Abstract: Techniques for reduction and acceleration of a deterministic finite automaton (DFA) are disclosed. In some embodiments, a system, process, and/or computer program product for reduction and acceleration of a DFA includes receiving an input value; performing a reduced deterministic finite automaton lookup using a lookup key, wherein the lookup key comprises a current state and the input value; and determining a next state based on the lookup key.

Abstract: Atomically modifying a personal security device includes presenting the personal security device to a reader/writer coupled to an access module, the access module determining if the personal security device includes a factory security mechanism, and, if the personal security device includes a factory security mechanism, using the reader/writer and the access module to replace the factory security mechanism with another security mechanism. The access module may authenticate the personal security device in connection with replacing the factory security mechanism. Authenticating the personal security device may grant access to a user through a door controlled by the access module. Replacing the factory security mechanism may include replacing an application on the personal security device. An ISO/IEC 7816-13 application management request command may be used to replace the application.

Abstract: The disclosure describes approaches for protecting a circuit design for a programmable integrated circuit (IC). A black key is generated from an input red key by a registration circuit implemented on the programmable IC, and the black key is stored in a memory circuit external to the programmable IC. The programmable IC is configured to implement a pre-configuration circuit, which inputs the black key from the memory circuit and generates the red key from the black key. A ciphertext circuit design is decrypted into a plaintext circuit design by the programmable IC using the red key, and the red key is erased from the programmable IC. The programmable IC is reconfigured with the plaintext circuit design.

Abstract: Data on agricultural machines can be outputted to mobile terminals easily and properly. A data collection device is provided separately from a control device that controls the operation of an agricultural machine and is connected to a vehicle communication network installed in the agricultural machine, and is removably connected to the vehicle communication network. The data collection device includes a data collection unit for collecting agricultural machine data outputted to the vehicle communication network, an authorization determination unit for implementing authentication with a mobile terminal to determine whether or not the collected data is transmitted to the mobile terminal by wireless communication, and a data communication unit for transmitting data to the mobile terminal by wireless communication when the authorization determination unit authorizes data transmission.

Abstract: Methods, systems, and computer readable media for rapid filtering of opaque data traffic are disclosed. According to one method, the method includes receiving a packet containing a payload. The method also includes analyzing a portion of the payload for determining whether the packet contains compressed or encrypted data. The method further includes performing, if the packet contains compressed or encrypted data, at least one of sending the packet to an opaque traffic analysis engine for analysis, discarding the packet, logging the packet, or marking the packet.

Abstract: A system for maintaining and hosting an AMI command and control application is disclosed. The system includes an AMI command and control application module in a network compartment for measuring energy usage from customer meters, managing an AMI network, and executing connect/disconnect orders; and a plurality of firewalls to provide a security perimeter to the AMI command and control application module when the module is accessed by a vendor network or a utility network. The AMI command and control application module includes a VPN concentrator and a 6in4 router to provide a security perimeter between the AMI command and control application module and the AMI network.

Abstract: Methods and apparatus for validating a system include reading protected record data for a section of the system from a secure storage element, and verifying integrity of the section of the system using the record data. The secure storage element independently verifies that all record data and data to be written to the system is valid.

Abstract: The present disclosure provides a description of a computer implemented method and system for protecting a software program from attack during runtime. The system comprises a plurality of software blocks for providing desired functions during execution of a software program and a trusted address server having a table for mapping predetermined source tokens to destination tokens. The trusted address server couples each of the plurality of software blocks for receipt of predetermined source tokens from any one of the plurality of software blocks, while returning a mapped destination token from the predetermined destination tokens to said any one of the plurality of software blocks in dependence upon the table for mapping predetermined source tokens to destination tokens.

Abstract: Systems, methods, apparatus, and articles of manufacture to facilitate configuration and naming of a multimedia playback device on a local playback network are disclosed. An example method includes identifying and analyzing local network topology to identify playback device(s) connected to the network at location(s). The example method includes analyzing a playback device to be added and comparing the playback device to be added to the playback device(s) already connected to the network. The example method includes displaying available option(s) to name the playback device to be added based on the analysis of the network, the already connected playback device(s) and the playback device to be added to the network. The example method includes naming the playback device to be added based on a selected available option.

