Abstract: A network node configured to transmit packets to a destination node in a packet network, includes at least one processor and at least one memory including computer program code. The at least one memory and the computer program code are configured to, with the at least one processor, cause the network node to: assemble at least a first packet including a plurality of data units, each of the plurality of data units being grouped into one of a connection group, a network function group or an application group; and transmit the first packet to the destination node.

Abstract: A system and method are provided for controlling visibility of elements of displayed electronic content. The method includes providing via a communications module a user interface viewable by a plurality of entity devices, and enabling via the communications module the user interface to display electronic content comprising at least one element. The method also includes determining at least one filtering criterion for controlling visibility of the at least one element of the electronic content being displayed, and concealing or modifying at least one element of the electronic content as displayed in the user interface for at least one of the plurality of entity devices, according to the at least one filtering criterion.

Abstract: Systems and methods for metadata processing. The method comprises acts of associating, in a first system, metadata with application data processed by a host processor, wherein the application data is protected within the first system by one or more first policies using the metadata, and transferring the application data and its associated metadata to a second system in which the application data is unprotected using metadata processing or is protected by one or more second policies different from the one or more first policies.

Abstract: Systems and methods are provided for submitting data in a computer network. An exemplary method includes: receiving a first request to process a first data at one or more data servers; determining whether the first data includes a plurality of first set of properties; generating a second data having a plurality of second set of properties; providing a plurality of rule sets for submitting the second data; analyzing the second data to determine which of the rule sets is applicable; selecting one or more applicable rules from the rule sets; generating a plurality of third data by applying the one or more applicable rules to the second data; identifying the one or more external sources to distribute the third data; and sending the third data to the one or more external sources.

Abstract: A cable distribution system that includes a head end connected to a plurality of customer devices through a transmission network that includes a remote fiber node that converts digital data to analog data suitable for the plurality of customer devices, where the head end includes a processor. A packetized elementary stream of a video is provided from the head end to customer devices through the transmission network, wherein the packetized elementary stream includes a plurality of groups comprising pairs of packetized elementary stream headers and packetized elementary stream payloads. A first one of the plurality of groups corresponding to a non-predicted coded picture of the video of the packetized elementary stream is determined. The first one of the plurality of groups is encrypted while not encrypting all of the plurality of groups of the video.

Abstract: A compute device of an information handling system includes a security chip. The security chip includes a programmable read only memory, which in turn includes multiple one-time programmable slots and a one-time programmable slot counter. A first slot of the one-time programmable slots stores a first group of keys associated with a first entity of the security chip. A second slot of the one-time programmable slots stores a second group of keys associated with a second entity of the security chip. The one-time programmable slot counter includes multiple entries. Each of the entries is associated with a different one of the one-time programmable slots. Each of the entries is preset to a first value. The one-time programmable slot counter is only able to count in one direction. A first entry of the entries is updated to invalidate the second group of keys associated with the second entity.

Abstract: A messaging system may include an account module that maintains user accounts associated with user identifying data that include a first password required to access the user account. The messaging system may receive message data including a message and identification of one or more of the user accounts the message is to be shared. Upon request, the messaging system may issue a second password to one of the user accounts. When the second password is used to access the user account, the user account may revert to an original state wherein all personalized information, including payment information, associated with the user account is deleted and unrecoverable.

Abstract: A searching method is applicable to Gigabit-capable Passive Optical Network (GPON). The searching method includes: dividing a GPON Encapsulation Mode Port Identifier (GEM Port ID) of a GEM frame into a first portion GEM Port ID and a second portion GEM Port ID; performing a row look-up in a first memory array by using the first portion GEM Port ID, and performing a column look-up in the first memory array by using the second portion GEM Port ID; and identifying a specific bit's position in the first memory array, according to results of the row look-up and the column look-up in the first memory array, wherein the specific bit's position represents a GPON Encapsulation Mode Port (GEM Port) that is used by the GEM frame.

