Abstract: A service control system controls access to secured online testing services, such as accredited or standardized tests, examinations in educational courses, tutoring services, and continuing professional development courses or seminars. The secured services may be published by an educational publishing platform and made available to users through online configured browser applications executing on the users' devices. Based on access conditions associated with a secured testing service and the capturing and processing of one or more images, the service control system determines how users are authorized to access the services. When users have been authorized to access a service or a subset of the service, the service may be distributed through the browser applications executing on the users' devices.

Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.

Abstract: A method of generating relevant security rules for a user includes the steps of: building a first tree data structure from paths within a pool of security rules; collecting process paths for the user; and compiling the relevant security rules for the user by traversing the first tree data structure according to the process paths of the user.

Abstract: A method of providing access to digital resources using multiple user identities comprises receiving, from a client application, a first set of authentication tokens that authorize a user to acquire target data provided by a server application. The method further comprises receiving, from the client application, a second set of authentication tokens that authorize the same user to access a connected application. The method further comprises sending, to the server application, a first request to acquire the target data provided by the server application, the first request including the first set of authentication tokens and an identifier of the target data. The method further comprises receiving, from the server application, the target data. The method further comprises sending the target data from the application connector to the connected application in a second request that also includes the second set of authentication tokens.

Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.

Abstract: Methods, systems, and devices for server-initiated secure sessions are described. A browser application may connect to a portal, where the portal may transmit a command to a server agent to initiate a secure session with an endpoint device. The server agent may be housed in a destination server, and may establish a secure connection with an intermediary server using a secure communication protocol. The secure connection may be made by directing the destination server to open an out-bound connection through a firewall of the destination server. A browser session may be redirected to the intermediary server from the browser application, and the intermediary server may route the browser session traffic to the secure connection.

Abstract: A neural network having one or more public parts and one or more confidential parts is trained to perform a primary task. A deployment instantiation of the neural network is trained based on optimal performance of the primary task, and based on sub-optimal performance of the primary task conditioned on the confidential parts of the deployment instantiation being inaccessible. An adversary instantiation of the neural network is trained based on optimal performance of the primary task conditioned on the public parts being identical for the deployment instantiation and for the adversary instantiation, and conditioned on the confidential parts of the deployment instantiation being inaccessible. The training of the deployment instantiation and the training of the adversary instantiation are based on a plurality of training data samples, and are performed iteratively by alternating between the training of the deployment instantiation and the training of the adversary instantiation.

Abstract: Systems and methods of authenticating voice data using a ledger (blockchain). Examples include a scalable and seamless system that uses blockchain technologies to distribute trust of a conversation, authenticate persons in a conversation, track their characteristics and also to keep records of conversations. In some examples, smart phones, wearables, and Internet-of-Things (IoT) devices can be used to record and track conversations between individuals. These devices can each be used to create entries for the blockchain or a single device could be used to keep track of the entirety of the conversation. Fuzzy hashing may be used to compare newly created entries with previous entries on the ledger.

Abstract: Methods and apparatus for secure networking protocol optimization via NIC hardware offloading. Under a method, security offload entries are cached in a flow table or a security database offload table on a network interface coupled to a host that implements a host security database mapping flows to Security Association (SA) contexts. Each security offload entry includes information identify a flow and information, such as an offset value, to locate a corresponding entry for the flow in the host security database. Hardware descriptors for received packets that belong to flows with matching security offload entries are generated and marked with the information used to locate the corresponding entries in the host security database. The hardware descriptors are processed by software on the host and the location information is used to de-reference the location of applicable entries in the host security database.

Abstract: The host computer securitization architecture, which comprises: an offline source server, an offline provisioning server configured to connect with a portable mobile securitization server via a wired communication, an administration server configured to monitor and interact with at least one portable mobile securitization server, at least one portable mobile securitization server configured to connect via a wired communication to a host computer, said portable mobile securitization server comprising: a connector to mechanically connect and establish a removable wired communication between the mobile server and the host computer, a first wired bidirectional communicator with the host computer, a second of bidirectional communicator with a data storage peripheral or a data network and a unit securing the communication between the host computer and the data storage mobile server or the data network, this communication being established between the first and the second communicator, a blockchain comprising

Abstract: A device includes an encoder and a decoder using physically unclonable functions. The encoder includes a first generator for generating a first hash value based on first input data; a first exclusive OR (XOR) operator for performing an XOR operation between second input data and a cryptographic value to generate a first operation value; a second XOR operator for performing an XOR operation between the first hash value and the first operation value to generate a second operation value; a second generator for generating a second hash value based on the first operation value; and an encoding component for encoding the first input data, the second operation value and the second hash value to output first to third encoded data. The decoder contains the same generators and XOR operators as the encoder.

