Abstract: Typically, clients request a service from a computer hosting multiple services by specifying a destination port number associated with the desired service. In embodiments, the functionality of such a host computer is enhanced by having it condition client access to services available at a particular port number based on client authentication and/or authorization. A host computer can change the service(s) available at a given port number on a client by client basis, enabling access to service(s) for trusted clients unavailable to untrusted clients. Preferably, client trust is based on client authentication via a certificate and a valid, signed transport layer security (TLS) handshake (or similar mechanism in other protocol contexts). In some embodiments, an authorization step can be added following authentication. The systems and methods disclosed herein find wide uses in bundling services on ports, as well as protecting access to services from untrusted and/or malicious clients, among others.

Abstract: A system and method for improving the security and reliability of industrial control system (ICS) and supervisory control and data acquisition (SCADA) communication networks utilized within power systems is provided. For power system intelligent electronic devices (IEDs) that comprise these networks, a number of settings are created and stored inside the device settings files that define the IED's communication parameters. Inspection of a settings and configuration file (SCF) allows the identification and extraction of the device's configured and therefore permissible communication characteristics. Using this extracted information, rulesets are generated and subsequently pushed to one or more network security devices, e.g. firewalls, managed switches, and intrusion detection/prevention systems. In such a manner, the described innovation is able to derive a perspective of the allowable system communication and issue rulesets and settings to network security devices (NSDs).

Abstract: Disclosed are systems, apparatuses and techniques for replicating data between different cloud computing platforms. Examples include storage replicator components operable in different cloud computing platforms. The first storage replicator component may identify the second cloud computing platform as a location to copy a data file in response to an event related to the data file stored in a first cloud computing platform. The first storage replicator component may request a copy of the data file via an application programming interface of the first cloud computing platform. The attributes of the copy of the data file which involve modification to conform to data management conventions of the second cloud computing platform may be determined and modified to comply with conventions of the second cloud computing platform. The modified copy of the data file may be forwarded to the second cloud computing platform for storage.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a frame type, and including an indication of the frame type in a header of the message. The message is then sent to a recipient and the frame type used to perform a policy check.

Abstract: Apparatuses, methods and storage medium associated with same hand user authentication are disclosed herein. In embodiments, an apparatus, wearable on a user's wrist, may include a user authentication module to authenticate and grant access to the user. To authenticate the user, the user authentication module may be configured to receive sensor data indicative of movements of one or more fingers over a virtual grid, analyze the sensor data to determine the movements, and authenticate and grant the user access or deny the user access to the apparatus based at least in part on a result of the analysis. The one or more fingers are fingers of a hand of the user that adjoins the wrist on which the apparatus is worn. In embodiments, the senor data may include sensor data collected by sensors configured to measure tendon/muscle positions of the wrist. Other embodiments may be disclosed or claimed.

Abstract: A method for operating an aggregator in a private stream aggregation (PSA) system has been developed. The method includes receiving a plurality of encrypted messages from a plurality of clients, each encrypted message corresponding to a vector in a learning with errors (LWE) public key, adding, the plurality of encrypted messages to generate an aggregate data set, extracting a summation of a plurality of error vectors in the plurality of encrypted messages from the aggregate data set, decrypting the summation of the encrypted data contained in the plurality of encrypted messages using a private key stored in the memory of the aggregator to generate a plaintext sum of noisy data generated by the plurality of clients, and generating, with the processor, an output of the plaintext sum of noisy data that preserves differential privacy of each client in the plurality of clients.

Abstract: Systems and methods for determining trust levels for components of a computing application using a blockchain. The system may include a development framework, a trust matrix, a trust level calculation module, a visual design subsystem, and a deployment subsystem, where trust levels are associated with components, combinations of components, graphs, and blueprints, where trust levels relate to categories of use.

Abstract: A mobile device including a biometric or passcode scanner, scanning a biometric or passcode of a user of the mobile device, a biometric or passcode validator, validating the biometric data or passcode, a connection controller logging in to a secure network, and an access requestor, submitting to a server computer via a connection over the secure network, an access request for secure data, access to which is controlled by the server, and prompting the user to enter a biometric or to enter a passcode, wherein the biometric or passcode scanner scans the biometric or passcode entered by the user, the biometric or passcode validator validates the scanned biometric or passcode, and contingent upon the validating being affirmative, the access requestor submits to the server over the secure network, a request that the server generate an authentication for the mobile device to access the secure data.

Abstract: Concepts and technologies of latency sensitive tactile network security interfaces are provided herein. In an embodiment, a method can include identifying, by a tactile network interface controller, encrypted command packets that are being sent as a data stream to a tactile application. The method can include obtaining a command sequence model based on the encrypted command packets being sent to the tactile application, and decrypting at least some of the encrypted command packets based on the command sequence model, where decrypting the encrypted command packets identifies non-sequential command instructions. The method can include determining, based on the command sequence model, that at least some of the non-sequential command instructions do not conform to the command sequence model, and dropping, by the tactile network interface controller, the non-sequential command instructions that do not conform to the command sequence model from the data stream.

