Abstract: A policy enforcement application receives input specifying policy constraints for resources of a given type. The application imports a pre-existing resource into the policy enforcement application, and determines, by the policy enforcement application, that the pre-existing resource is of the given type. Responsive to determining that the pre-existing resource is of the given type, the application determines that the pre-existing resource does not comply with the policy constraints. The application determines an owner of the resource based on metadata associated with the resource, and prompts the owner with a set of recommended configuration changes. Responsive to receiving a selection of a selectable option from the owner, the application reconfigures the resource with the recommended configuration changes.

Abstract: A system for implementing secure interaction sessions through dynamic routing paths comprises a processor associated with a server. The processor communicates a traversal key to a communication equipment in response to verifying an authentication token from a communication equipment to implement an interaction session. The traversal key is associated with a routing path that comprises a particular set of entry points for a set of resources. The processor allows the communication equipment to traverse the routing path and generates a traversal path associated with the interaction session. The traversal path identifies the entry points of the set of the resources that are accessed by the communication equipment during the interaction session. The processor generates a second hash value based on a set of ciphers associated with the entry points. The processor completes the interaction session with the communication equipment if the second hash value matches the first hash value.

Abstract: A system and method for sending end-to-end encrypted messages comprising a sender's web browser, a recipient's web browser, and a server. The system and method avoid both the sender and the recipient having to download encryption programs themselves onto their respective computers. In addition, the system and method ensure that unencrypted messages are never disclosed to the server. The system and method operate by first downloading the web browser files, verifying them and then preventing the web browser page from refreshing, thereby preventing malicious code from entering the web browser each time the web browser page would normally be refreshed. The system and method also provide for securely implementing cryptography using client-side scripting in a web browser.

Abstract: A method and computer readable software for providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec) are disclosed. In one embodiment a method includes designating each IPsec node with a unique node identifier, the IPsec node; performing a hash function on a random SPI to provide a randomized SPI; and assigning the randomized SPI to an IPsec tunnel associated with an IPsec node.

Abstract: In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.

Abstract: A method of cryptographically binding communication parties includes assigning attributes to parties, and performing a combine operation including creating communication keys. Data is encrypted using a session key. A recombine operation includes receiving output parameters, along with the session key if the parameters are validated. A cryptographic communication binder includes an attribute mixer configured to assign attributes to the parties, and a combiner configured to create communication keys. A communication key generator is configured to combine attributes to create the session key. A first cryptographic engine is configured to encrypt data using the session key and create output parameters. A recombiner is configured to receive the output parameters and identity attribute, validate the parameters, and identify and validate the originator.

Abstract: A system includes a processor of an ID verification node connected to at least one web server node over a network and a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor of the ID verification node connected to at least one node over a network; a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor to: acquire verifiable ID scan image data of all users within a country of residence; receive users' profile data; generate encrypted user profile attributes comprising DNA; execute a transaction to store the encrypted user profiles on a ledger along with corresponding access policies; and generate an intermediate representation for each user based on the verifiable ID scan image data and the encrypted user profile attributes.

Abstract: Techniques disclosed herein are well suited to restoring deduplicated backup data from cloud-based storage and from multi-node replicated files systems, and they also improve performance in more traditional data storage technologies. Pre-restore steps include analysis of deduplication indexes to identify data segments that are stored consecutively on storage media. Reading data in aggregate runs of consecutively stored data segments reduces interactions with storage media that hosts the deduplicated data and speeds up retrieval. Parallel reads from multiple storage devices in multi-node replicated file systems also speed up retrieval. An illustrative enhanced media agent pre-fetches data (stored in deduplicated form) in anticipation of read requests that are expected in the restore operation.

Abstract: A system, method, and computer program product for authenticating a user for a transaction; generate an electronic wallet key pair including an electronic wallet public key and a corresponding electronic wallet secret key, the electronic wallet key pair associated with an electronic wallet transaction processing system; receive a payment gateway public key corresponding to a payment gateway secret key, the payment gateway public key and the payment gateway secret key associated with a payment gateway system; generate a public re-encryption key based on the payment gateway public key; communicate, to the payment gateway system, the public re-encryption key; receive or determine encrypted transaction data associated with a transaction, the encrypted transaction data including an account identifier encrypted with the electronic wallet public key; re-encrypt the encrypted transaction data with the public re-encryption key; and communicate, to the payment gateway system, the re-encrypted transaction data.

