Abstract: A device is described that includes a first microprocessor configured for interfacing with a digital access control backend, and a second microprocessor configured for dedicated communications with an access control manager device backend. The first microprocessor is a master device that controls the operation of the second microprocessor as a secondary device. The proposed device is configured for operation of the first microprocessor and the second microprocessor at low clock speeds and to maintain a hash segregation between locally received data sets and data sets transmitted to an external authentication system.

Abstract: Confirming user consent includes prompting the user to tap a card a card reader or a computing device and confirming consent in response to the user taping the card. The user may be prompted for a response in a plurality of possible responses and only a particular one of the possible responses may require taping the card. The user may consent to installation of software on the computing device. The user may be logged in to the computing device. A login ID for the user may be cached and/or may be accessed in connection with the user tapping the card. Confirming user consent may also include obtaining a pairing code for accessing the card and confirming consent in response to the user taping the card and the pairing code allowing access to the card. The pairing code may be cached in the card reader or the computing device.

Abstract: A method of providing cyber security to an industrial control system is described. The method includes detecting an anomaly and recording and reporting the detected anomaly to a control system within a network associated with the industrial control system.

Abstract: Some embodiments provide a method, executable by a network device, that receives a first set of commands instructing the network device to allow network traffic to egress out of an authentication port of the network device. The authentication port is configured to belong to a first virtual local area network (VLAN). An unauthenticated device is connected to the authentication port. The method further receives a second set of commands instructing the network device to add ports belonging to the first VLAN to a broadcast domain of a second VLAN. The method also broadcasts an address request to the broadcast domain of the second VLAN. The method further receives, from the unauthenticated device, a response to the address request.

Abstract: The disclosed technology is generally directed to secure transactions. In one example of the technology, an enclave is used for executing a cryptlet binary of a first cryptlet. The enclave is a secure execution environment for which results of a secure execution are capable of being attested to have run unaltered and in private, the enclave stores an enclave private key, and the first cryptlet is associated with at least a first counterparty. A cryptlet binding that is associated with the first cryptlet is generated. The cryptlet binding includes counterparty information that is associated with at least the first counterparty. Cryptlet binding information is provided to a cryptlet binding key graph. A location of a hardware security module (HSM) that stores a key that is associated with the first counterparty is received from the cryptlet binding key graph.

Abstract: A mobile device is disclosed.

Abstract: One embodiment of the present invention provides an enhanced authentication system. During operation, the system can obtain, from a remote device of a client, an authentication request prior to the exchange of application layer web traffic associated with a piece of resource protected by the system. The system can then determine, in the authentication request, an indicator indicating whether certificate-based authentication is enforced for the client. If certificate-based authentication is enforced for the client, the system can initiate certificate-based authentication for the client. On the other hand, if certificate-based authentication is not enforced for the client, the system can send information associated with a user interface to the client. The user interface can allow the client to select an authentication method from a set of authentication methods supported by the system.

Abstract: Systems, methods, and computer-readable media for shared electronic documents are disclosed. The systems and methods may involve enabling access to an electronic word processing document including blocks of text, wherein each block of text has an associated address; accessing at least one data structure containing block-based permissions for each block of text, and wherein the permissions include at least one permission to view an associated block of text; receiving from an entity a request to access the electronic word processing document; performing a lookup in the at least one data structure to determine that the entity lacks permission to view at least one specific block within the electronic word processing document; and causing to be rendered on a display associated with the entity, the electronic word processing document with the at least one specific block omitted from the display.

Abstract: A method for connecting an end device to a linkable computer infrastructure is provided. A device certificate is created and supplied to a user of the end device. The device certificate is input into the end device. A data link from the end device to an access zone connected upstream of functions of the linkable computer infrastructure is produced. The access zone may be selectively separated from the functions of the linkable computer infrastructure by this link. The end device is registered in the access zone using the device certificate. By access of a function from the linkable computer infrastructure to the end device registered in the access zone, this end device is identified for the linkable computer infrastructure. With successful identification of the end device, use of the linkable computer infrastructure is enabled for the end device.