Abstract: A system can include an interface that receives a URL that includes information; circuitry that processes at least a portion of the information for entity information and Internet merchant information; circuitry that accesses database entries in an entity field and in an affiliate program criterion field; circuitry that associates the URL with an entity field database entry based at least in part on the entity information; circuitry that includes selection logic that selects at least one affiliate program from a plurality of affiliate programs based at least in part on an affiliate program criterion field entry associated with the entity field database entry; and circuitry that formulates a redirection URL based at least in part on the Internet merchant information wherein the redirection URL comprises affiliate program information for the at least one selected affiliate program. Various other apparatuses, systems, methods, etc., are also disclosed.

Abstract: Methods, systems and storage media are disclosed for enhanced system boot processing that authenticates boot code based on biometric information of the user before loading the boot code to system memory. For at least some embodiments, the biometric authentication augments authentication of boot code based on a unique platform identifier. The enhanced boot code authentication occurs before loading of the operating system, and may be performed during a Unified Extensible Firmware Interface (UEFI) boot sequence. Other embodiments are described and claimed.

Abstract: A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.

Abstract: Techniques for leveraging social information, including a social graph, to identify content likely to be of interest to a user are described. With some embodiments, a content enhancement server receives a request for web-based content that is to be presented with a web page that is being presented at a client computing device. The server will then identify some web-based content that is relevant to a topic or subject matter of the web page, and also popular as determined by analyzing some social information, including in some instances information relating to asocial graph of the viewing user, that is associated with the web-based content. Finally, some items of web-based content are selected, based on a combination of the content's relevance and popularity as indicated by the analysis of the social information. The selected web content is then communicated to the client computing device for presentation with the web page.

Abstract: Techniques are disclosed for identifying roles with similar membership and/or entitlement information in an identity management system of an enterprise. A role defined in an identity management system may be associated with membership information and entitlement information. The membership information may identify one or more members who has been assigned the role. The entitlement information may determine how members of the role can interact with a target system within the enterprise. The entitlement information may include a list of actions that members of the role can perform on the target system. Embodiments allow for identifying roles that have similar membership and/or entitlement information. If an existing role already gives similar entitlement(s) to similar member(s), the role may be prevented from being created. Thus, embodiments prevent creating and maintaining redundant roles.

Abstract: A computer implemented system and method for lightweight authentication on datagram transport for internet of things provides a robust authentication scheme based on challenge-response type of exchanges between two endpoints sharing a pre-shared secret. A symmetric key-based security mechanism is utilized in the present disclosure where key management is integrated with authentication. It provides mutual authentication wherein the end-points in the system are provisioned with a pre-shared secret during a provisioning phase and a client database is provided at the server side for client identification. The system comprises random number generators for generation of nonces, and key generators to generate secret key and session key. The nonces and keys are valid only during the session and thus help in providing secure authentication across sessions.

Abstract: A method includes a storage unit receiving a respective write request of a first set of write requests, wherein the first set of write requests functions as a write lock request. The method further includes the storage unit determining whether the storage unit has writing of the data object currently locked. The method further includes the storage unit sending a write lock response regarding the data object. The method further includes the storage unit, when a number of write lock responses indicate a write lock of the data object for the computing device and the number is equal to or exceeds a write lock response threshold, receive respective write requests from each set of a plurality of sets of write requests, wherein the plurality of sets of write requests includes write requests for remaining sets of encoded data slices of the plurality of sets of encoded data slices.

Abstract: This disclosure describes systems, methods, and computer-readable media related to testing tools for devices. In some embodiments, a plurality of public keys may be received from a server via a secured network connection where each of the plurality of keys corresponds to a respective private key associated with an access point. A time-of-flight (ToF) measurement protocol may be initiated with one or more access points. Data generated by ToF measurement protocol with the one or more access points may be received. In some embodiments, the one or more access points may be authenticated based at least in part on the plurality of public keys. A location of a user device may be determined based at least in part on the received data.

Abstract: A digital rights management (DRM) including a transfer of a rights object (RO) to a second user in consideration of requirements of a movement of a rights object of a first user (a terminal, an equipment), charge, etc., by providing a post browsing session when the rights object occupied by the first user is transferred to a second user via a server.

Abstract: Methods and apparatus for validating a system include reading protected record data for a section of the system from a secure storage element, and verifying integrity of the section of the system using the record data. The secure storage element independently verifies that all record data and data to be written to the system is valid.

Abstract: A method for providing object policy management. The method includes accessing a distributed computer system having a plurality of nodes, and initiating a new object policy object backup protection for a new object. The method further includes processing a list of object attributes available for the new object policy, and processing the list to generate an object management policy. The new object is then processed in accordance with the object management policy.