Abstract: A device includes: a certificate check unit that, when a public key of a user A in a public key certificate stored in an IC card owned by the user A of a calling-side A telephone set using SIP is read and transmitted by the A telephone set and then received by a SIP server, checks validity of the public key certificate with an authentication server that authenticates the validity; a random number generation unit that generates a random number r when the validity is confirmed; and a signature verification unit that verifies that personal identity information on the user A in a DB is legitimate when a locked random number r, which is obtained by converting the random number r by using a private key kept in an IC card read by the A telephone set, is converted into the original random number r by using the public key.

Abstract: An information processing apparatus includes a request reception unit configured to receive a request for executing an execution module, a first alteration detection unit configured to detect an alteration of a white list upon reception of the execution request, a second alteration detection unit configured to detect an alteration of an execution module which has issued the execution request, by using a white list determined to have no alteration by the first alteration detection unit, and an error control unit configured to, upon detection of an alteration by the second alteration detection unit, select and control whether to deactivate a system of the information processing apparatus or to inhibit only execution of the execution module which has issued the execution request, depending on a current activation mode of the information processing apparatus and an activation mode using the execution module which has issued the execution request.

Abstract: A method for Internet Key Exchange (IKE) re-authentication optimization includes sending, by a first network device and a second network device, a notification, which contains new Security Parameters Index (SPI) for new security association (SA), and sending, by the first network device alone, an OLD_SPI notification to map SPI of Internet Protocol Security (IPsec) (Authentication Header (AH)/Encapsulating Security Payload (ESP)) with the old IPSec SA.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: A method (200) is disclosed for operating a constrained device within a network, the network comprising a firewall deployed between the constrained device and a manager. The method comprises receiving from the manager configuration information for an Attack Vector data Object and a Port Control Protocol (PCP) configuration data Object on the constrained device (210). The configuration information comprises a value for a Resource in the Attack Vector data Object (210a) and a value for a Resource in the PCP configuration data Object (210b). The method further comprises sending a PCP Request to the firewall in accordance with the PCP configuration data Object, the PCP Request including the Resource value for the Attack Vector data Object received in the configuration information (220). Also disclosed are methods (400, 500) and apparatus for managing a constrained device.

Abstract: Identifying Internet of Things (IoT) devices with packet flow behavior including by using machine learning models is disclosed. Information associated with a network communication of an IoT device is received. A determination of whether the IoT device has previously been classified is made. In response to determining that the IoT device has not previously been classified, a determination is made that a probability match for the IoT device against a behavior signature exceeds a threshold. The behavior signature includes at least one time series feature for an application used by the IoT device. Based at least in part on the probability match, a classification of the IoT device is provided to a security appliance configured to apply a policy to the IoT device.

Abstract: Examples described herein relate to a network interface device comprising dataplane circuitry, when operational, is to generate a representation of aggregated network resource consumption information based on network resource consumption at the network interface device or at least one other network device and to transmit at least one packet with a multi-bit representation of the aggregated network resource consumption information to a second network interface device. In some examples, the network resource consumption information comprises one or more of: available transmit bandwidth, transmit bandwidth used by a queue or flow, queue depth, measured queueing time duration, expected queueing time duration, packet latency, or normalized in-flight bytes.

Abstract: Methods and systems for securing distributed systems are disclosed. The distributed systems may include data processing systems subject to compromise by malicious entities. If compromised, the data processing systems may impair the services provided by the distributed system. To secure the distributed systems, the data processing systems may implement a security framework. The security framework may utilize a hierarchy that defines authority for validating trusted entities. The hierarchy may vest authority across the distributed system, and may be based on a reputation (e.g., weighted reputation) of each of the data processing systems within the distributed system. Consequently, the impact of compromise of a data processing system may be limited by the distributed authority.

Abstract: A computer-implemented method of generating and distributing keys includes generating, based on a master key, a keyset, wherein the keyset comprises a re-encryption key, generating a key distribution request comprising the keyset, encrypting the keyset using an inbox key associated with a client device to generate an encrypted keyset, sending the re-encryption key to a key manager, and causing to distribute the encrypted keyset to the client device.

Abstract: A firewall intelligence system, includes a data storage storing a set of firewall rules for a network; a recommendation engine that receives, from a log service, traffic logs detailing traffic for the network and firewall logs detailing the usage of firewall rules in response to the traffic for the network, accesses, from the data storage, the set of firewall rules for the network; processes the set of firewall rules to evaluate the firewall rules against a set of quantitative evaluation rules to determine one or more firewall rule recommendations, wherein each firewall rule recommendation is a recommendation to change at least one of the firewall rules in the set of firewall rules; and a front end API that provides data describing the one or more firewall rule recommendations to a user device.

