Abstract: A network client device is disclosed having a media streamer for processing a media stream received at a first port of a client device. Further included is a setup controller configured to transmit a set-up request message and a discovery message without waiting for acknowledgement of reception of the set-up request message before transmission of the discovery message, from a second port and the first port respectively, to predetermined ports of a server device.

Abstract: In one embodiment, a processing device receives a request to claim ownership of a first hosted media item on a first media sharing platform, wherein the request is received from a rights holder that holds one or more rights to a claimed media item that is incorporated into the first hosted media item. The processing device adds an indicator of the ownership of the rights holder to a first entry for the first hosted media item in a data store. The processing device determines that a second hosted media item having a threshold similarity to the first hosted media item is hosted by a second media sharing platform. The processing device automatically adds an indicator of the ownership of the rights holder to a second entry for the second hosted media item without receiving a separate request to claim ownership of the second hosted media item.

Abstract: A method for transferring electronic evidence is provided. The law enforcement agencies can make efficient use of social media and other forms of public communications to make a public appeal for information on crimes and other investigations wherein the public appeals allow members of the public to easily submit information and/or media files from smartphones and other computers in a way that allows the submission to be linked to the public appeal (e.g. the specific case file or the attributes of the case file) so that the submission data can be found and accessed by law enforcement investigators.

Abstract: A method, system and computer program product for facilitating inter-proxy communication via an existing protocol. A proxy receives a message (e.g., request message) using a protocol, such as HTTP. If the proxy determines to add proxy relevant information to the message, then the proxy defines a new message header for the inter-proxy communication, which is added to the existing header section of the message. The proxy relevant information is then added in the newly added message header of the message. The message with the proxy relevant information is then transmitted to a subsequent proxy using the protocol of the underlying request-response transaction. In this manner, inter-proxy communications are enabled via an existing protocol (e.g., HTTP) that is used in the request-response transaction so that proxies can communicate with one another pertaining to matters (e.g., maintenance schedule) unrelated to the original intent of the transaction using the existing protocol (e.g., HTTP).

Abstract: In some examples, a system receives first information corresponding to an intelligent transport system (ITS) station, and detects, based on the first information corresponding to the ITS station and based on second information provided by a cellular network relating to the ITS station, misbehavior of the ITS station, the second information includes location information acquired by the cellular network.

Abstract: An on demand content delivery platform for delivering on demand digital assets includes a network transport composed of network elements. A content delivery path extends from an application server, through the network transport, to a client. During content delivery, at a network element, data is inserted into the content delivery path to produce a content stream containing inserted in-stream data. In one implementation, the content is conditioned in accordance with instructions present in the in-stream data. In another implementation, the in-stream data represents session information and is utilized for stateless recovery of session information.

Abstract: Techniques for described for generating session-related timeout parameters that are user-specific in value. A user-specific timeout parameter offers several advantages over a static timeout parameter, including minimized the risk of session hijacking, fewer stale sessions to manage, and timeout parameters that more closely match the user's actual behavior. A value for a timeout parameter can therefore depend on information stored for a specific user. The stored information can indicate user behavior observed over a period of time encompassing multiple sessions and/or multiple accesses to the same or different resources. In certain embodiments, a value for a timeout parameter is determined by a prediction engine implemented using a machine learning (ML) model. The ML model may determine the timeout parameter based on information obtained records associated with the user for whom the timeout parameter value is being determined, as well as information from records associated with other users.

Abstract: A method of a communication device of requesting data of a destination network node via at least one intermediate node in a service chain. The method comprises acquiring a secret session key configured to subsequently verify authenticity of the requested data and first seed data to be used by the at least one intermediate node and the destination node to generate the session key, transmitting the data request, an indication of the service chain to be traversed, and the first seed data to a next-hop node in the service chain, receiving, in response to the forwarded data request, the requested data having been provided with an indication of authenticity by the next-hop node, and verifying the authenticity of the received data using the acquired session key, wherein the received requested data is considered authenticated.

Abstract: A method for automatically detecting video incidents on a video played back by an electronic video playback device, includes acquiring a message; subtracting a counter included in the message previously acquired from a counter included in a message saved in a database to obtain a transition state of the electronic video playback device; classifying, by a supervised automatic learning algorithm, the transition state as a normal state of the played back video or as a video incident on the played back video; performing a video incident detection including the creation of an incident message; transmitting the incident message to a remote system; and recording the acquired message in the database.

