Abstract: Scalable method and system for secure sharing of encrypted information in a cloud system, the encrypted information being encrypted only once, and each user joining and accessing a shared folder by individual encrypted key material transferred.

Abstract: A method includes, with a computing system, exiting a context of a virtual machine, the exiting in response to a request from a guest operating system of the virtual machine to switch from a first encryption key identifier for the virtual machine to a second encryption key identifier for the virtual machine. The method further includes, with the computing system, loading the second encryption key identifier into a virtual machine control module of a virtual processor of the virtual machine and after loading the second encryption key identifier, entering the context of the virtual machine.

Abstract: A method, system and computer program product for ensuring PKI key pairs are operatively installed within a secure domain of a security token prior to generating a digital certificate. The public key component of the PKI key pair is incorporated into a digital certificate which is returned to the security token for storage. The arrangement included herein incorporates the use of a critical security parameter to ensure a chain of trust with an issuing entity such as a registration authority. Furthermore, the arrangement does not require security officer or system administrator oversight during digital certificate generation as the critical security parameter provides a sufficient level of trust to ensure that digital certificate generation is being performed in conjunction with a designated security token rather than a rogue application. Lastly, separate inventive embodiments allow alternate communications and verification arrangements to be implemented.

Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.

Abstract: In a computer implemented method for generating a random seed with high entropy as an entropy source a machine instruction ‘compare-and-swap’ —CAS— is used to calculate a random seed.

Abstract: Methods, apparatus, and systems are disclosed for, among other things, secure passphrase handling for computing devices. In one respect, a method is provided. The method includes receiving a plurality of passphrase elements from an input device. The method also includes performing a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value. The passphrase is verified upon completion of the sequence of secure delay processing operations. Further, initial values of respective secure delay processing operations are based on respective passphrase elements and, for each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operations.

Abstract: Embodiments of the present invention provide a security information configuration method, so as to reduce costs, simplify a security information configuration process, and improve security and reliability of security information configuration. The security information configuration method provided in the embodiments of the present invention includes: generating, by an SoC, an asymmetric key pair; writing a private key into an eFuse of the SoC; encrypting a public key; writing the encrypted public key into a flash memory for storage; generating first digest information according to target software information; making a signature for the first digest information, so as to obtain signature information; and writing the signature information into the flash memory. The embodiments of the present invention further provide a related security verification method and a related chip.

Abstract: A system for managing cryptographic keys and trust relationships in a secure shell (SSH) environment by mapping network servers, clients, and appliances and locating SSH keys and key pairs associated with each device. The system provides for mapping the network topology and all SSH keys and key pairs stored on network connected devices, and the creation of a master database of all devices, keys and key pairs, key types and encryption strength, and user accounts with which each key or key pair is associated. The mapping and database enable the effective management of SSH keys and key pairs, detection of errors and weakness, elimination of orphaned or outdated keys, correction of all deficiencies, and replacement of keys in accordance with policies set by the organization maintaining the network.

Abstract: A method (500) of generating a cryptographic checksum for a message M(x) is provided. The method comprises pseudo-randomly selecting (502) at least two irreducible polynomials pi(x). Each irreducible polynomial pi(x) is selected based on a first cryptographic key from the set of irreducible polynomials of degree ni over a Galois Field. The method further comprises calculating (503) a generator polynomial p(x) of degree n=formula (I) as a product of the N irreducible polynomials formula (II), and calculating (505) the cryptographic checksum as a first function g of a division of a second function of M(x), ƒ(M(x)), modulo p(x), i.e., g(ƒ(M(x)) mod p(x)). By replacing a standard checksum, such as a Cyclic Redundancy Check (CRC), with a cryptographic checksum, an efficient message authentication is provided. The proposed cryptographic checksum may be used for providing integrity assurance on the message, i.e., for detecting random and intentional message changes, with a known level of security.

Abstract: Technologies for securely exchanging sensor information include an in-vehicle computing system of a vehicle to establish a trusted execution environment and a secure communication channel between the trusted execution environment and a corresponding trusted execution environment of a coordination server. A private key is bound to the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system confirms the authenticity of the coordination server, receives sensor data generated by a sensor of the vehicle, and generates an attestation quote based on the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system further transmits, to the coordination server over the secure communication channel, the sensor data, the attestation quote, and a cryptographically-signed communication signed with the private key.

Abstract: A component for connecting to a data bus wherein the component implements at least one cryptographic functionality. Also disclosed is a method for implementing a cryptographic functionality in such a component. The implementation of the cryptographic functionality is based on a specified selection of cryptographic functions, methods and protocols adapted to the performance of the component, wherein minimum lengths are defined for the respectively used cryptographic keys.