Abstract: Methods, systems and apparatus for controlled data transmission within leveled data environments is provided. Methods may include transmitting a dataset, using a data driver, from a first data environment to a second data environment. Methods may include intercepting the dataset at a reception gateway. Methods may include transmitting an identification. The identification request may request an original data environment from which the data originated; and a destination data environment to which the data is being transmitted. Methods may include in response to receiving a reply to the identification request, authenticating the reply. Methods may include initiating a security level compatibility check. Methods may include determining whether the first data environment is compatible with the second data environment. Methods may include transmitting the dataset through an auto-sanitization engine. Methods may include fragmenting the data into a plurality of data segments.

Abstract: Aspects of this disclosure relate to acoustic wave filters with bulk acoustic wave resonators. An acoustic wave filter can include a first bulk acoustic wave resonator configured to excite an overtone mode as a main mode and a second bulk acoustic wave resonator having a fundamental mode as a main mode.

Abstract: A SSH (secure shell) public key is received from a client device 120 120 on the enterprise network, and an EMS device 140 is queried based on the SSH public key. Responsive to confirmation of registration from the EMS server, an authentication certificate based on a user and the client device 120 120 is generated. An SSH session is initiated on behalf of the client device 120 120 including submitting the certificate and the SSH public key from the client device 120 120 to the external server.

Abstract: A method including transmitting, by a device to a storage server, a request to receive encrypted content and one or more encrypted keys stored in association with the encrypted content; receiving, by the device from the storage server, the encrypted content and the one or more encrypted keys; receiving, by the device, a master string of alphanumeric characters; determining, by the device, a master key based at least in part on the master string; decrypting, by the device based at least in part on utilizing the master key, an encrypted assigned private key associated with the device to determine an assigned private key, the encrypted assigned private key being included in the one or more encrypted keys; and decrypting, by the device, the encrypted content based at least in part on utilizing the assigned private key is disclosed. Various other aspects are contemplated.

Abstract: A method is disclosed that includes the step of: responsive to determining, based on input data, that a gateway system is receiving power from a power source of a mobile asset and the mobile asset is not in-use, transitioning the gateway system from a first mode to a second mode, wherein transitioning comprises turning on a functionality of the gateway system that is turned off when the gateway system is operating in the first mode.

Abstract: A method for automatically securing endpoint device data communications includes establishing, between a first server and an endpoint device, a persistent virtual private network (VPN) connection, the endpoint device configured to automatically establish the persistent VPN connection upon establishing network connectivity. The first server provides, for the endpoint device, a network address translation (NAT) firewall service. The first server receives a plurality of data packets from a third computing device. The first server inspects each of the received plurality of data packets. The first server determines whether to block one of the plurality of data packets or to forward the one of the plurality of data packets to the second computing device. The first server blocks the one of the plurality of data packets based upon a determination that the one of the plurality of data packets fails to satisfy a security rule.

Abstract: A network infrastructure component determines a risk measurement associated with a wireless client device's use of a device address, and provides an advisory with respect to an address rotation strategy of the wireless client device based on the risk measurement. In some embodiments, the risk measurement is based on one or more of an exposure, by the wireless client device, of information on the wireless network that identifies the wireless client device and/or a characterization of a security of the wireless network environment in which the wireless client device operates.

Abstract: Techniques for application identification for phishing detection are disclosed. In some embodiments, a system/process/computer program product for application identification for phishing detection includes monitoring network activity associated with a session to detect a request to access a site; determining advanced application identification associated with the site; and identifying the site as a phishing site based on the advanced application identification.

Abstract: Techniques for real-time updating of encryption keys are disclosed. In the illustrative embodiment, an encrypted link is established between a local and remote processor over a point-to-point interconnect. The encrypted link is operated for some time until the encryption key should be updated. The local processor sends a key update message to the remote processor notifying the remote processor of the change. The remote processor prepares for the change and sends a key update confirmation message to the local processor. The local processor then sends a key switch message to the remote processor. The local processor pauses transmission of encrypted message while the remote processor completes use of the encrypted message. After a pause, the local processor continues sending encrypted messages with the updated encryption key.

Abstract: A terminal device may receive information indicating a first key from a first communication device, receive information indicating a second key from a second communication device. receive first encrypted connection information from a first communication device as a response to a request, decrypt the first encrypted connection information by using the first key indicated by the information received from the first communication device so as to obtain connection information, generate second encrypted connection information by encrypting the obtained connection information by using the second key indicated by the information received from the second communication device; and send the second encrypted connection information to the second communication device, wherein the second communication device decrypts the second encrypted connection information received from the terminal device and establishes a wireless connection with a specific device by using the connection information.

