Abstract: A solution is proposed for controlling access to data that are broadcast over a telecommunication medium. A corresponding method comprises validating by a plurality of validator devices an access request that is submitted by an access device for accessing the data. The validator devices update a blockchain by adding a new block comprising an indication of the access request in response to a positive result of its validation. A provider system transmits cryptographic information for decrypting the data to the access device in response to the new block. A corresponding method for broadcasting data by a provider system and a corresponding method for accessing broadcast data by an access device are proposed. Corresponding computer programs and computer program products for performing the methods are also proposed. Moreover, corresponding structure, provider system and access device are proposed.

Abstract: Described are various embodiments of a cryptographic process for portable devices, and user presence and/or access authorization systems and methods employing such protocols. In one embodiment, a digital user authentication system is described to comprise a wireless digital user authentication device (UAD) operable to authenticate the user and wirelessly communicate an authenticated identity thereof; and a network application operatively associated with a wireless access point and operable to authenticate the user presence. Upon the network application authenticating the user presence based, at least in part, on the authenticated identity, the UAD and the network application securely establish a short-term symmetric advertising (STSA) key. During a prescribed advertising lifetime of the STSA, the UAD periodically computes and advertises authentication codes encompassing the STSA key so to securely advertise the authenticated user presence.

Abstract: Embodiments of the present invention adapt interconnect systems to apply automated rules and analytics to the Authentication, Authorization, and Accounting (“AAA”) messages between providers that are handled by the interconnect system. The automated rules and analytics interpret or convert the administrative messages into a measure of technical performance of the visited network in relation to a corresponding home network provider. As part of this process, the system establishes a procedure that matches messages involving a device to be related and produces a data structure and corresponding data that is stored and reflects the performance or other salient data points. The structure of the data is set of extracted and calculated data that is derived from the messages and is assembled to reflect operation at the level of each administrative messaging session, involving a request to the home network provider to join a visited network.

Abstract: The present disclosure describes a computer-implemented method that includes: receiving data encoding a current geolocation of a mobile computing device, a classification status of one or more files on the mobile computing device being requested by a user of the mobile computing device, and a current network domain on which the mobile computing device is registered; and based on the current geolocation of the mobile computing device, the classification status of the one or more files on the mobile computing device, and the current network domain of the mobile computing device, determining an encryption status of the one or more files on the mobile computing device.

Abstract: Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration.

Abstract: An indication that a secure connection has been established with a key management service is received. The secure connection is associated with an automatically generated session encryption key utilized for encryption of data communication through the secure connection. In response to the indication that the secure connection has been established with the key management service, a determination is made to perform a rotation of a local encryption key utilized in encrypting locally stored data. The rotation of the local encryption key is performed based at least in part on the automatically generated session encryption key.

Abstract: A communication system according to an embodiment includes one or more hardware processors. The one or more hardware processors: transmit, to an external communication system, a cryptographic random number obtained by encrypting a random number; receive verification information for verifying the external communication system, the verification information being generated by the external communication system with the cryptographic random number and attribute information of the external communication system; and perform, by using a cryptographic key based on the random number, communication with the external communication system having been verified with the verification information.

Abstract: The present disclosure relates to a system and method for controlling data interception in a communication network. One or more requests from a user for accessing one or more microservices are received through an Application Programming Interface (API). Information associated with one or more requests is the detected and requests are classified as secured microservice request and non-secured microservice request. The information is detected through predefined rules. Authentication token is then issued for secured microservice based on the detecting. The authentication token stores information detected by the detector in a geo storage system. The one or more requests are then routed according to the authentication token towards one or more corresponding microservices of the one or more microservices.

Abstract: A privacy protecting transaction engine for a cloud provider network is described. According to some embodiments, a computer-implemented method includes receiving a request from a customer of a cloud provider network to create a customer cloud in the cloud provider network, generating the customer cloud in the cloud provider network, receiving a first request at the cloud provider network for the customer cloud that includes private information of an end customer of the customer of the cloud provider network, removing the private information from the first request by a privacy protecting transaction engine of the cloud provider network to generate a second request, and sending the second request to the customer cloud for servicing.

