Abstract: A method and system for mitigating a threat associated with network data packets are provided. The method commences with receiving, by an authentication server, a request for access to a server from a client. The method further includes authenticating the client by the authentication server. The authentication includes providing an authentication token to the client. The method continues with receiving, by a mitigation device, from the client, at least one network packet directed to the server. The at least one network packet embeds the authentication token. The method further includes validating, by the mitigation device, authenticity of the authentication token and selectively forwarding, based on the validation, the at least one network packet to the server. The authentication token is independently generated by the authentication server, the mitigation device, and the server using a shared token generation algorithm based on a hash salt value.

Abstract: The present disclosure includes apparatuses, methods, and systems for using a local ledger block chain for secure updates. An embodiment includes a memory, and circuitry configured to receive a global block to be added to a local ledger block chain for validating an update for data stored in the memory, where the global block to be added to the local ledger block chain includes a cryptographic hash of a current local block in the local ledger block chain, a cryptographic hash of the data stored in the memory to be updated, where the current local block in the local ledger block chain has a digital signature associated therewith that indicates the global block is from an authorized entity.

Abstract: Systems and methods are described for establishing trust between two devices for secure peer-to-peer communication. In an example, a first and a second device can each possess a digital signature issued by the same certificate authority and a hash function issued by the same trusted entity. The devices can exchange public keys that include their respective digital signatures. The second device can verify the first device's digital signature, encrypt an encryption key with the second device's public key, hash the encryption key using its hash function, and encrypt the hash using its private key. The second device can send the encrypted hash and encryption key to the first device. The first device can verify the second device's digital signature, decrypt the encryption key, and decrypt the encrypted hash. The first device can hash the encryption key using its hashing function and compare the two hashes to verify the second device.

Abstract: A device may obtain, from a pool of subscription identifiers allocated for sharing, a subscription identifier for a target device to be onboarded onto a wireless network. The device may generate a derived subscriber identification module (SIM) profile that includes the subscription identifier and a derived set of credentials. The derived set of credentials may be based on an existing set of credentials associated with the device. The device may cause the derived SIM profile to be provided to the target device to enable the target device to obtain access to the wireless network.

Abstract: Techniques for managing activation of functionalities in an information processing system are provided. For example, a method generates, at a first node in a distributed ledger network, at least one data object comprising data associated with a system and one or more unactivated functionalities of the system, and the data object further comprises one or more parameter fields configured for one or more other nodes in the distributed ledger network to subsequently insert data therein. The method obtains the at least one data object after data is inserted in the one or more parameter fields by the one or more other nodes. The method sends the at least one object to an additional node in the distributed ledger network for use in activating the one or more unactivated functionalities of the system.

Abstract: Exemplary methods for facilitating secure communication between a mobile network subscriber and various service providers (SPs), the subscriber being associated with a plurality of entities comprising any combination of devices and profiles. Some embodiments can include: obtaining a security identifier associated with the subscriber; based on the security identifier, establishing an identity hierarchy comprising the plurality of entities associated with the subscriber; based on the security identifier, establishing consents for SPs to access data generated by the entities of the identity hierarchy; in response to a request comprising the security identifier, receiving a public key usable to encrypt data for sending to a particular SP, the data being decryptable using a corresponding secret key associated with an established consent for the particular SP; and encrypting the data using the public key and the identity hierarchy.

Abstract: A technique and system protects documents at rest and in motion using declarative policies, access rights, and encryption. Methods, techniques, and systems control access to documents and use of content in documents to support information management policies.

Abstract: A method of verifying that a first device and a second device are physically interconnected is disclosed. The method is performed by a verifier and includes sending a challenge R1 to the first device, for use as basis for input to a first physical unclonable function, PUF, —part of the first device, receiving, a response, RES1, from the second device, the response RES1 being based on an output of a second PUF part of the second device, and verifying that the first device and the second device are interconnected for the case that the received response, RES1, and an expected response fulfills a matching criterion. A method in a first device and a method in a second device and corresponding devices, computer programs and computer program products are also disclosed.

Abstract: Systems and methods for generating min-increment counting bloom filters to determine count and frequency of device identifiers and attributes in a networking environment are disclosed. The system can maintain a set of data records including device identifiers and attributes associated with device in a network. The system can generate a vector comprising coordinates corresponding to counter registers. The system can identify hash functions to update a counting bloom filter. The system can hash the data records to extract index values pointing to a set of counter registers. The system can increment the positions in the min-increment counting bloom filter corresponding to the minimum values of the counter registers. The system can obtain an aggregated public key comprising a public key. The system can encrypt the counter registers using the aggregated shared key to generate an encrypted vector. The system can transmit the encrypted vector to a networked worker computing device.