Abstract: Technologies for accelerated HTTP message processing include a computing device having a network controller. The computing device may generate an HTTP message, frame the HTTP message to generate a transport protocol packet such as a TCP/IP packet or QUIC packet, and pass the transport protocol packet to the network controller. The network controller compresses the HTTP header of the HTTP message, encrypts the compressed HTTP message, and transmits the encrypted message to a remote device. The network controller may segment the transport protocol packet into multiple segmented packets. The network controller may receive transport protocol packets that include encrypted HTTP message. The network controller decrypts the encrypted HTTP message to generate a compressed HTTP message, decompresses the HTTP message, and steers the HTTP message to a receive queue based on contents of an HTTP header. The network controller may coalesce multiple transport protocol packets. Other embodiments are described and claimed.

Abstract: Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an API message associated with a new session, wherein the mobile network includes a 5G network or a converged 5G network that includes a multi-access edge computing (MEC) service; extracting mobile network identifier information from the API message at the security platform; and determining a security policy to apply at the security platform to the new session based on the mobile network identifier information.

Abstract: Sender Policy Framework (SPF) is one of the most widely used methods of distinguishing electronic mail that is authorized by the purported sending domain from unauthorized mail. SPF policies are published into a domain's DNS and then looked up and evaluated by mail receivers. Due to the complexity and limitations of the SPF specification, implementation mistakes are widespread. This problem is compounded by the common practice of nesting SPF policies which introduces hidden risks, particularly exceeding DNS lookup limits. To address these issues, inline service provider designation may be configured to capture the benefits of existing techniques without their associated costs. Additionally, the domain owner may enjoy simplified SPF service provider onboarding and policy failover redundancy to protect against SPF service provider disruptions, thus improving policy availability uptime.

Abstract: An example operation may include one or more of receiving a data block for storage on a blockchain from an orderer node, the data block comprising a full-step hash of a storage request and a reduced-step hash of the storage request, performing an approximate hash verification on the data block based on the reduced-step hash of the storage request included in the data block, and in response to a success of the approximate hash verification, committing the data block among a hash-linked chain of data blocks stored within a distributed ledger of a blockchain.

Abstract: Disclosed here is a system and method to determine which wireless telecommunication network functionalities are impaired when using end-to-end encryption and to ameliorate the impairment of the functionality. The system receives a request from a sender device to communicate with a receiver device, where the request indicates whether the sender device is capable of an end-to-end encryption. The system determines whether the receiver device is capable of the end-to-end encryption, and whether the receiver device is associated with a functionality provided by a wireless telecommunication network that is impaired when the end-to-end encryption is used. Upon determining that the receiver device is not capable of the end-to-end encryption or that the receiver device is associated with the functionality that is impaired, the system performs an action to ameliorate the impairment to the functionality.

Abstract: A method for contactless payment relay attack protection includes receiving an online authorization request including a cryptogram, a measured processing time, and a reference processing time from a terminal. The cryptogram is verified, and a determination is performed as to whether the measured processing time exceeds the reference processing time. An online authorization response authorizing or declining a monetary transaction is transmitted, based on the determination. An artificial intelligence transaction analysis can be performed based on past and current conditions (e.g., battery level, operating system, open applications) of a payment device such as a mobile phone, past and current conditions of a terminal, and/or a monetary amount. The online authorization response can be based on the artificial intelligence transaction analysis.

Abstract: A method comprises receiving a session identifier from a streaming system that identifies a user session with the streaming system. The method further includes receiving a first message from a streaming system that is based on a token that is generated based on a combination of the session identifier and a timestamp at which an insertable content item was presented to the user in a content stream by the streaming system. The first message is decrypted using a plurality of timestamps that are within a range of a current time. An identifier is determined for the insertable content item based on the decrypted message. A second message is transmitted to an enabling system, the message including instructions for execution by the enabling system to execute one or more operations with the identified insertable content item.

Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and sending the ciphertext string to a storage device performing deduplication.