Abstract: A technique for handling data provided from a source node to a collecting node in a data network is described. As to a method aspect of the technique, the source node generates a sequence of values. The sequence is unrevealed in the data network by the source node in a time interval. An authentication of the sequence is triggered in the data network. The authentication associates the sequence with the source node. One or more signatures for one or more data sets to be sent in the time interval are computed using one or more values of the sequence. The one or more data sets in the time interval are sent from the source node to the collecting node. The source node further provides one or more of the signatures.

Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.

Abstract: A system for automatic setting of system security comprises an input interface and a processor. The input interface is configured to receive an indication to set a secure mode. The processor is configured to: determine whether the indication to set the secure mode comprises an indication to set a certificate mode; in the event that the indication to set the secure mode comprises an indication to set a certificate mode: 1) detect one or more connected systems for which to set the certificate mode; 2) select one or more certificates for the certificate mode; 3) update initialization files for the certificate mode; and 4) reinitialize local and one or more connected systems.

Abstract: As compared to the conventional method, a non-blocking multicast switching system is provided in which the number of switches to be operated can be reduced and the path switching can be quick. A multicast switching system with an input stage, a middle stage, and an output stage, including a plurality of input switch elements of receiving/transmitting streams from input sources/to the middle stage, a plurality of middle switch elements of receiving/transmitting streams from the input switch elements/to the output stage, the plurality of middle switch elements being grouped into a plurality of groups and a plurality of output switch elements of receiving/outputting streams from the middle switch elements/to output destinations, wherein the input switch elements transmit the streams to each of the plurality of groups.

Abstract: Virtualized group-wise communications between a wireless network and a plurality of user equipments (UEs) are supported using UE cooperation. UE cooperation includes receiving, at a cooperating UE (CUE), downlink information from the wireless network destined for a target UE (TUE) and associated with a group identifier (ID). The group ID indicates a virtual multi-point (ViMP) node that includes the TUE and the CUE. The UE cooperation also includes sending the downlink information to the TUE. The UE or UE component can have a processor configured to forward between the wireless network and a TUE at least some information that is associated with a group ID indicating a ViMP node that groups the TUE and the UE.

Abstract: A network system includes: a VXLAN region that is connected to a vEPC virtual network and in which encapsulation by VXLAN is performed; a PBB region in which encapsulation by PBB is performed; an edge router that belongs to the VXLAN region and is connected to an edge switch in the PBB region; and an edge switch that belongs to the PBB region and is connected to the edge router. The edge router performs conversion between a VNID of data encapsulated by the VXLAN and an intermediate CVID of decapsulated data exchanged with the edge switch, and the edge switch performs conversion between an ISID of data encapsulated by the PBB and the intermediate CVID.

Abstract: Systems and methods for a security network integrating security system and network devices are disclosed. A system may comprise a gateway and first and second security panels, each located at a premises. The first and second security panels may be connected, via respective first and second wireless communication protocols, to respective first and second security system components. The first and second security panels may receive respective first and second security data from the respective first and second security system components. The gateway may be configured to receive, via the first and second wireless communication protocols, the respective first and second security data. The gateway may be configured to transmit at least one of the first security data and the second security data to a security server located external to the premises.

Abstract: An electronic device and method for registering a smart home device in a smart home system are provided. In various example embodiments, the electronic device receives a registration signal from the smart home device and collects information about the smart home device by analyzing the received registration signal. Then the electronic device requests a registration confirmation by providing the information about the smart home device through a display and also requests home network connection information when the registration confirmation is received. When the home network connection information is received, the electronic device connects the smart home device to a home network by transmitting the home network connection information to the smart home device.

Abstract: In order to provide a management apparatus that can reliably notify the user of the device state even when a device in a consumer's facility is operated via an external server, a management apparatus includes a first communication interface that transmits an operating instruction for devices in a consumer's facility to the devices, a storage that stores an operation history of the devices, and a second communication interface that transmits the operation history of the device to a server.

Abstract: According to various aspects, an isochronous channel may include an update slot in which a source device may schedule a transmission to broadcast control information to one or more sink devices. As such, a sink device may initially listen to a periodic advertising stream to receive synchronization information to acquire or re-acquire the isochronous channel and subsequently synchronize to the isochronous channel according to state information that the source device conveys in the update slot.

Abstract: Approaches for a virtualized Cable Modem Termination System (CMTS) for providing high speed data services to a remote physical device (RPD). The virtualized Cable Modem Termination System (CMTS) comprises a core routing engine (CRE) for performing packet switching and routing and one or more core servers (CS) that each perform CMTS functions for the one or more remote physical devices (RPDs). The core routing engine may comprise one or more core routing engine members. The core routing engine (CRE) and the one or more core servers (CS) are each implemented entirely on commercial off-the-shelf (COTS) hardware.

