Abstract: Techniques for reduction and acceleration of a deterministic finite automaton (DFA) are disclosed. In some embodiments, a system, process, and/or computer program product for reduction and acceleration of a DFA includes receiving an input value; performing a reduced deterministic finite automaton lookup using a lookup key, wherein the lookup key comprises a current state and the input value; and determining a next state based on the lookup key.

Abstract: A system can include a processor; memory operatively coupled to the processor; an input; an output; and one or more modules stored in the memory that include instructions executable by the processor to instruct the system to receive information, via the input, that includes information associated with a target; parse the information; access a profile; and build a link based at least in part on the information and at least in part on the profile.

Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

Abstract: A method and a device for device network configuration and registration are disclosed. The method includes: a first device receives a first network configuration parameter from a second device, where the first network configuration parameter includes a local area network identifier of a local area network, an access password of the local area network, and a device identifier, a security parameter, or an access token of the second device. The first device requests to access a server by using the first network configuration parameter. The server assigns a device parameter to the first device, where the device parameter includes a device identifier, a security parameter, and an access token of the first device. The first device requests to access the server by using the device parameter. This method can simplify a network configuration and registration process of a smart device, and implement fast network configuration and registration.

Abstract: Systems and methods for integrated communication security are described. One aspect includes a clock generator configured to generate a clock signal at a first frequency, and a circuit utilizing the clock signal. The circuit may include a port configured to receive an encryption sequence at the first frequency, and a first unidirectional data path between the port and a memory configured to permit data transfer from the port to the memory. The memory may be configured to access the encryption sequence from the port via the first unidirectional data path and store the data. The circuit may further include a clock divider configured to divide the first frequency by a divisor deriving another clock signal at a second frequency, and an encryption/decryption module configured to read a portion of the encryption sequence from the memory, process input using the portion of the encryption sequence, and generate output responsive to the processing.

Abstract: An information obtaining method and an apparatus are disclosed. The method includes: sending a first initial NAS message including a non-cleartext information element protected using a first root key from a terminal to a source mobility management network element; receiving a second root key and first indication information from the source mobility management network element, where the first indication information indicates that the second root key is an updated key; sending second indication information and third indication information to the terminal based on the first indication information, where the second indication information indicates the terminal to update the first root key stored by the terminal to obtain the second root key, and the third indication information indicates the terminal to resend the initial NAS message; and receiving a second initial NAS message including the non-cleartext information element protected using the second root key from the terminal.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that provide for an improved, more efficient, and more stable system of networked computing devices. The embodiments disclose an apparatus and system that enable client devices to selectively grant to third party applications permissions to access group-based communication objects of a group-based communication system. The apparatus and system further enable client devices to selectively grant to third party applications permissions to take specific actions with regards to the group-based communication objects within the system. To accomplish the improvements, the disclosed systems, apparatuses, and computing devices maintain a record of the permissions granted to third party applications in a permissions table stored in a computer storage device.

Abstract: Systems and methods for permitting software presence/configurations to function as a factor in a multi-factor authentication scheme so that a user's access to a different software program/application is conditioned on the presence of certain pre-specified software or software configurations that would otherwise not be necessary for access and/or operation of the different software program/application. Generally, by confirming the presence/configuration of the pre-specified software on a computing device, the system ensures that a user, in one embodiment, may only access the different software program/application with the proper configuration of the pre-specified software.

Abstract: Methods, apparatuses, and computer program products are disclosed for providing verified application access. An example method includes an access request for a first user device associated with a first user profile and determining an application associated with the access request. The example method further includes generating an evaluation element that includes testable content associated with the determined application and determining of the evaluation element by the first user device. In response to completion of the evaluation element by the first user device, the method includes providing access to the application for the first user device. The method also may include modifying the testable content of the evaluation element based upon one or more user parameters of the first user profile received from a user parameter database.

Abstract: The invention relates to concealing information within error correction codes of adaptive rate wireless communication systems. In some embodiments, the invention includes selecting a modulation and coding scheme with a more robust error correction capacity than needed by current channel conditions; encoding a hidden message with a pre-shared key that is known by a covert transmitter and a covert receiver, and after a standard message is encoded by a transmitting station of the wireless communication systems, replacing codeword parity bits of codewords in the encoded standard message with the encoded hidden message at designated locations. Before a receiving station of the wireless communication systems decodes the encoded standard message, a covert receiver extracts the embedded hidden message from the encoded standard message, replaces bit values of the embedded hidden message with zero at the designated locations, and decodes the extracted hidden message with the pre-shared key.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to improve feature engineering efficiency. An example method disclosed herein includes retrieving a log file in a first file format, the log file containing feature occurrence data, generating a first unit operation based on the first file format to extract the feature occurrence data from the log file to a string, the first unit operation associated with a first metadata tag, generating second unit operations to identify respective features from the feature occurrence data, the second unit operations associated with respective second metadata tags, and generating a first sequence of the first metadata tag and the second metadata tags to create a first vector output file of the feature occurrence data.

