Abstract: A method for monitoring network activity includes initiating a training phase by a machine learning (ML) server. Data associated with normal network traffic through the ML server during the training phase is collected. A classification model is generated based on the collected data. The ML server switches the training phase to an active phase. An outbound request is received during the active phase. Whether the outbound request is an anomalous request is determined based on the classification model.

Abstract: Aspects of categorizing MAC address randomization include obtaining probe data for a plurality of time intervals. A likelihood measure of a specified OS type and version belonging to each of a plurality of MAC address randomization categories is determined and the specified OS type and version is categorized based on the likelihood measure.

Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

Abstract: In one embodiment of file integrity preservation in accordance with the present description, a file is subdivided into a plurality of subfiles, and a write update originally targeted for a portion of that file contained within one of the subfiles, is instead directed to a temporary copy subfile. As a consequence, the temporary copy subfile which is updated with the write data, may be scanned for viruses or other malware separately from the original file and its corresponding original subfile. If the temporary copy subfile passes the scanning test, the originally targeted file may be updated with the updated contents of the clean temporary copy subfile. Conversely, in the event that the write update introduced malicious software to the temporary copy subfile, the original file and its corresponding original subfile remain uncontaminated by the write update. Other aspects are also described.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. The apparatus is an embedded-system device. The embedded-system device loads a first boot loader from a read only section of a storage device in an initialization process of the embedded-system device. The embedded-system device also loads, by the first boot loader, a public key from the read only section. The embedded-system device further generates a first verification code for static code and data stored in a first section of the storage device. The embedded-system device then decrypts, by the first boot loader, an encrypted signature stored in the first section by using the public key to obtain a second verification code. The embedded-system device determines integrity of the static code and data based on the first verification code and the second verification code.

Abstract: In an embodiment, a method includes accessing one or more digital applications by a server system. Each of the one or more digital applications is configured to be accessed by a plurality of users. The method also includes determining, by the server system, compliance content in each of the one or more digital applications. The method further includes removing the compliance content determined from each of the one or more digital applications. The method further includes storing the compliance content in a central repository. Thereafter, the method includes facilitating integration of one or more widgets into each of the one or more digital applications to access the compliance content stored in the central repository. The one or more widgets integrated into a digital application of the one or more digital applications enable a user of the digital application to access the compliance content from the central repository.

Abstract: An electronic device includes a sensor; a transceiver; a display; and a processor to collect user log data including location information of the electronic device, control to transmit, through the transceiver, the user log data including the location information of the electronic device, to a log manage server, based on a user input, control to transmit, through the transceiver to the log manage server, a signal for using a mission service provided by the log manage server, receive, through the transceiver from the log manage server, a mission based on the location information of the electronic device, control to display, on the display, information of the received mission, control to detect, through the sensory data associated with performing the mission, and control to transmit, through the transceiver, the sensory data to the log manage server to determine whether a result of performing the mission is successful.

Abstract: A system in accordance with an example includes a plurality of ports and a port manager. The port manager is to monitor quality of each of the plurality of ports. The port manager is to receive a connection request from a client device at a first port. The port manager is further to determine whether to instruct the client device to connect to a second port that is more suitable for the client device than the first port, based on the quality of the plurality of ports.

Abstract: Methods and systems for identifying sensitive information are provided. The method includes tokenizing labeled data into first word sequences, the labeled data including sensitive information. The method includes associating the labeled sensitive information with tags. The method includes determining that the first word sequences and the tags satisfy conditions defined by feature functions. The method includes calculating a local maximum of a likelihood function to determine a weight. The method includes tokenizing unlabeled data into second word sequences, the unlabeled data including sensitive information. The method includes executing each feature function based on their weights, the second word sequences, and tag sequences. The method includes selecting tag sequences that maximize probabilities of the second word sequences based on the likelihood function. The method includes identifying sensitive information in the unlabeled data based on the selected tag sequences.

Abstract: Techniques are disclosed relating to data storage. In various embodiments, a computing device includes first and second processors and memory having stored therein a first encrypted operating system executable by the first processor and a second encrypted operating system executable by the second processor. The computing device also includes a secure circuit configured to receive, via a first mailbox mechanism of the secure circuit, a first request from the first processor for a first cryptographic key usable to decrypt the first operating system. The secure circuit is further configured to receive, via a second mailbox mechanism of the secure circuit, a second request from the second processor for a second cryptographic key usable to decrypt the second operating system, and to provide the first and second cryptographic keys.

Abstract: A method, an electronic device, and computer readable medium is provided. The method includes receiving, from a media source, a request for media processing, where the request includes a requested media output. The method also includes identifying one or more media processing functions to perform the request for media processing based on information associated with each of the one or more media processing functions. The method further includes configuring each of the one or more media processing functions by mapping the request for media processing to the one or more media processing functions based on the information associated with each of the one or more media processing functions. The method additionally includes monitoring the one or more media processing functions while the one or more media processing functions perform tasks to generate the requested media output.

