Abstract: An aggregated networking device subsystem station move control system includes first and second aggregated networking devices connected via an ICL. The first aggregated networking device receives a MAC address from the second aggregated networking device that was learned on an orphan port that has port security enabled and a station-move-deny configuration, and generates a static MAC address entry in its MAC address table that associates the MAC address with the ICL. The static MAC address entry causes data packets received on non-ICL ports on the first aggregated networking device that include the MAC address to generate a static MAC move violation. The first aggregated networking device also programs rule(s) that, in response to data packets being received on its non-ICL ports that have port security disabled and generating a static MAC move violation, causes the association of the MAC address with that non-ICL port.

Abstract: An electronic device is disclosed. The electronic device comprises: a camera; a storage unit; and a processor for capturing an image including authentication information of an external electronic device through the camera, acquiring first information related with a public key included in the image and storing the first information in the storage unit, and comparing second information with the first information so as to authenticate the external electronic device when the second information and identification information related with the public key are received from the external electronic device on the basis of a type of first information.

Abstract: The present disclosure generally relates to a system and method for defending a utilities system against cyber-physical attacks associated with anomalies in a physical process operative in the utilities system. The defense system comprises: a set of sensors for collecting physical data associated with the physical process; a set of controller devices for monitoring process states of the physical process based on the physical data from the sensors; a set of verification devices for monitoring the physical process based on the physical data from the sensors, the physical data enabling the verification devices to detect the anomalies based on a set of invariants predefined for the physical process; and a set of actuators controllable by the controller devices or verification devices to remedy the anomalies and regulate the physical process, thereby defending the utilities system against the cyber-physical attacks.

Abstract: Provided is a secret search device including an arithmetic processing unit configured to speed up secret search processing by, when the secret search processing is performed by executing a pairing operation relating to each element of an encrypted tag and each element of a trapdoor, and when the pairing operation is executed by using a pre-calculation table stored in a storage unit for each element to be used in the pairing operation. The arithmetic processing unit is configured to execute, based on information on a free space usable for the pre-calculation table, size adjustment of the pre-calculation table such that the pre-calculation table fits in the free space.

Abstract: Systems and methods for protecting secret or secure information involved in generation of ciphered data by circuitry. The circuitry includes data paths and key paths that operate to perform cipher operations to generate a plurality of key shares and a plurality of data shares using a key and data as input. The data and the key may be masked by at least one mask. The plurality of key shares may be generated using the key and a first mask. The plurality of data shares are generated using key shares, the data, and a second mask.

Abstract: Systems and methods are provided for a media provider to allow a user to access media objects with a third-party partner that authenticates the user and authorizes the user to access certain media objects. The media provider offers access to media objects, such as video content or audio content. The partner, through a relationship with the media provider, similarly offers access to the media provider's media objects, for example, as a service or benefit to the partner's customers or users. In particular, a partner integration server mediates user authentication and authorization by the partner. The partner integration server also allows the media provider to easily and flexibly to add and integrate additional partners.

Abstract: Embodiments disclosed herein are related to computing systems and methods for localizing how a user will receive and view received DID-related data. The computing system and methods are implemented in the decentralized network that implements a distributed ledger that backs one or more decentralized identities (DID) for one or more users of the computing system. Various sets of rule are accessed. The sets of rules specify how a DID owner will receive and view DID-related data received from a third party entity. The sets of rules are applied to the DID-related data received from the third party entity. The received DID-related data is modified such that the received DID-related data conforms to the one or more sets of rules. The modified DID-related data is provided to the DID owner so that the DID owner is able to view the modified DID-related data according to the applied sets of rules.

Abstract: The present disclosure describes a system, method, and computer program for detecting unmanaged and unauthorized assets on an IT network by identifying anomalously-named assets. A recurrent neural network (RNN) is trained to identify patterns in asset names in a network. The RNN learns the character distribution patterns of the names of all observed assets in the training data, effectively capturing the hidden naming structures followed by a majority of assets on the network. The RNN is then used to identify assets with names that deviate from the hidden naming structures. Specifically, the RNN is used to measure the reconstruction errors of input asset name strings. Asset names with high reconstruction errors are anomalous since they cannot be explained by learned naming structures. After filtering for attributes or circumstances that mitigate risk, such assets are associated with a higher cybersecurity risk.

Abstract: Aspects of the disclosure relate to managing and routing messages to distributed user devices in an enterprise computing environment. In some embodiments, a computing platform may receive an application content request from an enterprise tablet computing device. The computing platform may generate and send a database query, which may cause a message database server to select message data from a message database hosted by the message database server. After sending the database query, the computing platform may receive, from the message database server, the message data selected from the message database. Subsequently, the computing platform may generate a notification for the enterprise tablet computing device and may send the notification to the enterprise tablet computing device, which may cause the enterprise tablet computing device to display the notification.