Abstract: A method and an apparatus for processing information are provided. A method may include: sending a preset data acquisition request to a target data transmission end included in at least two preset data transmission ends; receiving feedback information from the target data transmission end, and determining whether the feedback information includes the acquired data; determining, in response to determining that the feedback information does not include the acquired data, whether the feedback information includes first fault information for indicating that the target data transmission end malfunctions; and selecting, in response to determining that the feedback information includes the first fault information, a data transmission end other than the target data transmission end from the at least two data transmission ends as a new target data transmission end.

Abstract: In one embodiment, a device in a network intercepts traffic sent from a first endpoint destined for a second endpoint. The device sends a padding request to the second endpoint indicative of a number of padding bytes. The device receives a padding response from the second endpoint, after sending the padding request to the second endpoint. The device adjusts the intercepted traffic based on the received padding response. The device sends the adjusted traffic to the second endpoint.

Abstract: A transfer apparatus comprises: a first storage unit configured to store a whitelist for storing reliable information indicating that communication between a source address and a destination address is authorized; a second storage unit configured to store an addition list including a specific address not included in the reliable information and a valid period of the specific address; a receiving unit configured to receive data; a check unit configured to check whether either a destination address or a source address included in data within the valid period is the specific address; and a generation unit configured to generate specific reliable information indicating that communication between the destination address and the source address included in the data is authorized and register the generated specific reliable information to the whitelist in a case where the check unit confirms within the valid period that either address is the specific address.

Abstract: Techniques for access control of a data processing system are described. In one embodiment, in response to a request from an application for accessing a resource of a data processing system, it is determined a first class of resources the requested resource belongs. A second class of resources the application is entitled to access is determined based on a resource entitlement encoded within the application and authorized by a predetermined authority. The application is allowed to access the resource if the first class and the second class of resources are matched. The application is denied from accessing the resource if the first class and the second class are not matched, regardless an operating privilege level of the application.

Abstract: A communication system includes multiple Point-of-Presence (POP) interfaces and one or more processors. The multiple POP interfaces are distributed in a Wide-Area Network (WAN) and are configured to communicate with at least a client and a server connected to the WAN. The one or more processors are coupled to the POP interfaces and are configured to (i) assign respective Internet Protocol (IP) addresses to the client and to the server, including embedding state information in the assigned IP addresses, and (ii) route traffic over the WAN between the client and the server, in a stateless manner, based on the state information embedded in the IP addresses.

Abstract: A network protocol and transit system that together provide data tunneling designed for anonymous and hidden delivery. The approach protects communications deliverability and attribution for users on any device and in any location, irrespective of the underlying operating environment. The solution provides for a fully “cloaked network” comprising zero-trust nodes, an onion routing-based bi-directional protocol with modular multi-layered encryption, evasive multi-pathing that leverages randomized ephemeral virtual circuit generation, and virtual rendezvous for person-to-person communications. The approach may be implemented “as-a-service,” in a hybrid/bridged network, on-premises, or otherwise.

Abstract: A network configuration (NC) computing device is provided. The NC computing device includes a processor in communication with a memory. The processor is configured to receive a command to initiate a configuration of a network device and present a questionnaire to a user about the network device. The questionnaire includes a plurality of questions about potential configurations of a network device. The processor is also configured to receive a plurality of responses from the user based on the questionnaire, generate a primary configuration file based on the plurality of responses, and transmit the primary configuration file to an installer device associated with the network device. The installer device is configured to install the primary configuration file on the network device.

Abstract: A packet-spreading data transmission system with anonymized endpoints facilitates enhanced fortified private communications between a plurality of arbitrary devices via a plurality of communication channels or networks. The data transmission system receives at a source endpoint device a message of arbitrary length. The message includes a destination address associated with a destination endpoint device. Both source endpoint device and the destination endpoint device are selected from a plurality of arbitrary devices. The received message are fragmented and agilely transmitted, via a plurality of communication channels, from the source endpoint device to the destination endpoint device.

Abstract: A point-to-point Virtual Private Network (VPN) tunnel is established for facilitating fully cloaked transmission of a data packet from a source endpoint device to a destination endpoint device. The data packet includes a payload portion, an inner header, and an outer header. An ‘end-to-end key’, a ‘next-hop-destination key’ and a plurality of ‘next-hop’ keys are calculated. The end-to-end key is used at the source endpoint device and the destination endpoint device respectively to encrypt and decrypt the payload portion. The next-hop keys are used to encrypt the inner header during the hop-to-hop communication from one intermediary node to another, along the incrementally constructed path connecting the source endpoint device with the destination endpoint device. The encryption of the payload portion is maintained throughout the hop-to-hop communication regardless of the number of intermediary nodes traversed by the data packet en route to the destination endpoint device.