Abstract: Various embodiments are described that relate to a rapid deployment communications tile. As opposed to running various data and/or power wires, a construction crew can use set of tiles that have built in data and/or power transmission capabilities. These tiles can be keyed such that they interlock together to form a relatively uniform surface, such that the surface can also be used as a floor. Further, the tiles can have hardware components that enable the data and/or power transmission capabilities. These hardware components can be environmentally protected such that their performance is not subject to environmental factors.

Abstract: A non-transitory computer-readable medium storing instructions readable by a mobile terminal including a memory, an input interface, a first communication interface and a second communication interface, the instructions causing the mobile terminal to perform processes comprising: a storage processing of storing workflow information including device identification information and action identification information; a specifying processing of specifying the image processing apparatus, as a designated device; an information reception processing of receiving connection information from the designated device through the first communication interface; an extraction processing of extracting the workflow information coinciding with a first condition, among the workflow information; and an execution instruction processing of transmitting execution instruction information to the designated device through the second communication interface by using the connection information, wherein the execution instruction information

Abstract: A base station includes a channel estimator, a scheduler, and a controller. The channel estimator estimates a channel matrix with respect to each of a plurality of terminals. The scheduler determines a transmission weight corresponding to each of the plurality of terminals on the basis of the channel matrix that is estimated by the channel estimator such that the transmission weight is orthogonal to a current channel matrix and a past channel matrix of a terminal that is a subject of interference. The controller controls, when the transmission weight is determined by the scheduler, the number of samples of the current channel matrix and the past channel matrix to which the transmission weight is to be orthogonal with respect to each of the terminals.

Abstract: Described is an apparatus which comprises: an amplifier; and a passive continuous-time linear equalizer integrated with a baseline wander (BLW) corrector, wherein the integrated equalizer and BLW corrector is coupled to the amplifier.

Abstract: A predistortion method and apparatus are provided which use a DPD actuator (225) to apply a memory polynomial formed with first DPD coefficients to a first input signal x[n], thereby generating a first pre-distorted input signal y[n] which is provided to the non-linear electronic device (253) to produce the output signal, where the memory polynomial may be adaptively modified with a digital predistortion adapter (224) which computes second DPD coefficients u[n] with an iterative fixed-point conjugate gradient method which uses N received digital samples of the first pre-distorted input signal y[n] and a feedback signal z[n] captured from the output signal to process a set of conjugate gradient parameters (u, b, v, r, ?, ?, ?) at each predetermined interval, thereby updating the first DPD coefficients with the second DPD coefficients u[n] generate a second pre-distorted input signal which is provided to the non-linear electronic device.

Abstract: Methods and apparatus are described for time domain signals. An apparatus includes an electrical circuit coupled to a transmitter which conducts a bit stream of electrical, light or other photonic pulses into an apparatus encoder.

Abstract: Methods and apparatus are described for time domain signals. An apparatus includes an electrical circuit decoder coupled to a receiver.

Abstract: A wireless transmitter processing chain includes digital radio frequency mixing circuitry to generate, in digital form, a representation of a transmit signal including multiple communication channels. From the digital representation, a wideband digital to analog converter creates the analog transmit signal that includes the communication channels. Individual mixers and filters follow, with mixing frequencies tuned to place the communication channels at the desired frequency centers.

Abstract: Methods, systems, and devices for wireless communication are described. A wireless device may communicate using a dynamic cyclic prefix (CP) length to reduce communications overhead. That is, the wireless device may use a CP length that is changeable for each data packet or listen-before-talk (LBT) frame. For example, the wireless device may initially communicate using a first CP length and then receive a dynamic CP indication for subsequent symbols in one or more data packets or LBT frames. The wireless device may then communicate using the different CP length based on the indication. In some examples, the indicated dynamic CP length may be based on a cell radius of a base station, a data direction, or the location of a user equipment (UE) in relation to the base station.

Abstract: The invention concerns a method for conditioning a multicarrier transmit signal using a first or a second set of subgroups of time-frequency resource elements, with a subgroup of the first set of subgroups and a subgroup of the second set of subgroups having common time or frequency resources and being neighbored in time or frequency, wherein a first filter module (FILT1) filters the first set of subgroups using a first filter characteristic by a first set of filter coefficients, and a second filter module (FILT2) filters the second set of subgroups using a second filter characteristic by a second set of filter coefficients, and a base station and a transmitter apparatus (TA) therefor.

