Abstract: This disclosure is directed to network optimization in a complex joint network for increasing the network utility of the complex joint network. A computing device in the complex joint network may receive a data flow via a complex joint network. The computing device may determine, based on a network template, a mission utility associated with the data flow and a traffic class associated with the data flow. The computing device may control one or more quality of service decisions based at least in part on the mission utility associated with the data flow and the traffic class associated with the data flow.

Abstract: Embodiments for a computer readable medium including a software module are provided. The software module causes one or more processing devices to obtain a biometric identifier from a user. Access to a resource is requested by providing a software credential token and the biometric identifier. The software credential token corresponds to a hardware credential token, and the hardware credential token is one of a set of hardware credential tokens that are used to access the resource. An indication that access to the resource has been granted is received and after receiving the indication an indication that the access to the resource has been revoked is received. After receiving the indication that access to the resource has been revoked, a biometric identifier is re-obtained from a user and access to the resource is re-requested by providing a software credential token and the re-obtained biometric identifier.

Abstract: This disclosure is directed to network optimization in a complex joint network for increasing the network utility of the complex joint network. A computing device in the complex joint network may receive a data flow via a complex joint network. The computing device may determine, based on a network template, a mission utility associated with the data flow and a traffic class associated with the data flow. The computing device may control one or more quality of service decisions based at least in part on the mission utility associated with the data flow and the traffic class associated with the data flow.

Abstract: Embodiments for a computer readable medium including a software module are provided. The software module causes one or more processing devices to obtain a biometric identifier from a user. Access to a resource is requested by providing a software credential token and the biometric identifier. The software credential token corresponds to a hardware credential token, and the hardware credential token is one of a set of hardware credential tokens that are used to access the resource. An indication that access to the resource has been granted is received and after receiving the indication an indication that the access to the resource has been revoked is received. After receiving the indication that access to the resource has been revoked, a biometric identifier is re-obtained from a user and access to the resource is re-requested by providing a software credential token and the re-obtained biometric identifier.

Abstract: This disclosure is directed to network optimization in a complex joint network for increasing the network utility of the complex joint network. A computing device in the complex joint network may receive a data flow via a complex joint network. The computing device may determine, based on a network template, a mission utility associated with the data flow and a traffic class associated with the data flow. The computing device may control one or more quality of service decisions based at least in part on the mission utility associated with the data flow and the traffic class associated with the data flow.

Abstract: In general, the techniques of this disclosure describe a computing device in a secure domain that is configured to receive, via a guard device, an authentication factor from a biometric authentication device in a non-secure domain. The biometric authentication device is in a non-secure domain, and the authentication factor comprises an identifier of a prospective user of the biometric authentication device. The computing device may then determine, based on the received authentication factor, whether the prospective user is a trusted user of the computing device based on the authentication factor. Responsive to determining that the prospective user of the biometric authentication device is the trusted user, the computing device may enable access to one or more applications on the computing device.

Abstract: Embodiments for a method for issuing a software credential token with reliance on a hardware credential token are disclosed. A data server that allows access thereto via a set of hardware credential tokens is provided. The method includes receiving a request for a software credential token from a personal computing device. The request includes an indication of a hardware credential token upon which the request relies. An email address and a public key corresponding to the hardware credential token are obtained. The method also includes sending an email to the email address. The email includes a one-time password encrypted with the public key. Access to the email is restricted to an individual to which the hardware credential token was issued. The method also includes receiving an inputted password from the personal computing device. If the inputted password matches the one-time password, a software credential token is issued to a user.

Abstract: This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.

Abstract: Methods, networks and nodes for dynamically establishing encrypted communications between a first node having a first identification and a first private key and a second node having a second identification and a second private key. A first signal comprising information indicative of the first identification of the first node is transmitted, then, upon receipt of the first signal by the second node, a second signal comprising information indicative of the second identification of the second node and a first portion of a symmetric key is transmitted, then, upon receipt of the second signal by the first node, a third signal comprising a second portion of the symmetric key is transmitted.

Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.

Abstract: This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.

Abstract: This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.

Abstract: Methods, networks and nodes for dynamically establishing encrypted communications between a first node having a first identification and a first private key and a second node having a second identification and a second private key. A first signal comprising information indicative of the first identification of the first node is transmitted, then, upon receipt of the first signal by the second node, a second signal comprising information indicative of the second identification of the second node and a first portion of a symmetric key is transmitted, then, upon receipt of the second signal by the first node, a third signal comprising a second portion of the symmetric key is transmitted.

Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.

Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.

Abstract: This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.

Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.

Abstract: This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.

Abstract: A system is described for monitoring and testing enterprise networks that tend to have a number of geographically dispersed devices and interconnected sub-networks. The system includes a plurality of distributed agents to capture packets from a network. The system further includes an aggregation module coupled to the network to receive and aggregate the captured packets. During the aggregation process, the aggregation module identifies duplicate packets that were captured by different agents as an originating packet traverses the network. A display is coupled to the aggregation module, presents the non-duplicate network packets, giving a user a clear illustration of network activity. For the duplicate packets, the aggregation module presents a representative packet, such as the originating packet, that may be expanded by the user to view the details of the duplicate packets.

Abstract: A system is described for monitoring and testing computer networks, such as enterprise networks that tend to have a number of geographically dispersed devices and interconnected sub-networks. The system includes a plurality of distributed agents coupled to a computing network. The system further includes a replay module coupled to the network that has a storage medium to store replay data. The replay module communicates respective portions of the replay data to the agents, and issues commands to the agents to control introduction of the network packets on the computing network by the agents. In this way, the system recreates network activity in order to test the computer network. The replay data stored by the storage medium may define a conditional flow for introduction of the network packets by the agents. Accordingly, the replay module may issue commands to the agents in accordance with the conditional flow.