Abstract: Live event production and distribution networks, systems, apparatuses and methods related thereto are described herein. The described innovations may be used not only to present live events to audiences, but to do so in a way that provides audience energy and feedback to the performer(s) (e.g., a band) in a manner akin to that which they receive during a traditional live performance, thereby energizing and motivating the performers to give the best live performance they can, even in the absence of a co-located live audience. Some or all of the audience members may be represented by a visual surrogate displayed on an audience feedback screen set up to be viewable by the performers. The screen may be sized to fill a curtain window of stage on which the performers are performing, and the performers may optionally interact with one or more people in the audience during the live performance.

Abstract: A network node (21), which is placed within a core network, receives a message from a transmission source (30) placed outside the core network. The message includes an indicator indicating whether or not the message is addressed to a group of one or more MTC devices attached to the core network. The network node (21) determines to authorize the transmission source (30), when the indicator indicates that the message is addressed to the group. Further, the message includes an ID for identifying whether or not the message is addressed to the group. The MTC device determines to discard the message, when the ID does not coincide with an ID allocated for the MTC device itself. Furthermore, the MTC device communicates with the transmission source (30) by use of a pair of group keys shared therewith.

Abstract: Aspects described herein are directed to the concealment of customer sensitive data in virtual computing arrangements. A local computing platform may receive an object including a customer sensitive object name from a user computing device operating on a same internal domain as the local computing platform. The local computing platform may conceal the customer sensitive object name from a virtual computing platform operating on a domain external from the internal domain. The local computing platform may provide the concealed object name to the virtual computing platform for facilitating object enumeration requests from the user computing device during virtual computing sessions. During a virtual computing session between the user computing device and virtual computing platform, the local computing platform may receive the concealed object name from the user computing device and may perform one or more operations to reveal the object name to the user computing device.

Abstract: A cryptoprocessor has a processor core for receiving and executing instructions of a program code based on a program flow chart, a program memory unit which stores the program code with instructions in an individually encrypted format, wherein the respective instructions contain at least one instruction data word and an instruction data key allocated to the respective instruction, a respective instruction is encrypted using a program data key and the instruction data key of a respective preceding instruction, which is to be executed immediately beforehand in accordance with the program flow chart, and wherein the same instruction data key is allocated to the corresponding possible preceding instructions only in the event that a corresponding instruction in the program flow chart has a plurality of possible preceding instructions, the respective instruction data keys otherwise being unique to the instruction. A decryption unit is also described.

Abstract: A decentralized data authentication system integrates blockchain technologies, independent verification software, a decentralized certificate authority system implemented in the cloud, and a centralized redundant database system that together form data portability systems and data longevity systems that enable the creation of integrated lifetime health records that can be accessed by the patient, provider, and payer using public/private keys. Data portability is provided through creation of a decentralized certificate authority system that allows users to sign and later verify data that has been offline. The decentralized certificate authority system also enables tracking of data and timestamping of data via a neutral timestamping mechanism, such as the blockchain, that cannot be altered.

Abstract: A method for analyzing an attachment of an electronic mail (e-mail) transmitted from an external network may include intercepting the e-mail comprising the attachment intended for a recipient. The method may include analyzing the attachment for encryption to identify an encrypted attachment. The method may include determining whether the encrypted attachment has been received previously by the recipient by comparing a hash corresponding to the encrypted attachment against a plurality of hashes stored in an attachment repository. The method may include attempting to open the encrypted attachment using a password from a password repository comprising a plurality of known passwords. The method may include extracting the encrypted attachment from the e-mail upon failing to open the encrypted attachment using the plurality of known passwords. The method may include redirecting the recipient to an interface configured to prompt the recipient for a new password that is associated with the encrypted attachment.

Abstract: A system for one-click two-factor includes a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (i) receiving an access request from a user, the access request including a first authentication factor; (ii) generating a second authentication factor and a hyperlink that includes the second authentication factor; (iii) providing the hyperlink that includes the second authentication factor to a client device associated with the user; (iv) automatically receiving the second authentication factor in response to selection of the hyperlink by the user; and (v) verifying the first authentication factor and the second authentication factor to authenticate the identity of the user.

Abstract: A device may determine internet protocol (IP) traffic monitoring criteria and may monitor IP traffic based on the IP traffic monitoring criteria. The device may update, based on monitoring the IP traffic, a table of currently active IP traffic flows and may update, based on the table of currently active IP traffic flows, an address resolution protocol (ARP) packet filter. The device may receive one or more ARP packets from a different device and may determine whether to accept or discard the one or more ARP packets based on the ARP packet filter. The device may update an ARP table based on determining to accept the one or more ARP packets.