Abstract: This specification provides a message transmission methods and apparatuses. One method includes: receiving a digital certificate sent by each blockchain node of a plurality of blockchain nodes in a blockchain relay communication network, wherein the digital certificate comprises identity information of each blockchain node of the plurality of blockchain nodes and a network identifier of a blockchain network of the blockchain relay communication network that comprises a corresponding blockchain node of the plurality of blockchain nodes; verifying that a digital signature of the digital certificate is authentic based on a public key of a certification authority (CA) issuing the digital certificate; and recording a mapping relationship between the identity information of each blockchain node of the plurality of blockchain nodes and the network identifier.

Abstract: A system for data processing, comprising a plurality of data processing systems, each associated with a user and having an anchor certificate, a proxy system operating on a processor and configured to determine whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration and a certificate expiration monitor operating on the processor and configured to generate a certificate signing request in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration.

Abstract: Methods and systems for connecting client devices to anonymous sessions via helpers are described herein. One or more anonymous sessions may be generated on one or more target machines. Configuration information for generating an anonymous session may be used to initiate generation of the anonymous session on a target machine. A helper process may be created and associated with the anonymous session. A request to start a virtual application or desktop may be received from a client device, and the client device may be connected to the anonymous session on the target machine. The helper associated with the anonymous session may retrieve credentials associated with a user of the client device and/or may use the credentials associated with the user to start the virtual application or desktop on the target machine as the user.

Abstract: The invention relates to systems and methods that implement an interactive contractor dashboard. An embodiment of the present invention is directed to aggregating contingent labor data (firm-wide and globally) into a single consolidated infrastructure from multiple data feeds and systems. Once the data is aggregated, an embodiment of the present invention may apply entitlements, reduce the dataset accordingly and dynamically provide a customized interactive interface where the user may generate reports and access analytics for one or more contractors associated with the user.

Abstract: Embodiments of an application gateway architecture may include an application gateway server computer communicatively connected to backend systems and client devices operating on different platforms. The application gateway server computer may include application programming interfaces and services configured for communicating with the backend systems and managed containers operating on the client devices. The application gateway server computer may provide applications that can be centrally managed and may extend the capabilities of the client devices, including the ability to authenticate across backend systems. A managed container may include a managed cache and may provide a secure shell for applications received from the application gateway server computer. The managed container may store the applications in the managed cache and control access to the managed cache according to rules propagated from at least one of the backend systems via the application gateway server computer.

Abstract: A system for cryptographic authorization of wireless communications includes a verifying node and configured to receive a transfer request from a user device, authenticate the transfer request, generate a transfer authorization token, and provide the transfer authorization token to at least one recipient device.

Abstract: Embodiments are described for a method and system of applying data protection software mechanisms to network equipment devices to auto-discover the networking equipment, save changes from memory (TCAM) to local storage, backup changes to protection storage, provide auditing and tracking history of changes, and provide the ability to deploy test/development copies of changes using software defined networking techniques.

Abstract: Embodiments herein describe using visual passwords to control access to secure information. When a user attempts to access the secure information, she can provide her username to an authentication agent which identifies the visual password corresponding to the received username and selects a first set of images that contains the visual password and a second set of images that does not. The first and second sets of images are then transmitted to a user device. The user device can display the first and second sets of images to the user who selects which images have the visual password. An indication of which images the user selected is then transmitted to the authentication engine which determines whether the user selected all the images in the first set and none of the images in the second set. If so, the user is granted access to the secure information.

Abstract: A cybersecurity infrastructure command validation system is provided herein for validating asset commands issued within an infrastructure network. The cybersecurity infrastructure command validation system can be integrated into an infrastructure network to monitor and validate infrastructure asset commands in real-time or while the infrastructure network is active. The cybersecurity infrastructure command validation system can receive or intercept commands issued by asset controllers. The cybersecurity infrastructure command validation system can validate the commands based on a command validation model. The command validation model can represent normal operating behavior of the infrastructure network. The cybersecurity infrastructure command validation system can provide valid commands to the intended infrastructure asset, or can reject invalid commands. The cybersecurity infrastructure command validation system can store validation results for use in updating the command validation model.

Abstract: A method, system and computer-usable medium are disclosed for operating an endpoint court at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint core at an endpoint device, the method including: receiving an event subscription request from an endpoint agent over a message bus; and managing communication of events for processing by the endpoint agent based on the event subscription request so that events to which the endpoint agent has subscribed are selectively processed at the endpoint agent. Certain embodiments may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.