Abstract: A system and method for target driven peer-zoning (TDPZ) synchronization can include a principal member device and a switch. The principal member device can include to send an active peer zone list request to a switch. In an example, the principal member device can store a first TDPZ database version number and a first TDPZ zone list. In an example, the switch may send a response based on the active peer zone list request. In an example, the response can include a second TDPZ database version number and a second TDPZ zone list. The principal member device may compare the first TDPZ database version number to the second TDPZ database version number.

Abstract: Representative embodiments are disclosed for providing network and system security. A representative apparatus includes an input-output connector coupleable to a data network; a network interface circuit having a communication port; a nonvolatile memory storing a configuration bit image; and a field programmable gate array (“FPGA”) coupled to the network interface circuit through the communication port, the FPGA configurable to appear solely as a communication device to the first network interface circuit, and to bidirectionally monitor all data packets transferred between the input-output connector and the first network interface circuit and any coupled host computing system. In another embodiment, the FPGA is further configurable for only a partial implementation of a communication protocol, such as a PCIe data link and/or physical layers. The FPGA may also monitor host memory and provide encryption and decryption functionality.

Abstract: In embodiments, an apparatus for microcontroller (?C) or system-on-chip (SoC) computing includes a set of fuses disposed in a ?C or a SoC to store a seed value and M pairs of loop counter values (LCVs) with which to locally generate M private keys from the seed value on the microcontroller or SoC, where M is a positive integer, each private key to decrypt data encrypted with a pre-defined public key cryptosystem, wherein each private key includes two prime numbers p and q (p,q), the LCVs being a number of iterations of a key derivation function (KDF) needed to respectively obtain p and q from the seed value; and a key decoder, disposed in the (?C) or the SoC, and coupled to the set of fuses, to read the seed value and the M pairs of LCVs, and, for each of the M private keys to: respectively generate (p,q) from the seed value by respectively iterating the KDF by the LCVs for that key.

Abstract: Systems and methods are described for collaborative work hypertext markup language assets. The assets may be stored on a remote server. The methods may include instantiating a portable software test framework between an application local to a user and the remote server in dependence upon a uniform resource locator associated with the HTML asset and a request to acquire the HTML asset in response to a request for an HTML asset.

Abstract: Hardware Security Modules (HSMs) may be utilized to store master keys that are used to secure (e.g., wrap) encryption keys that are stored outside of the HSMs. The wrapping of the encryption keys may include using the master key to mask each of the plurality of encryption keys. The master keys are then stored within the HSMs and the wrapped encryption keys may be stored outside of the HSMs. Since the plurality of encryption keys are wrapped, the wrapped encryption keys may be stored outside of the HSMs with a reduced potential for the wrapped encryption keys to be misappropriated. As such, the plurality of encryption keys may be stored in systems that do not have as many security requirements, and thus, have more memory available. As such, the memory needed to store keys within the HSMs is reduced.

Abstract: In some implementations, a system can be used to selectively transmit bandwidth-intensive data over a cellular network based on dynamically determining resource availability over the cellular network. Monitoring system data to be transmitted to a remote server can initially be obtained by a component of a monitoring system. One or more network performance tests may be performed on a carrier network associated with the monitoring system. One or more network performance parameters can be computed based on results of the one or more network performance tests. The one or more network performance parameters can then be evaluated in relation to transmission requirements associated with the monitoring system data. A particular transmission strategy to use in transmitting the monitoring system data to the remote server can then be selected from among multiple transmission strategies. The monitoring system data is then transmitted to the server in accordance with the particular transmission strategy.

Abstract: An apparatus in one embodiment comprises at least one processing device having a processor coupled to a memory configured to implement a first ledger node of a plurality of ledger nodes configured to collectively maintain a distributed ledger. The first ledger node is configured to obtain a set of quality of service metrics for a given workload running on a given cloud service provider, to receive a set of monitoring metrics for the given workload, and to generate a cryptographic block characterizing the set of monitoring metrics, the cryptographic block being entered into the distributed ledger. The first ledger node is also configured to verify whether the given workload meets the set of quality of service metrics based at least in part on the set of monitoring metrics, and to trigger release of resources from a given client device to the given cloud service provider responsive to successful verification.

Abstract: A system and method for communicating with a client application that can include establishing a client signaling communication channel with a first client application; receiving a communication request from the first client application through the client signaling communication channel, wherein the communication request contains at least an authentication token and a specified communication destination; verifying the authentication token; if the authentication token is verified, at the system bridge, establishing a signaling communication channel with the communication destination and a second media communication channel with the specified communication destination; at the system bridge, establishing a first media communication channel with the client application; and merging the first media communication channel with the second media communication channel.

Abstract: Aspects of the disclosure relate to utilizing smart data tags to track and control secure enterprise data. A computing platform may receive, from an enterprise user computing device, enterprise data. Subsequently, the computing platform may determine one or more tags to be applied to the enterprise data. Then, the computing platform may generate a smart data object based on the enterprise data received from the enterprise user computing device and the one or more tags determined to be applied to the enterprise data received from the enterprise user computing device. Next, the computing platform may send, to an enterprise data storage platform, the smart data object, and sending the smart data object to the enterprise data storage platform may cause the enterprise data storage platform to store the smart data object in a repository comprising a plurality of smart data objects maintained by the enterprise data storage platform.