Abstract: A system for determining fingerprints includes an interface to receive an indication to determine fingerprints using a set of client data, and a processor to determine a set of indicators based at least in part on the client data and for one or more indicators of the set of indicators, determine whether the indicator comprises a fingerprint based at least in part on a frequency analysis, and in the event it is determined that the indicator comprises a fingerprint, store the fingerprint in a fingerprint database associated with the client.

Abstract: An information processing device using a primary function provided by a first server, includes a processor configured to receive, from the first server, access destination data effecting redirection to a second server providing a secondary function to be used by the primary function, send key data for encryption to the second server by adding the key data for encryption to the access destination data, transferring the access destination data to a browser, and redirecting the browser, and decrypt encrypted data based on at least a part of a response by the secondary function, the encrypted data being included in a response by the primary function, by using key data for decryption, the key data for decryption being adapted to the key data for encryption.

Abstract: A method for preventing duplicate processing of a payment transaction includes: generating a first data structure with a first predetermined time interval and generating a second data structure with a second predetermined time interval. A first overlap region and second overlap region of the first and second predetermined time interval are defined by a same time interval. The method includes receiving first transaction data associated with a first payment transaction, receiving second transaction data associated with a second payment transaction, and determining based on a first transaction ID and a second transaction ID, that the second payment transaction is a duplicate of the first payment transaction. A computer program product and system for preventing duplicate processing of a payment transaction are also disclosed.

Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).

Abstract: An information handling system includes a processor, a peripheral component interconnect express (PCIe) endpoint, and a PCIe downstream port. The PCIe downstream port blocks PCIe vendor-defined messages (VDMs) from the PCIe endpoint as a default mode, changes to a second mode in response to the PCIe endpoint being verified, and allows PCIe VDMs from the PCIe endpoint while in the second mode.

Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

Abstract: Among other things, embodiments of the present disclosure can collect and analyze asset and network data from multiple sources, and use such data to present a more complete and accurate representation of the network connections between various systems and software applications and the policies dictating the operation of security controls on a network compared to conventional systems.

Abstract: According to one embodiment, there is provided an anonymization system including at least one encryption apparatus, an anonymization apparatus, and a decryption apparatus. The encryption apparatus store personal data including one or more values for each item, and generates encrypted data from the personal data by encrypting the one or more values for each item included in the personal data. The anonymization apparatus generates encrypted anonymized data from the encrypted data without decryption by anonymizing one or more values for at least a portion of the items of the encrypted data. The decryption apparatus generates anonymized data from the encrypted anonymized data by decrypting the encrypted anonymized data.

Abstract: Computer implemented systems and methods are provided for securing data. In some embodiments, a system for securing data may comprise one or more processors configured to receive a request for data over a network. The one or more processors may be configured to identify one or more confidential portions of data within the requested data. The one or more processors may be further configured to transmit the confidential portions of data to a hardware device configured to secure the confidential portions of data, and receive the secured data from the hardware device.

Abstract: A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.

Abstract: Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.

Abstract: The present technology relates to an information processing apparatus, an information processing method, and an information processing system capable of achieving appropriate load balancing in a case where a plurality of proxies is installed. The information processing apparatus functions as a proxy that receives a content stream distributed for each of a plurality of services and transmits the content stream to a client device connected to a network, the proxy being configured to function as a master proxy for a slave proxy, and determines a service coverage range corresponding to a predetermined policy, for each of the proxies, making it possible to achieve appropriate load balancing in a case where a plurality of proxies is installed. The present technology can be applied to, for example, an FW proxy device connected to the network such as a home LAN, a head end of a cable operator, and a base station of a mobile network.

Abstract: The present disclosure relates to a data processing method and apparatus, a terminal and an access point computer, which can achieve an effect that the terminal accesses multiple access points at the same time. The method includes: receiving an application access request; determining a target access point corresponding to the application access request according to a mapping relationship between the access point and an application server obtained from a blockchain network; sending a software defined perimeter SDP authentication request to the target access point; and after the SDP authentication succeeds, performing interaction of application data through a data channel established with the target access point, wherein the data channel has a period of validity of a preset time length.

