Abstract: Methods and systems for implementing a moving target defense are described. The moving target defense can comprise obfuscating a protocol identifier within a packet. The protocol identifier can be replaced with a faux protocol identifier. Additionally, diversion headers can be inserted into to the packet, thereby creating additional layers of complexity.

Abstract: A network router may send a self-authenticating message to a plurality of host devices. The self-authenticating message may comprise a router advertisement message and a hash of at least a portion of the router advertisement message. The hash may allow the host devices to authenticate the network router for communications.

Abstract: A first computing device may authenticate itself to a second computing device by providing a verifier value based on a private key. The verifier value may be sent to the second computing device, and a session key may be determined based on the private key. A secure message may comprise routing information associated with the first computing device and a hash value based on the routing information and the session key, and the first computing device may communicate with the second computing device using the session key.

Abstract: A mobile device may comprise a secure memory. The mobile device may receive a request from a mobile application executing on the mobile device to store data in the secure memory. The request may comprise the data and a group identifier associated with the mobile application. A primary symmetric key associated with the group identifier may be determined. The data may be encrypted, using the primary symmetric key, to produce first encrypted data. A secondary symmetric key associated with the group identifier may be determined. The first encrypted data may be encrypted, using the secondary symmetric key, to produce second encrypted data.

Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Abstract: Systems and methods involving secure device authentication using aspects of a zero-knowledge password proof approach are disclosed. In one example, a device may generate a self-authenticating message including its identity and/or its capabilities. The device may use a secret value, random nonce, public ephemeral value (PEV), session key, and/or other values to generate the self-authenticating message. The secret value may be unknown to device receiving the self-authenticating message. With the use of pre-loaded values, including a verifier, the receiving device may compare a host-HMAC with the router-HMAC to verify the authenticity of the message. Such authentication may be used, inter alia, on an Internet Protocol network utilizing Neighbor Discovery protocol.

Abstract: Systems and methods involving secure device authentication using aspects of a zero-knowledge password proof approach are disclosed. In one example, a device may generate a self-authenticating message including its identity and/or its capabilities. The device may use a secret value, random nonce, public ephemeral value (PEV), session key, and/or other values to generate the self-authenticating message. The secret value may be unknown to device receiving the self-authenticating message. With the use of pre-loaded values, including a verifier, the receiving device may compare a host-HMAC with the router-HMAC to verify the authenticity of the message. Such authentication may be used, inter alia, on an Internet Protocol network utilizing Neighbor Discovery protocol.

Abstract: An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that are authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.

Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Abstract: An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that are authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.

Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Abstract: An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that arc authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.

Abstract: Systems and methods for remote signaling are disclosed. One method can comprise receiving, by a destination node, a data packet having a source address associated with source node comprising an interface identifier of the source node, comparing at least a portion of the source address to one or more memory locations of the destination node, identifying a select memory location of the one or more memory locations based upon the comparing at least the portion of the source address to the one or more memory locations of the destination node, and causing execution of an executable instruction stored at the identified memory location.

Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Abstract: Methods and systems for implementing a moving target defense are described. The moving target defense can comprise obfuscating a protocol identifier within a packet. The protocol identifier can be replaced with a faux protocol identifier. Additionally, diversion headers can be inserted into to the packet, thereby creating additional layers of complexity.

Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Abstract: An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that arc authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.

Abstract: An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that are authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.

Abstract: Systems and methods for remote signaling are disclosed. One method can comprise receiving, by a destination node, a data packet having a source address associated with source node comprising an interface identifier of the source node, comparing at least a portion of the source address to one or more memory locations of the destination node, identifying a select memory location of the one or more memory locations based upon the comparing at least the portion of the source address to the one or more memory locations of the destination node, and causing execution of an executable instruction stored at the identified memory location.