Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

Abstract: The messages established on a communication path between two nodes are increasingly encrypted. However, the devices present on the communication path may intervene to transport the messages and to read, edit or add data in the messages. It may also be desirable that only “authorized” devices can carry out these actions. In order to intervene on these data, it would be necessary that the devices on the communication path have available all the keys used by the nodes to encrypt and decrypt the data of the messages, which is difficult to envisage. A modification method enables a device, capable of intercepting a data message on a communication path between two nodes, to edit the data under the control of the nodes, while ensuring that a device cannot access the data edited by another device on the path.

Abstract: Embodiments herein include an intelligent electronic device (IED) by employing a multi-factor authentication process. In some embodiments, to change the access level of the IED, the user may use the password and additional inputs such as an off-site operator sending a command, or the user engaging a push button or switch local to the IED.

Abstract: Techniques for compiling firewall rules into byte code or assembly code that can be loaded into cache memory of a processor and executed to evaluate received data packets. Rather than representing firewall rules in mid- or high-level languages stored in main memory, the techniques described herein include compiling the firewall rules into bytecode or assembly code, and distributing the code to the data plane. A packet-processing device may load the code representing the firewall rules into instruction cache of the processor. Further, the packet-processing device receives a data packet and extracts packet context data indicating attributes of the packet, and load the packet context data into a data cache of the processor. The processor can then execute the byte code or assembly code representing the firewall rules to evaluate the packet context data without having to access main memory to determine whether allow or block the data packet.

Abstract: A risk analysis system configures the decision engine to detect anomalous online activities by analyzing usage patterns associated with one or more user accounts across multiple frequencies. The risk analysis system obtains transaction log data representing transactions associated with one or more accounts, and extracts data from the transaction log data to generate time-series data along a time dimension. The time-series data may represent usage characteristics of one or more user accounts over a period of time. The risk analysis system derives pattern data representing usage patterns across multiple different frequencies based on the time-series data. The risk analysis system then configures the decision engine to detect anomalous account activities based on the derived pattern data.

Abstract: An out-of-order and speculative execution microprocessor that mitigates side channel attacks includes a cache memory and fill request generation logic that generates a request to fill the cache memory with a cache line implicated by a memory address that misses in the cache memory. At least one execution pipeline receives first and second load operations, detects a condition in which the first load generates a need for an architectural exception, the second load misses in the cache memory, and the second load is newer in program order than the first load, and prevents state of the cache memory from being affected by the miss of the second load by inhibiting the fill request generation logic from generating a fill request for the second load or by canceling the fill request for the second load if the fill request generation logic has already generated the fill request for the second load.

Abstract: An information processing method is executed by a processor of an apparatus, and includes a step of generating a public key of the apparatus based on a private key of the apparatus (S2), a step of generating a hash value based on the public key and a predetermined hash function (S3), and a step of determining an IP address of the apparatus based on the hash value (S6).

Abstract: The attack vectors for some denial-of-service cyber attacks on the Internet's Domain Name System (DNS) are bad, bogus, or unregistered domain name DNS requests to resolve domain names that are not registered in the DNS. Some other cyber attacks steal sensitive data by encoding the data in bogus domain names, or domain names otherwise not registered in the DNS, that are transferred across networks in bogus DNS requests. A DNS gatekeeper may filter in-transit packets containing DNS requests and may efficiently determine if a request's domain name is registered in the DNS. When the domain name is not registered in the DNS, the DNS gatekeeper may take one of a plurality of protective actions. The DNS gatekeeper drops requests determined not to be legitimate, which may prevent an attack.

Abstract: Embodiments relate to a method for secure domain name system, DNS, queries. The method is performed in a DNS client, and the method includes obtaining an encryption key and internet protocol, IP, address for a final DNS resolver, creating a session key, encrypting a DNS query and the created session key with the obtained encryption key, and sending a DNS message containing the encrypted DNS query and the created session key to an intermediate DNS resolver, different from the final DNS resolver, together with the obtained IP address for the final DNS resolver. Methods, nodes, computer programs, and a computer program product for secure DNS queries are also presented.

Abstract: A method involves receiving authentication module configuration data at a user device from a remote management platform. User credentials are received at the authentication module of the user device using a graphical user interface. The user credentials are transmitted to a remote identity provider service. Upon receiving a response indicating that the user credentials are authenticated by the remote identity provider service, the user credentials are transmitted to an operating system authentication module at the user device. Upon receiving a response indicating that the user credentials are not authenticated by the operating system authentication module, previously-stored user credentials are retrieved from an encrypted credential database at the user device. The user credentials are stored at an operating system credential database using the previously-stored user credentials. The user credentials are retransmitted to the operating system authentication module to authenticate the user at the user device.

