Abstract: A computer method and system for determining common network security filter settings for one or more clusters of network servers. Network traffic samples are captured which are associated with a plurality of network servers. The captured network traffic samples are collated with regards to each of the plurality of network servers. The collated network traffic is analyzed for each of the plurality of network servers for determining suggested network security filter settings for each network server. One or more clusters of network servers are determined contingent upon the determined suggested network security filter settings for each of the plurality of network servers. Common network security group filter settings are determined for each determined cluster of network servers.

Abstract: The disclosure provides an approach for implementing a distributed firewall within a data center. The firewall is implemented as a kernel space filter driver within the operating system of virtual machines. Each virtual machine hosts several user sessions. The firewall may be dynamically updated with new security policies, either by an administrator or a component of the data center.

Abstract: A method, cryptographic device, and computer readable memory with instructions, for generating a cryptographic key from at least one prime number, by performing during runtime of the cryptographic device by obtaining from memory a challenge and at least one associated increment number, generating a seed by applying a Physically Unclonable function to said obtained challenge, generating at least one prime number from said generated seed by performing said cryptographic prime numbers generation algorithm and by performing therein as many incrementation steps as said obtained at least one increment number, and generating the cryptographic key from the generated prime number.

Abstract: An exemplary system, method, and computer-accessible medium can include, for example, receiving at a first entity from a second entity, a first request for encrypted user information associated with at least one user, wherein the first request includes a user identifier associated with the at least one user, and wherein the first entity is different from the second entity, sending, from the first entity, a second request to a user device associated with the at least one user, wherein the second request includes a notification to the at least one user for an affirmation of the first request or a denial of the first request, receiving at the first entity from the user device, the affirmation or the denial, and sending, from the first entity to the second entity, (i) the encrypted user information if the affirmation is received or (ii) a denied notification if the denial is received.

Abstract: The disclosed technology includes systems and methods for determining secondary authentication of a user's log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.

Abstract: Various embodiments relate to a method for generating a bit stream in a physical unclonable function (PUF) system, including: receiving a set of values from a plurality of physical devices in the PUF system in a first order; sorting the set of values into a second order; for each of the L highest values, setting a corresponding levelTag value to a first bit value and setting a corresponding usageTag value to a first usage value that indicates that the levelTag for the corresponding value is to be used to generate the bit stream, wherein L is a level setting; for each of the L lowest values, setting a corresponding levelTag value to a second bit value and setting a corresponding usageTag value to the first usage value, wherein the first bit value is different from the second bit value; setting the usageTag value for all other values that are not the highest L values or the lowest L values to a second usage value that indicates that the corresponding value is not to be used to generate the bit stream; generatin

Abstract: The embodiments herein relate to a method performed by a PGW (108) for handling a UEs (101) access to an EPC service via a non-3GPP access network (103). During a request for connecting the UE (101) to the non-3GPP access network (103), the PGW (108) receives identity information which indicates an identity of an AAA node (710) from a non-3GPP access gateway (705). The PGW (108) selects the AAA node (710) which was indicated in the received identity information. The PGW (108) transmits, to the selected AAA node (710), a request message for the UE (101). The request message is a request for authorization of the UE (101) to access the EPC service via the non-3GPP access network (103).

Abstract: Methods, systems, and apparatus, including computer programs encoded on a storage device, for securing a network associated with a property in response to the detection of a hacking drone within a vicinity of the property. In one aspect, a method includes obtaining sensor data from one or more sensors located at a property, detecting, based on the obtained sensor data, the presence of a drone, determining, based on the obtained sensor data, that the detected drone is an unauthorized drone, determining, by the monitoring system, that the unauthorized drone (i) is communicating or (ii) attempting to communicate with a network associated with the property, selecting one or more network adjustment policies, and transmitting one or more instructions to (i) one or more monitoring system components or (ii) one or more network components that are configured to adjust network parameters based on the one or more selected network adjustment policies.

Abstract: Disclosed embodiments relate to performing secure and flexible searches of encrypted data. Operations may include maintaining a database of a plurality of sets of encrypted data; receiving a transformed search query for the database, the transformed search query having undergone a transformation process at a client including: identifying a plaintext string in a search query at the client, applying the plaintext string to a language dictionary accessible to the client, receiving, based on the language dictionary, one or more plaintext search strings, and encrypting, at the client, the one or more plaintext search strings; and returning a result based on the transformed search query, the result being based on the encrypted one or more plaintext search strings.

Abstract: A modular data center (MDC) includes an in-band communication network connection communicatively coupled between an information technology (IT) component of the MDC and a data center external to the MDC. A sensor of a security system of the MDC detects a presence of a person in proximity to an exterior of the MDC or inside of the MDC. In response to determining that the person is detected, a controller of the MDC determines whether the detected person is authenticated. In response to determining that the detected person is not authenticated, the controller authenticates the data center via the in-band communication network connection, and the controller transfers computing workload and data from the at least one IT component to the data center via the in-band communication network connection.