Abstract: Embodiments for a method of storing e-mail messages using a cloud native e-mail data protection process. E-mail messages are first compressed and stored in a container along with selected metadata. An Email Record is created for each e-mail message. A Container Record is created for each newly created container, and a Backup Record is created for each container for each backup. Once the required records are created, the process facilitates the execution of backup operations, such as full or incremental backups of the stored e-mail messages. Data tiering is supported so that low cost object storage in the public cloud is used instead of expensive processing methods, such as deduplication backups.

Abstract: Systems, computer program products, and methods are described herein for dynamically permitting and restricting access to and modification of computer resources. The present invention may be configured to receive a change request identifying computer resources to be modified, determine whether privileged access is required to modify the computer resources, and receive credentials from a user device. The present invention may be further configured to generate an encrypted configuration file, determine whether the change request is valid, and further encrypt the encrypted configuration file based on determining that the change request is valid.

Abstract: An electronic device includes a communication unit that communicates with a battery, a storage unit that stores a first identification information of the battery, and a determination unit that determines whether the communication unit is capable of performing a predetermined communication with the battery, in a case where a second identification information of the battery received from the battery is matched with the first identification information stored in the storage unit.

Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.

Abstract: In method of protecting signaling messages in a hop-by-hop network communication link between a source node and a destination node, a source node public digital signature verification key and a respective source node private digital signature key associated with said public digital signature verification key are provided to the source node. The source node public digital signature verification key associated with the source node private digital signature key is also provided to the destination node. The source node builds a message including a sequence of Information Elements, and calculates, for each Information Element, an Information Element hash value. The source node also calculates a sequence hash value of a concatenation of the calculated Information Element hash values, and generates a source node digital signature by digitally signing the calculated sequence hash value. An intermediate node receives and forwards the signaling message to the destination node.

Abstract: A system, method, and apparatus is provided for integrating multiple payment options on a merchant webpage. The method includes receiving, from a merchant system associated with a merchant webpage, a payment data capture request, generating, with at least one processor, web payment capture data based on the payment data capture request, the web payment capture data configured to adapt the merchant webpage to receive payment information input by a user, communicating, to the merchant system, the web payment capture data, receiving, directly from a client computer via at least one client-side script executed by the client computer based on the web payment capture data, the payment information input by the user, generating, with at least one processor, a transient payment token based on the payment information, and directly communicating the transient payment token to the client computer.

Abstract: Systems and methods for verifying files in bulk in a file system. When files are represented by a segment tree, the levels of the segment trees are walked by level such that that multiple files are verified at the same time in order to identify missing segments. Then, a bottom up scan is performed using the missing segments to identify the files corresponding to the missing segments. The missing files can then be handled by the file system.

Abstract: A computer processing hardware architecture system for the Kyber lattice-based cryptosystem which is created with high resource reuse in the compression and decompression module, the operation unit, the binomial samplers, and the operation ordering, wherein the architecture system includes an internal controller operably configured to independently accelerate a plurality of cryptographic Kyber algorithms at all NIST-recommended post-quantum cryptography security levels and is operably coupled to a singular module operably configured to perform compression and decompression as specified in Kyber, perform arithmetic operations utilized in the plurality of cryptographic Kyber algorithms, and reuse hardware resources for all the arithmetic operations utilized in the plurality of cryptographic Kyber algorithms.

Abstract: The technology disclosed teaches protecting sensitive data in the cloud via indexable databases. The method includes identifying sensitive fields of metadata for encryption and for hashing. The method also includes hashing at least partial values in the indexable sensitive fields to non-reversible hash values, concatenating the non-reversible hash values with the metadata for the network events, and encrypting the sensitive fields of metadata. Also included is sending the metadata for the network events, with the non-reversible hash values and the encrypted sensitive fields, to a remote database server that does not have a decryption key for the encrypted sensitive fields and that indexes the non-reversible hash values for indexed retrieval against the indexable sensitive fields.

Abstract: Systems and methods for a communications system architecture having a base station/access points, a multiple operator core Gateway/X2 Gateway, a plurality of Mobile Network Operator core networks and an enterprise core network are present. A first secure tunnel is provided for communicating user-plane traffic between the base station/access points and the multiple operator core Gateway/X2 Gateway. A second secure tunnel is provided for communicating control-plane traffic between the base station/access points and the enterprise core network. Additional secure tunnels are provided for communications between the multiple operator core Gateway/X2 Gateway and each Mobile Network Operator core.