Abstract: A computer network security manager device connects to a first wireless router and then connects to a plurality of devices (e.g., a plurality of IoT devices). The computer network security manager device then performs device agnostic activation of the plurality of devices to enable the plurality of devices to perform respective functions of each device. The security manager device prevents the plurality of devices from connecting directly to the first wireless router and only allows other devices on the Internet to communicate with the plurality of devices according to specific firewall rules. In response to receiving an indication that the first wireless router to which the network security manager device is connected is out of service or no longer exists, the network security manager device prevents other devices on the Internet from being able to communicate with the plurality of devices.

Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Abstract: A transmitting multi-link device (MLD) includes circuitry and a transmitter. The circuitry, in operation, constructs an Additional Authentication Data (AAD) and a Nonce, and encapsulates a plaintext medium access control (MAC) protocol data unit (MPDU), the AAD, and the Nonce to generate an encapsulated MPDU. The AAD includes an Address 1 (A1) field, to which a recipient MLD's MAC address is set, and an AAD Address 2 (A2) field, to which the transmitting MLD's MAC address is set. The Nonce includes a Nonce Address 2 (A2) field, to which the transmitting MLD's MAC address is set. The transmitter, in operation, transmits the encapsulated MPDU to the recipient MLD on a first link.

Abstract: According to one embodiment, a method, computer system, and computer program product for establishing access to vehicles is provided. The embodiment may include identifying at least two devices, including a requesting device and a target device. The embodiment may also include identifying one or more networks, including at least one alternative network. The embodiment may further include evaluating each network from the one or more networks to determine a best network. The embodiment may also include establishing access from the requesting device to the target device over the determined best network.

Abstract: A computer implemented method for remote intrusion monitoring of a networked device. The method includes: receiving, by an intrusion detection engine connected to a network, a network communication to a first networked device; transmitting, via the intrusion detection engine, a duplicate of the network communication to a second networked device, wherein the second networked device hosts at least one virtual model of the first networked device; applying the duplicated network communication to the at least one virtual model of the first network device hosted by the second networked device; and monitoring, using a monitoring engine, the at least one virtual model of the first networked device upon reception of the duplicated network communication by the at least one virtual model.

Abstract: A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.

Abstract: In some examples, a system includes a router device and a first adapter device in communication with the router device. The first adapter device includes processing circuitry configured to: communicate with the router device, wherein the router device is incapable of communicating in accordance with the MACsec protocol. The processing circuitry is further configured to establish an encrypted connection in accordance with the MACsec protocol between the first adapter device and a remote device, determine that the encrypted connection is offline, and output a message to the router device that the encrypted connection is offline. The router device is configured to communicate with the remote device via a second adapter device configured to communicate in accordance with the MACsec protocol and bypass the first adapter device.

Abstract: According to one aspect of the technique of the present disclosure, there is provided a method for securely communicating data. The method includes: (a) establishing a first encryption scheme, a data integrity checking scheme, an encryption key and an authentication key through a communication connection with a receiver; (b) generating a random key; (c) generating secure data including random key information obtained by encrypting the random key using the encryption key and the first encryption scheme; authentication information generated based on the random key, the data integrity checking scheme and the authentication key; and data information obtained by encrypting data using the random key and a second encryption scheme whose operation load is lower than that of the first encryption scheme; and (d) transmitting the secure data to the receiver.

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

Abstract: A computer generates a first encrypted message by encrypting an unencrypted message for decryption at a receiving device. The computer couples the first encrypted message with addressing data associated with the receiving device to generate a coupled message. The computer generates a second encrypted message by encrypting the coupled message for decryption at a data transmission service. The computer transmits the second encrypted message via the data transmission service to enable the receiving device to read the unencrypted message.

Abstract: Techniques for messaging based on trust levels and resource limitations in a mesh network include receiving, by a first node of a mesh network, a message; determining, by the first node, a security key type based on a resource parameter associated with a neighbor node included in the mesh network; securing, by the first node, the message using a security key of the security key type; and transmitting, by the first node, the secured message to the neighbor node. The resource parameter associated with the neighbor node comprises at least one of an amount of memory used to decrypt the secured message at the neighbor node, an amount of power used to decrypt the secured message at the neighbor node, or an indication of an amount of power remaining at the neighbor node.

Abstract: A content delivery system for delivering an audio and/or video content to a mobile terminal is deployed on top of a mobile network and includes plural edge cache servers arranged using a star or hierarchical topology. The edge cache servers are connected to respective aggregation nodes of the mobile network such that a configurable breakout function of the nodes enables routing thereto packets addressed to an anycast addressing associated with the servers. When receiving a request, from the mobile terminal, for obtaining a manifest file of the audio and/or video content, an edge cache controller of the content delivery system creates a session identifier including a unicast addressing part pointing to the controller, and redirects the mobile terminal to the anycast addressing of the servers. The servers then obtain the session identifier from the mobile terminal and use the unicast addressing contained therein to receive context information from the controller.