Abstract: An example operation may include one or more of receiving, via a network, tag data that is read from a tag associated with a physical object and signed with a key assigned to the tag, determining, via a blockchain peer, that the signed tag data is validly signed based on a corresponding key pair of the tag which is accessible to the blockchain peer, determining, via the blockchain peer, whether the tag data satisfies of one or more predefined conditions of the physical object, and storing the determination via a blockchain database.

Abstract: A flexible access control for a plurality of terminal apparatuses in a physically-secured area is realized. An information processing apparatus includes a first acquisition unit configured to acquire a result of authentication performed when a specific user enters a target work room, a second acquisition unit configured to acquire a monitoring result obtained by periodically monitoring a staying state of the specific user in a work area including a target work terminal in the target work room, and an access control unit configured to permit access to the target work terminal when a first condition is satisfied, the first condition being a condition that the monitoring result indicates that the specific user stays in the work area after he/she is permitted to enter the target work room based on the authentication result.

Abstract: A building security system for a building includes one or more memory devices configured to store instructions. The instructions, when executed on one or more processors, cause the one or more processors to receive an access policy data structure for a building device, the access policy data structure indicating access policies for interactions of one or more other building devices with the building device, wherein the access policy data structure identifies the one or more other building devices with one or more building model queries, generate a dynamic access policy data structure for the building device by resolving the one or more building model queries with a building model to identify the one or more other building devices, wherein the dynamic access policy data structure comprises the access policies, and implement the access policies of the dynamic access policy data structure based on the one or more other building devices.

Abstract: A method and data processing system for making a machine learning model more resistant to adversarial examples are provided. In the method, an input for a machine learning model is provided. A randomly generated mask is added to the input to produce a modified input. The modified input is provided to the machine learning model. The randomly generated mask negates the effect of a perturbation added to the input for causing the input to be an adversarial example. The method may be implemented using the data processing system.

Abstract: A system is configured for assessing information security in a network. The system identifies portions of documents that contain information that is responsive to questions about an entity's compliance with network user requirements. The system then determines whether the identified information meets network user requirements. The system also calculates a confidence interval for its determinations. A report is generated to display the system's determinations and the associated confidence intervals for those determinations.

Abstract: An Internet of Things (IoT) protection service at the network level is described. A secure session is established between an edge server and an IoT client that is requesting to send data to an IoT device. The edge server receives the request from the IoT client over the secure session instead of the IoT device directly because a Domain Name System (DNS) request for a unique fully qualified domain name assigned to the IoT device returns an IP address of the edge server instead of an IP address of the IoT device. The edge server analyzes the request to determine whether to transmit the request to the IoT device, including applying web application firewall rule(s) against the request. If the request does not trigger any rule, then the edge server transmits the request to the IoT device. If the request triggers any rule, then the edge server blocks the request.

Abstract: Provided are a computer program product, system, and method for determining key server type and key server redundancy information to enable encryption. A first key server type for a first protocol is indicated in a key server type field in response to determining a current protocol used to communicate with the key server comprises the first protocol. A query information request is submitted to the key server to determine a key server type in response to determining that the current protocol comprises the second protocol. The second key server type indicated in the response to the query information request is indicated in the key server type field in response to the response indicating the second key server type. The first or second type of key server indicated in the key server type field is used to determine information to include in a key retrieval request.

Abstract: Various embodiments of the present technology can include systems, methods, and non-transitory computer readable media configured to receive information about a plurality of regions contained within a hierarchy of a computer network environment, wherein the plurality of regions are assigned respective prime numbers. A first prime number assigned to a first region of the plurality of regions is determined. A second prime number assigned to a second region of the plurality of regions, wherein the second prime number is different from the first prime number is determined. A nearest common region in the hierarchy that includes the first region and the second region based on the respective prime numbers is identified. A security policy associated with the nearest common region is determined.

Abstract: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.

Abstract: Embodiments disclosed herein are related to computing systems and methods for localizing how a user will receive and view received DID-related data. The computing system and methods are implemented in the decentralized network that implements a distributed ledger that backs one or more decentralized identities (DID) for one or more users of the computing system. Various sets of rule are accessed. The sets of rules specify how a DID owner will receive and view DID-related data received from a third party entity. The sets of rules are applied to the DID-related data received from the third party entity. The received DID-related data is modified such that the received DID-related data conforms to the one or more sets of rules. The modified DID-related data is provided to the DID owner so that the DID owner is able to view the modified DID-related data according to the applied sets of rules.

Abstract: A system for information interaction includes: an electronic tag configured to present a two-dimensional code; a binding relationship existing between a first terminal and the two-dimensional code; a second terminal configured to: scan the two-dimensional code, generate login request information, send the login request information to the information interaction platform, the login request information including identifier information of the second terminal; receive content presentation information corresponding to the two-dimensional code returned by the information interaction platform, according to the identifier information, and perform information interaction with the first terminal according to a communication manner selected from the content presentation information; and an information interaction platform configured to receive the login request information, authorize and authenticate the second terminal according to the identifier information, and send the content presentation information to the second