Abstract: A computation is divided into computation tasks that are sent to worker nodes and distributed results are received in response. A redundant subtask is sent to each of the worker nodes, the redundant subtask being a random linear combination of the computation tasks sent to others of the worker nodes. The worker nodes perform the redundant subtasks to produce redundant results. The redundant result of each worker node is combined with distributed results of others of the worker nodes to determine whether one or more of the worker nodes are acting maliciously. Optionally, the worker nodes can be initially evaluated for trustworthiness using a homomorphic hash function applied to an initial computation task and applied to results of the initial tasks. If the results of both hash functions match, then the worker nodes are considered trustworthy and can be used for subsequent computations with redundant subtasks as described above.

Abstract: A method for encrypting a video stream in a video encoder is provided that includes receiving the video stream and encrypting randomly selected pictures in the video stream as the video stream is encoded.

Abstract: A virtual private network (VPN) server connected to a client device within a VPN obtains data for delivery to the client device. The VPN server selects a data stream from a set of data streams of the VPN connection with the client device, where each data stream of the set of data streams has a different encryption context. The VPN server generates a data packet based on the data such that the data packet is encrypted using the encryption context specific to the selected data stream. The VPN server transmits the data packets to the client device via the selected data stream.

Abstract: A method, apparatus, and system for assigning the execution of a cryptography and/or compression operation on a data segment to either a central processing unit (CPU) or a hardware accelerator is disclosed. In particular, a data segment on which a cryptography and/or compression operation is to be executed is received. Status information relating to a CPU and a hardware accelerator is determined. Whether the operation is to be executed on the CPU or on the hardware accelerator is determined based at least in part on the status information. In response to determining that the operation is to be executed on the CPU, the data segment is forwarded to the CPU for execution of the operation. On the other hand, in response to determining that the operation is to be executed on the hardware accelerator, the data segment is forwarded to the hardware accelerator for execution of the operation.

Abstract: A transmitter device of a bus-based communication system may add one or more padding bits, associated with providing traffic flow confidentiality for communication of a payload on a communication bus, either to the payload on a transport layer, or to one or more first frames on a data link layer. The one or more first frames may include a transport layer payload associated with the payload. The transmitter device may transmit one or more second frames, including a data link layer payload associated with the one or more first frames, on the communication bus. A receiver device of the bus-based communication system may receive the one or more second frames on the communication bus. The receiver device may process the one or more padding bits from either the one or more first frames on the data link layer, or from the payload on the transport layer.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for protection of network-based resource transfers via the use of encrypted tags. As such, the system allows for generation of unique encrypted tags which encode authorization parameters for denominations of electronic resources. The system may then authorize or deny requested network-based transfers by utilizing a decryption module to access the authorization parameters for a specific electronic resource denomination. Furthermore, the system may manipulate the encrypted tags to alter the authorization parameters or to track an electronic resource denomination across multiple network-based transfers.

Abstract: A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

Abstract: Metadata associated with content stored in a corresponding primary storage system is received receiving from each secondary storage cluster of a plurality of different secondary storage clusters included in different storage domains. The metadata received from the plurality of different secondary storage clusters is stored and indexed together. A unified metadata search interface is provided for stored data of the corresponding primary storage systems and the plurality of different secondary storage clusters of the different storage domains.

Abstract: Disclosed here is a system and method to determine which wireless telecommunication network functionalities are impaired when using end-to-end encryption and to ameliorate the impairment of the functionality. The system receives a request from a sender device to communicate with a receiver device, where the request indicates whether the sender device is capable of an end-to-end encryption. The system determines whether the receiver device is capable of the end-to-end encryption, and whether the receiver device is associated with a functionality provided by a wireless telecommunication network that is impaired when the end-to-end encryption is used. Upon determining that the receiver device is not capable of the end-to-end encryption or that the receiver device is associated with the functionality that is impaired, the system performs an action to ameliorate the impairment to the functionality.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for generating new keys during a secure communication session. A key derivation function is operatively connected to both a counter and a memory. The key derivation function generates new key material from a first input and a second input in response to a signal provided by the counter. The key derivation function generates the new key material and outputs it to the memory.