Abstract: A device may monitor traffic associated with a user equipment (UE) on multiple interfaces of a network. The device may determine an identity associated with the UE or the traffic on the multiple interfaces by correlating identifiers associated with the UE or the traffic across the multiple interfaces. The identity may uniquely identify a subscriber associated with the UE or the traffic. The device may determine a set of elements to be used to decipher the traffic after determining the identity associated with the UE or the traffic. The device may decipher the traffic utilizing the set of elements after determining the set of elements.

Abstract: In some examples, a system for executing instructions can include a processor to detect data to be transmitted to a storage device in response to a write operation. The processor can also determine that the data comprises a compressible characteristic that enables compression of the data to a size below a threshold value. Additionally, the processor can generate a modified data block by encrypting the compressed data, and adding a padding to the compressed and encrypted data. Furthermore, the processor can transmit the modified data block to the storage device.

Abstract: A method of handling a message comprises receiving a message comprising content such as keywords, receiving a selection of one or more recipients for the message, identifying that at least one recipient is unfamiliar with a portion of the message, and notifying the composer of the message of the portion.

Abstract: A control device of an integrated industrial system which is established in a plant, the control device includes a defender configured to perform a countermeasure of restricting at least a part of functions of a self-device, based on a detection result of a detector which detects a cyber-attack from at least one of inside and outside to the integrated industrial system.

Abstract: A socket service may be used to link a peer socket to another peer socket. The peer socket is for communicating data to and from a client device and the other peer socket is for communicating data to and from another client device. If a socket opens and the corresponding peer socket is not yet open then the socket waits for the corresponding peer socket to open. When a client device requests a socket to be opened, the client device requests a particular client-defined function mapping to be associated with the socket. When the socket is opened, the endpoint specified in the client-defined function mapping is invoked. An identifier associated with the client device is sent to the endpoint. If the endpoint returns a socket identifier for another socket, then the socket service links the peer socket to the other peer socket, linking the client device to another client device.

Abstract: An integrated communication system and a service provisioning method thereof are provided. The integrated communication system includes a core network entity, a service provisioning system and an intermediary apparatus. The core network entity is resided in the mobile network. The service provisioning system is conformed to a wired network other than the mobile network. The intermediary apparatus is connected between the core network entity and the service provisioning system. The intermediary apparatus receives a configuration data with a first format conformed to the wired network from the service provisioning system, and transforms the configuration data into a configuration command with a second format conformed to the mobile network. The core network entity operates according to the configuration command. Accordingly, an operator of the wired network can manage network entities and network devices in the mobile network without knowledge of operation support system (OSS) platform of the mobile network.

Abstract: An electronic device includes a memory; a communication interface; and a processor configured to: based on a source device connected through the communication interface being identified to support a version of content transmission encryption, change first Extended Display Identification Data (EDID) information stored in the memory to second EDID information; and change a hot plug detect signal related to the communication interface from a low state to a high state.

Abstract: A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.

Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device monitors navigation activity of another computing device with website(s) to generate client navigation history and server navigation history. The computing device also facilitates storage of the client navigation history based on a first blockchain and storage of the server navigation history based on a second blockchain. Based on a request to deliver tailored content from a website to the computing device, the computing device determines whether the client navigation history based on the first blockchain compares favorably to the server navigation history based on the second blockchain and selectively delivers or blocks the tailored content.

Abstract: A source virtual private network (VPN) gateway supports a local source subnet and communicates over a wide area network (WAN) with a destination VPN gateway that supports a local destination subnet. The source VPN gateway receives from the local source subnet an Internet Protocol (IP) packet destined for the local destination subnet, determines a security association (SA) based on a source IP address and a destination IP address of the IP packet, and encapsulates the IP packet with tunnel encapsulation including a tunnel protocol header and a tunnel outer IP header, to produce a clear-text tunnel packet. The source VPN gateway encrypts the IP packet and the tunnel protocol header but not the tunnel outer IP header using an encryption key and a security parameter index for the SA, to produce an encrypted tunnel packet, and tunnels it to the destination VPN gateway over the WAN.

Abstract: Method and apparatus to provide protocol translation and selectable data exchange in a client/server system are provided. A tag list is extracted from a legacy client device 116 connected to a legacy server 114 using a protocol corresponding to the legacy server. A configuration manager device 120 is used to configure the extracted tag list to obtain a selected tag list excerpt of the extracted tag list. The configuring device is arranged to map the selected tag list excerpt to a configuration adapted for a respective 112 server, and to define contextualization. Server 112 provides industrial automation services using a next-generation protocol, e.g., OPC UA or MTConnect. A tag list is generated to configure server 112. A stream of data points of the selected tag list excerpt of the tag list extracted from the legacy client device is transferred to one or more client devices 124 connected to server 112.