Abstract: Methods, systems, and computer readable media for processing QUIC communications in a network. An example system includes a first network interface for receiving a QUIC connection request from a first node in the network and, in response, establishing a first QUIC connection between the first node and the system. The system includes a QUIC processing module configured for receiving, via the first QUIC connection, encrypted QUIC data including a number of streams and decrypting the encrypted QUIC data, resulting in decrypted QUIC data. The QUIC processing module is configured for extracting each of the streams from the decrypted QUIC data, resulting in a plurality of extracted streams, and packaging at least one of the extracted streams into a non-QUIC protocol format, resulting in at least one packaged stream. The system includes a second network interface for transmitting the packaged stream to a second node in the network.

Abstract: Methods and systems to remotely operate robotic devices are provided. A number of embodiments allow users to remotely operate robotic devices using generalized consumer devices (e.g., cell phones). Additional embodiments provide for a platform to allow communication between consumer devices and the robotic devices. Further embodiments allow for training robotic devices to operate autonomously by training the robotic device with machine learning algorithms using data collected from scalable methods of controlling robotic devices.

Abstract: A pseudo-active/active firewall configuration handles firewall switchover events with minimized session disconnection. A passive firewall is set to an active state, and an active firewall is switched to a pseudo-active state wherein it continues to process ingress and egress traffic according to traffic handling protocols for its active state. During updating of a corresponding Network Address Translation (NAT) table to route traffic to the now-active firewall, the pseudo-active firewall enters a forwarding state wherein it forwards ingress network sessions to the now-active firewall and processes the ingress network sessions according to its active state. The now-active firewall receives the ingress network sessions and records session states prior to discarding them. After updating the NAT table, when traffic is routed to the now-active firewall, the recorded session states are used to maintain active sessions.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Abstract: Disclosed embodiments provide systems, methods, and computer-readable storage media for secure data communication between two devices. A disclosed system responds to a request from an originating communication device in a first network to connect with a communication device in a second network, for communication, by receiving a request from the communication device in the first network, the request including payload data and a destination network address in the second network. The system then transmits the received payload data to the destination address in the second network after analyzing the payload data for network intrusion. When the analysis does not indicate network intrusion, the system determines a route to the destination network address by looking up the destination address in a routing table and forwarding the payload data to the destination network address in the second network. If the analysis indicates network intrusion, the system discards the payload data.

Abstract: The present disclosure relates to system and techniques for receiving data from one or more sensors associated with a person and controlling the use and redistribution of that data so it is used in an intended manner. In particular, the data is related to a gait and/or mobility of the person.

Abstract: A network node (700) of a radio access network (RAN) of a wireless communication network (10) provides user plane security by establishing a secure tunnel between first and second tunnel endpoints (160, 180, 370, 195, 220, 230) that will handle respective protocol layers of a same protocol stack for a Data Radio Bearer (DRB) (330, 340, 350, 360) that is dedicated to user plane traffic and has yet to be established. Establishing the secure tunnel comprises exchanging an inner Internet Protocol (IP) address and an outer IP address of each of the endpoints (160, 180, 370, 195, 220, 230) between the endpoints (160, 180, 370, 195, 220, 230).

Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Metrics may be determined based on monitoring network traffic associated with a plurality of entities each associated with a profile that includes the metrics for each entity. Beaconing metrics associated with beaconing activity may be determined based on the metrics. The profile of each entity may be compared with the beaconing metrics to determine the entities that may be engaged in beaconing activity. The entities may be characterized based on beaconing activity such that the beaconing activity includes communication with endpoints associated with the third parties, employing communication protocols associated with the third-parties, or exchanging payloads consistent with the beaconing activity. Reports that include information associated with the entities and its beaconing activity may be generated.

Abstract: Systems and methods for secure peer-to-peer communications are described. Devices registered into trusted network may be capable of establishing a shared data encryption key (DEK). In embodiments, each device may be configured to obtain a share of a data encryption key (DEKi) that can be stored locally. The shares may be shares in an M of N Secret Sharing Scheme. This may involve a network that includes an integer, N, devices, and in which M devices may share a secret (i.e. the DEK) during communications, M being an integer less than or equal to N. To obtain the entire DEK during encryption/decryption, a requesting device may send requests to M of N devices for their shares of the DEK. Once M shares are obtained, they may be used generate the DEK for encrypting/decrypting data between the devices.