Abstract: In some examples, a system comprises a memory device for storing instructions and a processor which executes instructions causing the system to perform operations comprising receiving an instruction to transfer a state of a first device to a second device, and packaging information relating to the state of the first device in a file. The packaging of the information relating to the state of the first device includes recording each application executing on the first device in a list maintained in the file, and transferring the file containing information relating to the state of the first device to the second device, either directly or indirectly based on an availability of connections between the first device and the second device. The file, when processed by the second device, causes the second device to reproduce the state of the first device. In some example, reproducing the state of the first device includes the second device downloading, from one or more of the locations, one or more of the applications.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more processes may determine that a platform reset signal from a processor of an information handling system has been asserted; may determine that a power conservation state from the processor was not asserted within an amount of time; may determine that an operating system restart occurred; may notify a hardware root of trust device to authenticate information handling system firmware; may assert a resume reset signal to the processor; may authenticate the information handling system firmware; may de-assert a power OK signal to the processor; may remove power from the processor; may determine that the resume reset signal to the processor is de-asserted and that the processor is out of the power conservation state; and may provide power to the processor.

Abstract: Systems and methods support workspaces operating on an Information Handling System (IHS), where the workspaces utilize virtualization to operate in isolation from a portion of the hardware and software of the IHS. Resources of the IHS that are available for use by workspaces are registered with an orchestration service that is remote from the IHS and that manages deployment of workspaces on the IHS. A workspace is instantiated on the IHS according to a workspace definition provided by the orchestration service. The orchestration service also provides a handle that allows the workspace to access a particular resource of the IHS, where the handle includes an interface supported by an embedded controller of the IHS for providing access to the IHS resource. The workspace invokes the IHS resource using an interface provided in the handle. The handle thus provides a communication mechanism for workspaces to utilize local resources of the IHS.

Abstract: Various embodiments of the present application are directed towards systems and methods for hybrid blockchain control. According to some embodiments a method for hybrid blockchain control, an update to a distributed blockchain is received from a blockchain system. The blockchain system includes multiple nodes individually storing copies of the distributed blockchain and individually updating the copies by a consensus process. A determination is made as to whether the distributed blockchain has been fraudulently modified based on the received update. In response to determining the distributed blockchain has been fraudulently modified: 1) a corrective block is disseminated to the blockchain system to trigger the consensus process on the nodes; and 2) a predefined override in the consensus process is invoked to update the copies of the distributed blockchain in a manner that bypasses an illegitimate block. Further, the predefined override is invoked while the consensus process processes the corrective block.

Abstract: A method including determining, by a first device in communication with a second device in a mesh network, an instant message to be transmitted to the second device; and encrypting, by the first device, the instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device; and selectively transmitting, by the first device to the second device, the instant message over a meshnet connection between the first user device and the second user device in the mesh network. Various other aspects are contemplated.

Abstract: According to one embodiment, a method for establishing a connection of a mobile terminal to a mobile radio communication network is described comprising a first common control plane function of a mobile radio communication network receiving a connection request from a mobile terminal; the first common control plane function authenticating the mobile terminal including generating an authentication context of the mobile terminal; the first common control plane function forwarding the connection request and transmitting the authentication context of the mobile terminal to a second common control plane function of the mobile radio communication network and the second common control plane function connecting the mobile terminal to the mobile radio communication network.

Abstract: Data security across data residency restriction boundaries is provided by obtaining and profiling a dataset on which a desired analysis is to be performed, with some results of the desired analysis to be transferred from one location to another, the dataset subject to data residency restrictions that restrict transfer of the dataset across a boundary to the another location, and the profiling identifying a profile level for the dataset, then automatically generating a container image based on the profile level and the data residency restrictions that restrict the transfer of the dataset across the boundary, the container image configured for instantiation and execution to process the dataset into a reformatted dataset not restricted by the data residency restrictions for transfer across the boundary, and storing the container image to a container registry.

Abstract: Example embodiments provide systems and methods for securing a deployed camera. A security apparatus is coupled to the deployed camera and accesses video content from the coupled camera. The security apparatus accesses video content from the coupled camera, splits the video content within a plurality of RTP packets, encrypts payloads of the RTP packets, embeds in a header of the encrypted RTP packets, at least two key identifications for decryption of the encrypted RTP packets, and transmits the plurality of RTP packets over a network to a video management system.

Abstract: Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application.

Abstract: Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration.

Abstract: To provide a terminal device that can share a session key for use in encryption communication with multiple terminal devices at a certain timing without relying on an existing server device.