Abstract: An apparatus and method for responding to an invalid state occurrence encountered during execution of a third-party application program is included. The apparatus performing the method which includes registering a trap signal handler with a kernel of an operating system. The method also including intercepting calls from the third-party application program to the operating system and processing an exception signal corresponding to the invalid state to generate a response. The response including performing a signal reporting process.

Abstract: Systems and methods for encoded communications are disclosed. In some embodiments, a server system may be configured to receive a communication from a user interface at an encoded communication module that includes an artificial intelligence based natural language processing module, determine whether the received communication is an encoded communication, decode the encoded communication to generate a financial query when it is determined that the received communication is an encoded communication, retrieve financial data associated with the user, determine an answer to the financial query based on the retrieved financial data, encode the determined answer to generate an encoded responsive communication, and transmit the generated encoded responsive communication to the user interface for providing to a user of the user interface.

Abstract: A system and method for the analysis of log data is presented. The system uses SuperMinHash based locality sensitive hash signatures to describe the similarity between log lines. Signatures are created for incoming log lines and stored in signature indexes. Later similarity queries use those indexes to improve the query performance. The SuperMinHash algorithm uses a two staged approach to determine signature values, one stage uses a first random number to calculate the index of the signature value that is to update. The two staged approach improves the accuracy of the produced similarity estimation data for small sized signatures. The two staged approach may further be used to produce random numbers that are related, e.g. each created random number may be larger than its predecessors. This relation is used to optimize the algorithm by determining and terminating when further created random numbers have no influence on the created signature.

Abstract: A computer-implemented method includes producing information that characterizes a group of individuals from a set of private data representing characteristics of the individuals. The identity of the individuals is unattainable from the produced information. The method also includes providing the produced information to report the characteristics of the group.

Abstract: A medical device of a medical system is configured for communicating with an external programmer over a wireless communications link. The medical device comprises a wireless communications module configured for receiving a first unencrypted version of a random number and a first encrypted version of the random number from the external programmer over the wireless communications link. The medical device further comprises control circuitry configured for performing an authentication procedure on the external programmer based on the first unencrypted version of the random number and the first encrypted version of the random number, and preventing the external programmer from commanding the medical device to perform an action unless the authentication procedure is successful.

Abstract: A cyber threat intelligence (CTI) gateway device may receive rules for filtering TCP/IP packet communications events that are configured to cause the CTI gateway device to identify communications corresponding to indicators, signatures, and behavioral patterns of network threats. The CTI gateway device may receive packets that compose endpoint-to-endpoint communication events and, for each event, may determine that the event corresponds to criteria specified by a filtering rule. The criteria may correspond to one or more of the network threat indicators, signatures, and behavioral patterns. The CTI gateway may create a log of the threat event and forward the threat event log to a task queue managed by a cyberanalysis workflow application. Human cyberanalysts use the cyberanalysis workflow application to service the task queue by removing the task at the front of the queue, investigating the threat event, and deciding whether the event is a reportable finding that should be reported to the proper authorities.

Abstract: Secure network communications are described. In one aspect, a secure network can include a passbuilder that provides policy information related to performance characteristics of the secure network. A sender can receive the policy information and transmit packets to a receiver if the policy information is complied with by the potential packet transmission.

Abstract: An example method to obtain process data associated with a process control system received from a field device includes identifying, at a computing device, associated data and a payload included in the data packet, the associated data including a source bit, determining, at the computing device, a type of connection between the field device and the computing device based on the source bit, determining, at the computing device, an encryption key identifier and an initialization vector based on an auxiliary data packet received prior to the data packet, generating, at the computing device, a nonce value based on the source bit and the initialization vector, the nonce value indicative of an input to a data encryption algorithm used by the field device to encrypt the payload, and extracting, at the computing device, the process data associated with the process control system from the payload.

Abstract: A vibration signal-based smartwatch authentication method includes generating incremental vibration signals using a vibration motor in a smartwatch; performing frequency band-based hierarchical endpoint segmentation to obtain vibration signals at a plurality of frequency bands; extracting frequency-domain features for the vibration signals at the plurality of frequency bands; training a dynamic time warping model by taking the vibration signals at the plurality of frequency bands as a training data set, training a nearest neighbor model by taking the extracted frequency-domain features as training data; collecting to-be-authenticated vibration signals which are processed to serve as test data signals; discriminating similarities between the test data signals and corresponding training data signals through the dynamic time warping model, giving a classification result through the nearest neighbor model, performing weighted calculation on a discrimination result of the dynamic time warping model and a discrimin