Abstract: Working from home is becoming more and more commonplace. Ensuring that remote workers are following prescribed data protection measures becomes more important, and challenging. Safe and Secure Remote Working Environment (SSRWE) monitors an environment and determines if a non-compliant element is present. For example, a condition of working from home may be that no notetaking or electronic devices, especially ones comprising a camera, be visible to a system camera capturing the field of view in front of a display. If a non-compliant situation is discovered, the display may be redacted and/or other action taken to protect sensitive information.

Abstract: A microprocessor that mitigates side channel attacks includes a front end that processes instructions in program order and a back end that performs speculative execution of instructions out of program order in a superscalar fashion. Producing execution units produce architectural register results during execution of instructions. Consuming execution units consume the produced architectural register results during execution of instructions. The producing and consuming execution units may be the same or different execution units. Control logic detects that, during execution by a producing execution unit, an architectural register result producing instruction causes a need for an architectural exception and consequent flush of all instructions younger in program order than the producing instruction and prevents all instructions within the back end that are dependent upon the producing instruction from consuming the architectural register result produced by the producing instruction.

Abstract: The present disclosure provides for enterprise security in intelligent electronic devices such as electric power meters. In accordance with the present disclosure, enterprise security is a security system in which each individual device, instead of configuring and storing security configurations locally, use a security server for security verifications. Such a security server of the present disclosure may be a dedicated computer on a network, that is used to manage the security configuration for all users. This makes it simpler for administrators to configure users and devices, which in turn improves security by encouraging security to be properly configured.

Abstract: A system and a method are disclosed for determining that a first electronic communication, received in a first private repository of a user, has been identified (e.g., flagged) as including a threat, and determining a probability that the first electronic communication includes the threat. In response to determining that the probability exceeds a threshold probability, the system monitors monitoring for a second electronic communication, received in a second private repository, that includes contents that match the contents of the first electronic communication.

Abstract: A device includes processing circuitry configured to receive node data including attributes from at least one computing device, organize the node data into one or more node groupings, wherein each node grouping includes nodes of the node data having one or more shared attributes, determine a node grouping processing scheme based on one or more transient event detection priorities, and detect, in response to executing the node grouping processing scheme for each of the one or more node groupings, one or more transient event occurrences within the one or more node groupings.

Abstract: The present disclosure discloses Industrial Internet of Things based on platform linkage, control method, and storage medium. By adopting different encryption methods for different image data, and without changing the overall architecture of the cloud computing Internet of Things, the safe penetration of sensitive data on the cloud computing platform is realized, which effectively improves the security of sensitive data. In addition, it does not require additional wiring, reducing the networking cost of the Internet of Things, which has high applicability.

Abstract: Computer systems and methods are provided for storing a first path profile. A computing device receives a first request to access a first location of a website, transmits the first request to a server, and receives a first cookie that includes identifying information for the first location. In response to receiving the first cookie, the device stores the identifying information. The device receives a second request to access a second location of the website that is distinct from the first location. The second request includes the identifying information for the first location. The device transmits the second request to the server and receives a second cookie that includes the identifying information for the first location and for the second location. In response to receiving the second cookie, the device stores the first path profile that includes the identifying information for the first location and the second location.

Abstract: A computing device includes a memory and a processor to provide a web application to be accessed by a client device, receive from a camera images of a person at the client device, and analyze the images to determine that security of the web application is being compromised by the person based on the images. The processor provides at least one action to be taken by the client device in response to analysis of the images. The at least one action is to modify access of the client device to the web application.

Abstract: An out-of-order and speculative execution microprocessor that mitigates side channel attacks includes a cache memory and fill request generation logic that generates a request to fill the cache memory with a cache line implicated by a memory address that misses in the cache memory. At least one execution pipeline receives first and second load operations, detects a condition in which the first load generates a need for an architectural exception, the second load misses in the cache memory, and the second load is newer in program order than the first load, and prevents state of the cache memory from being affected by the miss of the second load by inhibiting the fill request generation logic from generating a fill request for the second load or by canceling the fill request for the second load if the fill request generation logic has already generated the fill request for the second load.

Abstract: A superscalar out-of-order speculative execution microprocessor mitigates side channel attacks that attempt to exploit speculation windows within which instructions dependent in their execution upon a result of a load instruction may speculatively execute before being flushed because the load instruction raises an architectural exception. A load unit signals an abort request, among other potential abort requests, to control logic in response to detecting that a load instruction causes a need for an architectural exception. The control logic initiates an abort process as soon as the control logic determines that the abort request from the load unit is highest priority among any other concurrently received abort requests and determines a location of the exception-causing load instruction within the program order of outstanding instructions. To perform the abort process, the control logic flushes from the pipeline all instructions dependent upon a result of the exception-causing load instruction.