Abstract: Coding techniques for a (e.g., OFDM) communication system capable of transmitting data on a number of “transmission channels” at different information bit rates based on the channels' achieved SNR. A base code is used in combination with common or variable puncturing to achieve different coding rates required by the transmission channels. The data (i.e., information bits) for a data transmission is encoded with the base code, and the coded bits for each channel (or group of channels with the similar transmission capabilities) are punctured to achieve the required coding rate. The coded bits may be interleaved (e.g., to combat fading and remove correlation between coded bits in each modulation symbol) prior to puncturing. The unpunctured coded bits are grouped into non-binary symbols and mapped to modulation symbols (e.g., using Gray mapping). The modulation symbol may be “pre-conditioned” and prior to transmission.

Abstract: A receiving circuit capable of estimating frequency offset includes a front circuit and a calculation circuit. The front circuit receives a remote signal to generate a received signal. The calculation circuit includes: an exponentiation module, calculating an exponent of a power to generate a high-order signal; a frequency-domain transform module, performing frequency-domain transform on the high-order signal to generate a spectrum; a peak searching module, searching for a peak of the amplitude of the spectrum to generate a peak coordinate value reflecting a frequency where the peak occurs; an offset estimating module, adding the peak coordinate value with a compensation value to generate a sum, dividing the sum by a first divisor to generate a remainder, subtracting the compensation value from the remainder to generate a difference, and dividing the difference by a second divisor to generate an offset estimation value reflecting the frequency offset.

Abstract: A SOAM virtualization system for a network having at least first and second maintenance entities coupled to each other comprises a network controller coupled to at least one of the first and second maintenance entities through a tunnel for virtualizing a SOAM network function on the at least one of the first and second maintenance entities to which the network controller is coupled. The network controller may be coupled to the first and second maintenance entities through first and second tunnels, respectively. The first maintenance entity may an originator device, and the second maintenance entity may be a destination device, with the network controller virtualizing the SOAM network function on both devices. The network controller may send a packet containing a tunnel header and a SOAM frame via the first tunnel to the originator device, which then sends the packet containing the SOAM frame to the destination device.

Abstract: An information processing apparatus includes a display control unit, a generation unit, and a notification unit. The display control unit displays a device for executing a particular function on a display device. The displayed device includes separate webpages and the separate webpages include a webpage for setting to make the particular function usable. In response to a user selecting the device displayed on the display device, the generation unit generates a uniform resource locator (URL). The generated URL represents the webpage for setting to make the particular function usable. The notification unit notifies the URL generated by the generation unit to a web browser included in the information processing apparatus.

Abstract: A multi-homing Internet service provider switchover system includes a plurality of Internet service provider systems and a respective router device coupled to each Internet service provider system. Each router device is configured to determine that a route to its respective Internet service provider system is unavailable and, in response, advertise as a non-default router device with router lifetime information and lifetime information for an address of its respective Internet service provider system set to zero. A client device receives a router advertisement from a first router device that was selected as a default router device, and determines that it includes lifetime information for an address of its first Internet service provider system set to zero. In response, the client device selects a second router device as the default router device such that traffic is switched from the first router device to the second router device.

Abstract: In general, this disclosure describes techniques for coordinating, with a cloud exchange, automated cloud-based disaster recovery across containers from a failed cloud service to a backup cloud service. In some examples, an orchestration engine for a cloud exchange is configured to: detect an indication of a disruption in a first cloud service provided by a first cloud service provider network coupled to the cloud exchange to send and receive data packets via the cloud exchange; provision, in response to detecting the indication of the disruption in the first cloud service, disaster recovery infrastructure layers in containers of a second cloud service provided by a second cloud service provider network coupled to the cloud exchange; obtain code and state from containers of the first cloud service; and communicate the code and state to the disaster recovery infrastructure layers in the containers of the second cloud service.

Abstract: In an on-vehicle system, the gateway is duplexed, and a countermeasure table is included. The countermeasure table defines a failure phenomenon occurring in communication, an identification method for identifying a factor on whether the failure phenomenon is caused by a failure of the gateway or caused by a security attack on the gateway, and a corresponding countermeasure method. When it is detected that a failure phenomenon has occurred is communication through the gateway, the on-vehicle system determines a factor of the detected failure phenomenon based on the identification method defined in the countermeasure table, and makes countermeasures in accordance with the corresponding countermeasure method.

Abstract: Data generated by a first application analytics module in accordance with a first data collection profile is received. A triggering criterion is detected based, at least in part, on the data. In response to detection of the triggering criterion, a second data collection profile is generated. Availability of the second data collection profile is indicated to a second application analytics module.

