Abstract: There is disclosed in one example an enrollment over secure transport (EST)-capable gateway device, including: a hardware platform including a processor and a memory; a first network interface to communicatively couple to an external network, including an external DNS server; a second network interface to communicatively couple to a home network; a caching DNS server including a local DNS cache, and logic to provide DNS services to the home network; and an EST proxy to authenticate to a local endpoint on the home network, provision a DNS server certificate on the local endpoint, provision an authentication domain name (ADN) on the local endpoint, and provide encrypted domain name system (DNS) services to the local endpoint.

Abstract: Various embodiments are described for dynamic value stream management. A computing environment is directed to receive a stream of metrics from station computing devices each positioned at a station in a manufacturing process, where individual ones of the station computing devices have a sensor configured to generate metrics. The computing environment may determine an optimal allocation of resources for each of the stations in the manufacturing process based at least in part on the metrics. If a cycle time of a station falls below a threshold, personnel from another satisfactorily-performing station may be reassigned to the station based on cross-training metrics. A recommended action for the stations may be determined and presented in a display device.

Abstract: Example methods, apparatus, systems and articles of manufacture to implement cooperative mitigation of distributed denial of service attacks originating in local networks are disclosed. An example local network router disclosed herein includes a mitigator to mitigate a distributed denial of service attack detected by an Internet service provider, the distributed denial of service attack associated with network traffic originating from a first device connected to a local network. The example local network router also includes a threat signaling server to identify the first device based on first information received from a threat signaling client of the Internet service provider, the first information describing the distributed denial of service attack. The example threat signaling server is also to transmit second information to notify the threat signaling client of the Internet service provider when the network traffic associated with the distributed denial of service attack has been mitigated.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify application permission safety.

Abstract: A system for controlling accesses to network enabled devices includes a network interface over which a hub communicates with network enabled devices, a processor, and a multilayer access control layer. The access control layer includes instructions that, when executed by the processor, cause the processor to detect, at the hub, a request representing an attempt by an application executing on a remote host device to access a network enabled device communicatively coupled to the hub, characterize the request according to a user of the remote host device, the application making the attempt, and the network enabled device, and determine whether to allow or deny the request based upon the characterization and a plurality of rules. The rules may include definitions of access rights, with respect to the network enabled device, for users, applications, commands or queries made by applications, remote host devices, and network domains.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to establish a connection with a router, obtain identification for the router, communicate the identification of the router to a network element, receive a hash of at least a portion of a certificate for the router, and disconnect the connection and establish a new connection with the router, where the hash is used to authenticate network services received from the router during the new connection. In an example, the hash is part of a subject public key infrastructure (SPKI) pin set.

Abstract: A system for controlling accesses to network enabled devices includes a network interface over which a hub communicates with network enabled devices, a processor, and a multilayer access control layer. The access control layer includes instructions that, when executed by the processor, cause the processor to detect, at the hub, a request representing an attempt by an application executing on a remote host device to access a network enabled device communicatively coupled to the hub, characterize the request according to a user of the remote host device, the application making the attempt, and the network enabled device, and determine whether to allow or deny the request based upon the characterization and a plurality of rules. The rules may include definitions of access rights, with respect to the network enabled device, for users, applications, commands or queries made by applications, remote host devices, and network domains.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify encrypted handshakes. An example apparatus includes a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server, a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, and a decrypter to, in response to the second handshake, decrypt a certificate sent by the server.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: Example methods, apparatus, systems and articles of manufacture to implement cooperative mitigation of distributed denial of service attacks originating in local networks are disclosed. An example local network router disclosed herein includes a mitigator to mitigate a distributed denial of service attack detected by an Internet service provider, the distributed denial of service attack associated with network traffic originating from a first device connected to a local network. The example local network router also includes a threat signaling server to identify the first device based on first information received from a threat signaling client of the Internet service provider, the first information describing the distributed denial of service attack. The example threat signaling server is also to transmit second information to notify the threat signaling client of the Internet service provider when the network traffic associated with the distributed denial of service attack has been mitigated.

Abstract: An apparatus includes a processing unit that divides an overlay buffer into a plurality of macro blocks, draws a graphic primitive object including a plurality of pixels, identifies one of the plurality of macro blocks upon a determination that the plurality of pixels has crossed a boundary of the one of the plurality of macro blocks, and image processes the one of the plurality of macro blocks.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify application permission safety.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to establish a connection with a router, obtain identification for the router, communicate the identification of the router to a network element, receive a hash of at least a portion of a certificate for the router, and disconnect the connection and establish a new connection with the router, where the hash is used to authenticate network services received from the router during the new connection. In an example, the hash is part of a subject public key infrastructure (SPKI) pin set.

Abstract: A system for controlling accesses to network enabled devices includes a network interface over which a hub communicates with network enabled devices, a processor, and a multilayer access control layer. The access control layer includes instructions that, when executed by the processor, cause the processor to detect, at the hub, a request representing an attempt by an application executing on a remote host device to access a network enabled device communicatively coupled to the hub, characterize the request according to a user of the remote host device, the application making the attempt, and the network enabled device, and determine whether to allow or deny the request based upon the characterization and a plurality of rules. The rules may include definitions of access rights, with respect to the network enabled device, for users, applications, commands or queries made by applications, remote host devices, and network domains.

Abstract: A method of performing an action in a branchless banking environment, the method including, in one or more electronic processing devices: (a) receiving at least one identifier associated with an individual from an agent terminal via a communications network; (b) retrieving identity information from a database using the at least one identifier; (c) receiving authentication information supplied by the individual from the agent terminal via the communications network; (d) authenticating the individual using the authentication information and the identity information retrieved from the database; and, (e) performing an action in response to successful authentication, the action including at least one of: (i) establishing an account on behalf of the individual using the identity information; and, (ii) performing a transaction on behalf of the individual.

Abstract: An apparatus includes a processing unit that divides an overlay buffer into a plurality of macro blocks, draws a graphic primitive object including a plurality of pixels, identifies one of the plurality of macro blocks upon a determination that the plurality of pixels has crossed a boundary of the one of the plurality of macro blocks, and image processes the one of the plurality of macro blocks.

Abstract: A routing system is improved by performing three steps sequentially to complete an execution process. The first step estimates a normalized criticality score for each design net. The second step arranges the scores for each design net in descending order. Third step rips up and reroutes the design so as to make it more feasible.

Abstract: A process for shortest path routing in computer-aided designs (CAD) is performed using an incremental graph traversal technique. This technique searches the shortest path routing trees in a graph by path exploration limited only to an incremented search region thereby reducing run time complexity. Graph traversal begins in the incremented search region, and propagates successive changes thereafter.

Abstract: A routing system is improved by performing three steps sequentially to complete an execution process. The first step estimates a normalized criticality score for each design net. The second step arranges the scores for each design net in descending order. Third step rips up and reroutes the design so as to make it more feasible.

Abstract: A process for shortest path routing in computer-aided designs (CAD) is performed using an incremental graph traversal technique. This technique searches the shortest path routing trees in a graph by path exploration limited only to an incremented search region thereby reducing run time complexity. Graph traversal begins in the incremented search region, and propagates successive changes thereafter.