Abstract: A wireless communication device (16) is configured for use in a wireless communication system (10). The wireless communication device (16) is configured to receive control signaling (22) that indicates a certain wait time (24) for which the wireless communication device (16) is required to wait before sending a certain control message (20) to network equipment (18). A subset of possible wait times must be indicated by integrity-protected control signaling. The wireless communication device (16) may therefore also be configured to accept or reject the certain wait time (24) as being required before sending the certain control message (20), based on whether the received control signaling (22) was integrity protected and on whether the certain wait time (24) is included in the subset of possible wait times which must be indicated by integrity-protected control signaling.

Abstract: A method and Key Management Facility (KMF) for managing keys of a single user having a plurality of devices is provided. The KMF receives an Over-The-Air Rekeying (OTAR) message relating to a first device and including an interworking bit. If the interworking bit is set, the KMF retrieves a main source RSI and a Sub-RSI field from the OTAR message. If the main source RSI matches other main source RSIs from other devices, the KMF manages keys for all devices that have the same main source RSI in an identical manner.

Abstract: Embodiments of a secure multi-party computation method applicable to any one computing node of a plurality of computing nodes deployed in a distributed network are provided. The plurality of computing nodes jointly participate in a secure multi-party computation based on private data held by each computing node. The computing node is connected to a trusted key source, and the method includes: obtaining a trusted key from the trusted key source; encrypting the private data held by the computing node based on the obtained trusted key to obtain ciphertext data; transmitting a computing parameter comprising at least the ciphertext data to other computing nodes participating in the secure multi-party computation, so that the other computing nodes perform the secure multi-party computation based on collected computing parameters transmitted by the computing nodes participating in the secure multi-party computation.

Abstract: A method includes receiving a request from a protocol publisher to install a protocol at the protocol database, the request including a global unique identifier (GUID) and a first protocol pointer. The GUID and the first protocol pointer are stored at an entry at a protocol database. A root key received from the protocol publisher is stored at the entry at the protocol database. A request including the GUID is received from a protocol consumer, and in response, the protocol consumer is provided with a random number. A reference GUID is generated based on the random number and the root key, and the reference GUID is stored at the entry of the protocol database.

Abstract: An example operation may include one or more of: receiving, via an input/output interface, an encrypted RF signal from an RF identification device; decrypting, via a processing unit, the received encrypted RF signal to generate decrypted data; modifying, via the processing unit, the decrypted data to generate modified data; maintaining, via a memory, a cryptographic distributed ledger based on the decrypted data and the modified data; encrypting, via the processing unit, the modified data to generate encrypted data; updating, via the memory, the cryptographic distributed ledger based on the encrypted data; and transmitting, via the input/output interface, an updated encrypted RF signal, based on the encrypted data, to the RF identification device.

Abstract: A first example network security platform disclosed herein includes a platform selector to determine a platform selection value based on a first parameter value in a first message from a client and a second parameter value in a second message from a server, the first and second messages associated with establishment of an encrypted network traffic flow between the client and the server. The example first network security platform also includes a key retriever to obtain a cryptographic session key associated with the encrypted network traffic flow from a selected one of a cluster of network security platforms based on the platform selection value, the first network security platform included in the cluster of network security platforms. The example first network security platform further includes a traffic analyzer to analyze network traffic associated with the encrypted network traffic flow based on the cryptographic session key.

Abstract: An information processing apparatus that authenticates sets of distributed authentication information without collecting, the sets of distributed authentication information, to be collected at any one of apparatuses included in a system.

Abstract: In a general aspect, a countermeasure method implemented in a microcircuit can include selecting, at each cycle of a clock signal, a supply mode of a component internal to the microcircuit, the supply mode can be selected from among a first supply mode in which the component is fully supplied by a first supply circuit connected to a supply input of the microcircuit, and at least one second supply mode in which the component is at least partially supplied by a second supply circuit internal to the microcircuit. The second supply circuit can be isolated from the exterior of the microcircuit while it is supplying the component.

Abstract: Disclosed herein is a system for providing a cryptographic platform for distributing data structures within a peer-to-peer network wherein encrypted messages are exchanged among nodes. The system provides for the creation and management of privately subspaced blockchains that include subspaces that are private, yet verifiable through the use of global state roots. The global state roots are updated based on subspace roots that are in term generated based on the data in that subspace.

Abstract: A portable data center is configured to be transported with installed computing devices between a first location and a second location. A tethered networking device of the portable data center can be deployed to provide a consistent interface for connecting computing devices at a first location with computing devices of the portable data center. Large quantities of data stored in the computing devices at the first location can be transferred to computing devices of the portable data center and the portable data center storing the transferred data can be transported to a second location where the stored data is transferred from the portable data center to one or more computing devices at the second location.