Abstract: A method and apparatus for a first IAB node for securely communicating with at least one second IAB node is provided. A secure connection with a node of a network is established. A message is received, from the node, indicating a secure messaging protocol to use to communicate with the at least one second IAB node, the message including one of at least one nonce or a key. A control message to be sent to the at least one second IAB node is transformed into a secure control message using the secure messaging protocol. The secure control message is transmitted to the at least one second IAB node.

Abstract: Enforcing memory operand types using protection keys is generally described herein. A processor system to provide sandbox execution support for protection key rights attacks includes a processor core to execute a task associated with an untrusted application and execute the task using a designated page of a memory; and a memory management unit to designate the page of the memory to support execution of the untrusted application.

Abstract: Physical Unclonable Functions, PUFs, are hardware devices designed to generate a number that is random (i.e., two identical PUFs should produce randomly different numbers from each other) and persistent (i.e., a PUF should consistently generate the same number over time). Over time, aspects of the PUF hardware may change or drift, which may ultimately cause the generated number to change, and therefore no longer be persistent. Failure to generate a persistent number may cause difficulties for other devices that rely on the persistence of the number generated by the PUF, for example as part of a cryptographic process. The present disclosure relates to monitoring over time the physical characteristics of the PUF that are used to generate its number, and thereby keep track of its reliability to generate a random number that is persistent.

Abstract: A client access network includes a cluster of servers. The cluster of servers includes a boot node, an administrator node, a computing node, and a storage node. The client access network further includes a plurality of segregated subnetworks. The plurality of segregated subnetworks includes a boot subnetwork, an administration subnetwork, a public subnetwork, and a private subnetwork. The client access network further includes at least one hardware security module, a dedicated subnet in operable communication with the at least one hardware security module and each of the plurality of segregated subnetworks, and a router in operable communication with the at least one hardware security module and each of the cluster of servers. The router is further configured to route traffic among the plurality of segregated subnetworks and the dedicated subnet.

Abstract: Aspects of the disclosure include an escalated authentication system based on user behavior patterns. A user's behavior pattern on a device is collected and/or learned. The collected or learned pattern can be compared to subsequent behavior patterns to determine whether the current user is genuine or suspicious. Users deemed suspicious are subject to increased authentication requirements, often on-the-fly.

Abstract: A recognition method, for recognizing biological characteristic, includes the following: providing a database, wherein the database comprises a plurality of set biological characteristics and a plurality of function relationship between one of the set biological characteristics and a function; capturing, by an electronic device, a to-be-recognized biological characteristic of a user; comparing, by the first electronic device, the to-be-recognized biological characteristic with the set biological characteristics in the database; determining, by the electronic device, whether the to-be-recognized biological characteristic matches a matched one of the set biological characteristics; and when the to-be-recognized biological characteristic matches the matched one of the set biological characteristics, performing, by the electronic device or another electronic device, the function.

Abstract: Described systems and methods allow protecting multiple wireless Internet-of-things (IoT) devices against impersonation attacks. In some embodiments, a security appliance detects an availability notification (e.g., a Bluetooth® Low Energy advertisement) emitted as part of a protocol of establishing a wireless connection between two devices. The security appliance may then determine whether the detected notification fits a baseline notification pattern of the apparent sender. When no, the security appliance may attack the sender device by replying to the respective availability notification and initiating a handshake.

Abstract: Various methods, apparatuses/systems, and media for automating a process of receiving documentation are provided. A first computing device initiates an electronic communication process to request documentation from a second computing device utilized by a user. A processor receives identification information of the user for generating a unique barcode to be provided with the requested documentation in response to the initiation of the electronic communication. One or more processors generate the unique barcode based on the received identification information of the user; create an application programming interface (API) link for the generated barcode; transmit the electronic communication with the API link attached therein to the second computing device; and automatically obtain the unique barcode upon receiving an input to open the API link from the second computing device, the unique barcode to be attached as a cover sheet with the requested documentation for scanning by a multi-functional device.

Abstract: An example operation may include one or more of receiving a location of an output stored on a data structure of a blockchain, where the location comprises a path of hashes generated by a reduced-step hash instead of a full-step hash of the blockchain, performing an approximate hash verification on the path of hashes based on the reduced-step hash values to verify whether the output is unused, and in response to a determination that the output is unused as a result of the approximate hash verification, approving a use of the output by a client associated with the output.