Abstract: A method for managing configuration information is disclosed including: an operation support system (OSS)/network management system/(NMS) receiving a lifecycle operation completion message of a virtualized network function (VNF); and sending a management information object instance operation request message corresponding to a lifecycle operation of the VNF to an element management system (EMS) according to the received lifecycle operation completion message of the VNF. A method and device for managing configuration information, an element management system (EMS) and a storage medium are also disclosed.

Abstract: The present invention provides a platform that enables devices, services and applications to be connected together. An in-home gateway device provides the hub for this connectivity, by connecting and coordinating in-home (and/or in-office) devices and cloud-based services. Creating a “connected environment” via this platform requires co-ordinating multiple device manufacturers and service providers, and multiple standards/protocols. Advantageously, the platform removes the requirement for different manufacturers of different devices to adopt common protocols to enable device connection, and further, the platform removes the burden of configuration away from the consumer.

Abstract: Computer systems and methods are provided for storing configuration settings for services that are provided in a cloud infrastructure in a central database, and providing values for those configuration settings to services in the cloud infrastructure when those services request a configuration setting.

Abstract: Apparatuses, methods, systems, and program products are disclosed for conforming electronic communication attachments to a recipient system's settings. One or more characteristics of a resource attached to an electronic communication being sent to a recipient system are determined. It is determined whether one or more characteristics of a resource conform to one or more settings of a recipient system. One or more nonconforming characteristics of a resource are adjusted prior to sending the electronic communication such that the one or more nonconforming characteristics of the resource conform to the one or more settings of the recipient system.

Abstract: System and techniques for network architecture for Internet-of-Things (IoT) device are described herein. An indication may be received from a pre-certified IoT blank device. Here, the indication includes a unique identifier and a request for configuration information. An application to send to the IoT device may be located using the unique identifier. The application may be sent to the IoT device. data from the IoT device corresponding to a sensor on the IoT device operated using the application may be received.

Abstract: In one embodiment, a network node device includes a hardware platform including a central processing unit (CPU) complex, a storage medium and an input/output subsystem to provide network processing and transport of data in a network. The CPU complex is operative to receive a plurality of hardware platform management decisions from a plurality of different network nodes in the network, process the received hardware platform management decisions to yield a hardware platform management proposed action, and issue a command to implement the hardware platform management proposed action in the hardware platform. The hardware platform is operative to implement the hardware platform management proposed action. Related apparatus and methods are also described.

Abstract: The disclosure generally describes computer-implemented methods, software, and systems for modeling and deploying decision services. One computer-implemented method includes creating a connection between a decision service manager and a managed system, establishing a signature of a decision service, developing, using at least one computer, the decision service based upon the established signature of the decision service, performing a deployment readiness check, transferring generated code implementing the decision service to the managed system upon a determination that the deployment readiness check was successful, inserting the generated code into the managed system, and retrieving a deployment status from the managed system.

Abstract: Embodiments are directed towards employing a configuration management system to report one or more assumptions based on whether or not prerequisites for a resource are satisfied. The configuration management system may determine at least one prerequisite that corresponds to a provided resource. The prerequisites may indicate what the resource requires in order to put the system into the target state. If the prerequisites are unsatisfied, then assumptions regarding the system may be determined and reported to a user of the system. The assumptions may include at least a state transition that upon occurrence puts the system into the target state. If the system is in a non-operational mode, such that state actions and state transitions are simulated, rather than being executed, the system may be enabled to perform other actions as if the prerequisites were satisfied and the state transition occurred, even if it is not.

Abstract: Methods, systems, and computer-readable media for determining the maximum throughput of a service are disclosed. A first sequence of load tests is initiated for a service host. Individual ones of the load tests comprise determining a respective throughput at the service host for a respective number of concurrent connections to the service host. The number of concurrent connections increases nonlinearly in at least a portion of the first sequence of load tests. The first sequence of load tests is discontinued when the throughput is not increased by a threshold from one of the load tests to the next. An estimated maximum throughput for the service host is determined based at least in part on the first sequence of load tests. The estimated maximum throughput corresponds to a particular number of concurrent connections to the service host.

Abstract: A method for providing a dormant state for content management servers. Client devices are allowed to conduct transactions with servers when the servers are active. However, in a dormant state, the servers are not allowed to accept new transactions. Thus, by utilizing the dormant state, software upgrades can be made to one server at a time. Alternatively, all servers can be taken down for major upgrades, with the servers still operated in a read-only mode based on a file image from a point in time just prior to the shutdown. When the upgrade is completed, the servers can be returned to the active state.