Abstract: An apparatus comprises a plurality of conductive elements arranged within at least a first conductive layer and a dielectric layer comprising a plurality of microcapsules. The first conductive layer is arranged on a first side of the dielectric layer. The apparatus further comprises monitoring circuitry coupled with the plurality of conductive elements and configured to detect a change in an electrical parameter for at least a first conductive element of the plurality of conductive elements. The change in the electrical parameter indicates a physical intrusion of the dielectric layer that causes a rupture of one or more microcapsules of the plurality of microcapsules.

Abstract: Existing search methods/systems are often generic and sometimes offer no user specific information. Disclosed herein are methods and systems for providing personalized, interactive, and intelligent search information. In particular, intelligent analysis for better interpreting and understanding user input and interactive user feedback concerning both search query quality and search result quality are provided to improve search quality and user experience, especially for accurate and intelligent searches in an interactive system (e.g., in an AR system).

Abstract: A method of creating an application purpose certificate, comprising: receiving from a software publisher an application code and declared privacy information, the declared privacy information includes at least one allowed usage purpose for each of a plurality of data types; analyzing the application's usage of data of each of the plurality of data types; verifying the usage is compliant with the least one allowed usage purpose according to the analysis; creating an encrypted digital purpose certificate, the digital purpose certificate is unique for the application code; and sending the digital purpose certificate to the software publisher to be bundled with the application code and a publisher authentication certificate.

Abstract: The invention utilizes a two-component system to detect third party security threats and drive improved security threat mitigation based on the detection. The first component of the system is a security threat assessment engine, which receives and/or identifies external data and internal data regarding third parties in order to determine information security threats posed by third parties. The second component of the system is an analytics engine, which may comprise a machine learning component which is configured to detect threat patterns and anomalies. In response to the detection of the threat patterns and anomalies the security threat assessment engine may be modified in order to more accurately determine security threats.

Abstract: Methods and apparatus for secondary authentication in a network. A method performed by a user equipment (UE) comprises establishing a user plane (UP) session or connection with a UP function (UPF), receiving an extensible authentication protocol (EAP) based authentication request from the UPF and sending an EAP based authentication response to the UPF. A method performed by a user plane UP function (UPF) comprises establishing a UP session or connection to a user equipment (UE), sending an extensible authentication protocol (EAP) based authentication request to the UE, and receiving an EAP based authentication response from the UE.

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

Abstract: Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are separated by one or more physical networks. In some situations, the techniques may be used to provide a virtual network between multiple computing nodes that are separated by one or more intermediate physical networks, such as from the edge of the one or more intermediate physical networks by modifying communications that enter and/or leave the intermediate physical networks. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users (e.g., users of a program execution service). The managing of the communications may include determining whether communications sent to managed computing nodes are authorized, and providing the communications to the computing nodes only if they are determined to be authorized.

Abstract: A memory system includes a controller having a processor and one or more memory media, and a method of operating the memory system. A host generates honeypot files and the processor is configured to write the honeypot files onto the memory media at random locations. The controller monitors the locations of the randomly distributed honeypot files for access. The host may set a mode of operation concerning access of the honeypot files randomly distributed on the memory media. In a strict mode of operation, the controller may halt access to the memory media or require authentication if a single honeypot file is accessed. In a moderate mode of operation, the controller may analyze the memory media to determine if under attack if a single honeypot file is accessed. In a light mode of operation, the controller may not take any action until a predetermined number of honeypot files are accessed.

Abstract: The invention relates to the field of computer engineering and cryptography and, in particular, to methods for implementing linear transformations that operate with a specified speed and require minimum amount of memory, for further usage in devices for cryptographic protection of data. The technical result enables the selection of interrelated parameters (performance and required amount of memory) for a particular computing system when implementing a high-dimensional linear transformation. The use of the present method allows for a reduction of the amount of consumed memory at a given word size of processors employed. To this end, based on a specified linear transformation, a modified linear shift register of Galois-type or Fibonacci-type is generated according to the rules provided in the disclosed method, and the usage thereof enables to obtain the indicated technical result.

Abstract: A communication system includes a registration server, a management server and a first target device. When receiving destination information from a communication device, the registration server transmits authentication information to the communication device, transmits screen relating information to a destination indicated by the destination information, receives user information from the communication device and registers the user information therein. When receiving the authentication information from the communication device, the first target device transmits the authentication information and first device identification information to the management server. When receiving the authentication information and the first device identification information from the first target device, the management server registers the first device identification information therein.

Abstract: The present invention provides a method and system for receiving by a user from a source a communication being a fragment of a message having an unrecognizable part containing confidential data. The unrecognizable part is converted into recognizable data upon receipt of the communication and presented to the user. The user can send a request for an additional fragment of the message if needed to complete the message or to decipher the message.