plurality of other users.

Abstract: A method for verifying and validating identifiable attributes of a user includes electronically receiving the attributes of a user and verifying their authenticity. The attributes are also validated by confirming each matches a corresponding evidenced based attribute. An internal unique identity number is assigned in concert with authenticated user attributes. Access to the identifiable attributes having the identifier is only permitted by the user or a designee of the user. A level of confidence is established from a ranking of the validated attributes. An authenticated digital identity is then formed from the identifiable validated attributes, and a level of confidence for the authenticated digital identity is established from the ranking.

Abstract: A system includes programmable systolic cryptographic modules for security processing of packets from a data source. A first programmable input/output interface routes each incoming packet to one of the systolic cryptographic modules for encryption processing. A second programmable input/output interface routes the encrypted packets from the one systolic cryptographic module to a common data storage. In one embodiment, the first programmable input/output interface is coupled to an interchangeable physical interface that receives the incoming packets from the data source. In another embodiment, each cryptographic module includes a programmable systolic packet input engine, a programmable cryptographic engine, and a programmable systolic packet output engine, each configured as a systolic array (e.g., using FPGAs) for data processing.

Abstract: There is disclosed in one example a network gateway device, including: a hardware platform including a processor and a memory; a network interface, including network interface hardware; and instructions encoded within the memory to instruct the processor to: receive from an endpoint device, via the network interface, a signed security posture data structure, the signed security posture data structure including information about a security posture of the endpoint device; cryptographically verify the signed security posture data structure; and according to the signed security posture data structure, assign a network security policy to the endpoint device.

Abstract: A method for authenticating a first party to a second party, the method comprising: i) providing a token, wherein the token is at least a part of a mobile entity and wherein the token is coupled to a secret being indicative for the identity of the first party, ii) coupling the token with an access point by establishing a physical contact, iii) transferring the secret to the access point, iv) linking the secret with a location information of the access point, thereby providing an authentication token being indicative for the identity and the location of the first party, and v) providing the authentication token to the second party.

Abstract: In some implementations, a device may receive a notification to authenticate a user associated with a user account of an application server. The device may send, to the user device, an authentication request that prompts the user to provide a contextual description of an operation associated with the user account. The device may receive, from the user device, an authentication response that includes a described characteristic of the operation that is associated with a parameter of the operation. The device may determine whether the authentication response is valid based on a comparison of the described characteristic of the operation and the parameter of the operation. The device may cause, based on a determination that the authentication response is valid, performance of the operation based on the parameter.

Abstract: The disclosure is related to injection of a serialized set of field values of an unlocking transaction into a locking script, such as for distributed ledge technologies and consensus-based blockchains. A first transaction to validate is received at a node in the blockchain network. The first transaction includes a first script that includes a set of field values of the first transaction and, as a result of being executed, causes the node to obtain a set of field values. A second transaction is obtained, with the second transaction having been validated. The second transaction includes a second script that, as a result of being executed, causes the node to generate a signature based at least in part on the set of field values supplied as a result of execution of the first script. The first transaction is validated by execution of the first script and the second script.

Abstract: A system and a method to detect malicious software written to an Ethernet solid-state drive (eSSD). The system includes an Ethernet switch, at least one SSD, and a baseboard management controller (BMC). The Ethernet switch receives write data from a communication network in response to a write command. The at least one SSD receives the write data from the Ethernet switch and stores the received write data. The BMC receives from the at least one SSD the received write data. The BMC determines whether the received write data contains malicious software. The received write data may be contained in a plurality of Ethernet packets in which case the BMC stores the received write data in a scan buffer in an order that is based on an assembled order of the received write data.

Abstract: An example operation may include one or more of generating, by a processor node, an identifier (ID) for an asset producer node, mapping, by the processor node, the ID to an identity of an asset producer node, receiving, by the processor node, a request from a supplier node from a plurality of supplier nodes for the asset producer node to be added to a supply blockchain, and providing entitlements to the plurality of the supplier nodes based on the mapped ID.

Abstract: An anomaly handling method using a device installed outside of a vehicle is disclosed. The method includes receiving, from the vehicle, an anomaly detection notification, which includes level information indicating a level affecting safety, and a location of the vehicle. The method also includes obtaining a location of another vehicle and determining whether a distance between the location of the vehicle and the location of the other vehicle is within a predetermined range. When the distance is within the predetermined range and is shorter than a first predetermined distance, not changing the level information and transmitting the received anomaly detection information to the other vehicle. When the distance is within the predetermined range and is longer than or equal to the first predetermined distance, changing to decrement a level indicated by the level information, and transmitting changed anomaly detection information to the other vehicle.

Abstract: In one aspect, an example methodology implementing the disclosed techniques includes, by a computing device, monitoring an application for suspicious activity based on keystrokes to input data to the application and detecting an instance of suspicious activity within the application based on a sequence of keystrokes to input the data to the application, the sequence of keystrokes to provide characters indicative of sensitive data and in a format different than an expected format for the input data. The method also includes, by the computing device, generating an action to prevent loss of sensitive data in response to detection of the instance of suspicious activity.

Abstract: Methods and systems for a transportation vehicle are provided. One method includes generating a packet by an application executed by a processor of a first seat device of an in-flight entertainment system having a plurality of seat devices on an aircraft; dropping the packet by the seat device when the application is not authorized for Internet communication; dropping the packet by the seat device when the packet is one of a broadcast packet, multicast packet or destined to a second seat device of the in-flight entertainment system; determining that the seat device Internet traffic is below a threshold value; and transmitting the packet to a network device when the application is authorized, and the packet is not a broadcast packet, multicast packet or destined for a second seat device.

Abstract: The present invention relates to a method and a system for inscribing and securely storing cryptographic keys on a physical medium, and to a corresponding physical medium, comprising the following steps: from a first management entity (31), generating (1) a first pair of asymmetric cryptographic keys comprising a first user public key (pub1) and a first user private key (priv1), inscribing (2) the first user private key (priv1) onto a physical medium, and affixing (4) a first tamper-evident concealing element (hol1) to the physical medium in order to conceal the first user private key (priv1) and seal same, said first user private key (priv1) being accessible only by visibly breaking said first tamper-evident concealing element (hol1); from the second management entity (32), generating (6) a second pair of asymmetric cryptographic keys comprising a second user public key (pub2) and a second user private key (priv2), inscribing (7) the second user private key (priv2) onto the physical medium and affixing (9

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: The technology described in this document can be embodied in a computer-implemented method that includes receiving, at one or more servers from a first computing device, (i) first identification information identifying the first computing device or an application executing on the first computing device, and (ii) second identification information identifying a second computing device. The second identification information is obtained by the first computing device by detecting changes to one or more parameters of a magnetic field generated by the second computing device. The method also includes determining, by the server based on the first information, identity information of a user associated with the first computing device, and transmitting, from the one or more servers to the second computing device, the identity information, such that the identity information is usable by the second computing device to verify an access attempt by the user.

Abstract: A wireless communication system enables one-sided authentication of a responder device (120) by an initiator device (110) and mutual authentication of both devices. Embodiments of the initiator may have a message unit (116) and a state machine (117). The initiator starts by acquiring a responder public key via an out-of-band action and sends an authentication request. The responder sends an authentication response comprising responder authentication data based on a responder private key and a mutual progress status indicative of the mutual authentication being in progress for enabling the responder device to acquire an initiator public key via a responder out-of-band action. The initiator state machine is arranged to provide a mutual authenticating state, engaged upon receiving the mutual progress status, for awaiting mutual authentication. Thereby long time-out periods during wireless communication are avoided, while also enabling the initiator to report communication errors to the user within a short time.