Abstract: Systems and methods for dynamically encrypting requests in accordance with embodiments of the invention are disclosed. In one embodiment, a computer-implemented method includes obtaining a notification indicating an updated private key has been issued for a third-party service, obtaining, based on the notification, an updated public encryption key associated with the third-party service, generating a security token for the third-party service, the security token associated with a caching system, obtaining, from a secured database and based on the security token, the updated private key, storing, using the caching system, a routing entry comprising the security token and encrypted based on the updated private key, receiving, from a client device, a request to access the third-party service, authenticating the request with the third-party service using the routing entry, and redirecting the client device to the third-party service.

Abstract: Methods and systems for monitoring network activity. Various embodiments may deploy virtual security appliances to a certain location or with a specific configuration based on data regarding previous attacks and attacker activity. Accordingly, the deployed virtual security appliance(s) are better suited to gather more useful behavior regarding threat actor behavior and attacks.

Abstract: Systems and methods for secure and accountable execution of computer scripts are disclosed. A system for validating an execution of a set of computer instructions may be configured to receive a first cryptographic hash, the first cryptographic hash corresponding to the set of computer instructions, to receive a second cryptographic hash, the second cryptographic hash corresponding to a runtime utility, wherein the runtime utility is configured to execute the set of computer instructions, to generate a ledger entry comprising the first cryptographic hash, the second cryptographic hash, and an indicator of success, and to add the ledger entry to a blockchain ledger, wherein the blockchain ledger is configured to receive the ledger entry from an authenticated node.

Abstract: An intelligent electronic device (IED) includes memory and a processor operatively coupled to the memory. The processor is configured to establish, over a communication network of a power system, a connection association (CA) with a receiving device using a MACsec Key Agreement (MKA). The processor is configured to automatically send device management information via the MKA process.

Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.

Abstract: A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal.

Abstract: A primary platform (PP) can (i) support a first set of cryptographic parameters and (ii) securely download an unconfigured secondary platform bundle (SPB) that includes a configuration package (SPB CP). The SPB CP can establish a secure session with a configuration server (CS). The CS can select operating cryptographic parameters supported by the first set. The SPB CP can derive an SPB private and public key. The PP can use the selected operating cryptographic parameters to securely authenticate and sign the SPB public key. The CS can (i) verify the PP signature for the SPB public key and (ii) generate an SPB identity and certificate for the SPB and (iii) send the certificate and SPB configuration data to the SPB CP. The SPB CP can complete configuration of the SPB using the SPB identity, certificate, and configuration data. The configured SPB can authenticate with a network using the certificate.

Abstract: A method of directing encrypted data transmitted wirelessly on a communication network comprising receiving encrypted data, by a managing application executing on a virtual network, from a user equipment (UE) operating on a mobile network. The managing application on the virtual network is coupled with an access node and deciphers a portion of the data encrypted with homomorphic encryption to determine a data characteristic. The managing application routes the encrypted data to a network location in response to the data characteristic of the encrypted data.

Abstract: An automated tool analyzes source code repositories and web endpoints for unique characteristics that they both share in order to predict the likelihood that a particular source code repository contains source code files used in a web endpoint and to predict the likelihood that a web endpoint uses source code files of a particular repository. The unique characteristics are referred to as fingerprints and include unique combination of public-facing entities, unique tokens, and unique DOM characteristics.

Abstract: An electronic messaging system includes a sender direct access client, associated with a sender and operationally hosted on a sender computer, and a closed message server, communicatively coupled to the computer, via a relay server. The closed message server includes an electronic message receiver to receive an electronic message from the sender direct access client, and directed to a recipient. The closed message server also includes a reply ID generator to generate a reply ID that is correlated with a sender of the electronic message, the reply ID to enable the electronic messaging system to direct a reply electronic message back to the sender. A reply electronic message receiver receives the reply electronic message from the recipient, and identifies the sender of the electronic message using the reply ID. A reply generator associates reply content, of the reply electronic message, with the sender.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for hardware-level encryption. An example method includes receiving an instance of information/data by processing circuitry; and disassembling, by the processing circuitry, the instance of information/data into a plurality of sections. The processing circuitry assigns each section of the plurality of sections a location in an allocated portion of memory. The locations are determined based at least in part on a quantum obfuscation map (QOM). The QOM is generated based on one or more quantum obfuscation elements (QOEs) corresponding to a quantum state of a quantum particle. The processing circuitry then causes each of the plurality of sections to be stored at the corresponding assigned location in the allocated portion of the memory.