Abstract: A method and a system of selective encryption of a test dataset is disclosed. In an embodiment, the method may include determining a relevancy grade associated with each of a plurality of datapoints within a test dataset by comparing the test dataset with a common heat map, wherein the common heat map is generated using a plurality of training datasets. The method may further include calculating, based on the relevancy grade, an encryption level associated with each of the plurality of datapoints. The method may further include selectively encrypting at least one datapoint from the plurality of datapoints based on the encryption level associated with each of the plurality of datapoints. The at least one data point is rendered to a user after being decrypted.

Abstract: Systems and methods are provided for submitting data in a computer network. An exemplary method includes: receiving a first request to process a first data at one or more data servers; determining whether the first data includes a plurality of first set of properties; generating a second data having a plurality of second set of properties; providing a plurality of rule sets for submitting the second data; analyzing the second data to determine which of the rule sets is applicable; selecting one or more applicable rules from the rule sets; generating a plurality of third data by applying the one or more applicable rules to the second data; identifying the one or more external sources to distribute the third data; and sending the third data to the one or more external sources.

Abstract: There is provided an encryption processing method performed by an encryption processing apparatus. The encryption processing method comprises compressing data to obtain compressed data, determining, within the compressed data, a section to be encrypted and encrypting the section to obtain partially encrypted data.

Abstract: A wireless input device includes an information receiving terminal and an information outputting terminal. The information receiving terminal generates a first-portion key. The information outputting terminal receives the first-portion key and generating a second-portion key. An original information is converted into an encrypted information by the information outputting terminal according to the first-portion key, the second-portion key and an encryption algorithm. The encrypted information and the second-portion key are transmitted from the information outputting terminal to the information receiving terminal. The encrypted information is restored to the original information by the information receiving terminal according to the first-portion key, the second-portion key and an encryption algorithm.

Abstract: A system and method for generating content for an encrypted package is provided. A package may be received that includes one or more anti-tamper hash portions and encrypted data, where the encrypted data includes one or more procedural content generation instructions. A portion of the encrypted data including the one or more procedural content generation instructions may be decrypted and a data based on the execution of the one or more procedural content generation instructions and a corpus of data may be generated. The generated data may be encrypted and anti-tamper hashes may be generated based on the encrypted generated data. The generated anti-tamper hashes may be compared to the one or more anti-tamper hashes in the anti-tamper hash portion of the received package.

Abstract: A system, that when operated, creates a database arrangement in a structured manner, wherein the database arrangement stores documents from at least one source, the system including a server arrangement and the database arrangement wherein the server arrangement: retrieves the documents from the at least one source; pre-processes the documents from the at least one source, wherein a given document is pre-processed based on source of the given document; associates a document identifier with each of the documents; extract keywords from the documents; store the documents in the database arrangement corresponding to the document identifiers associated therewith; and create an index for the database arrangement, wherein the index includes document identifier listed corresponding to the extracted keywords.

Abstract: A system for transmitting data is disclosed that includes a file distribution system operating on a processor that is configured to identify one or more files for distribution to a device, forward error correction data for the one or more files, and a cryptographic key associated with the device. A Merkle tree system operating on the processor is configured to receive the forward error correction data and to generate an encrypted root hash. A data transmission system operating on the processor is configured to transmit the one or more files and the encrypted root hash to a predetermined device.

Abstract: A method of executing in-session encryption verification includes receiving a plurality of client data packets for transmission through a network; receiving one or more test data packets for verifying an encryption device; merging the client data packets and the one or more test packets into a data stream; selecting security parameters for each packet in the data stream based on a corresponding packet type; encrypting each packet in the data stream using the encryption device and the corresponding security parameters; and transmitting the data stream comprising encrypted packets through the network. The method also includes decrypting the encrypted packets at a receiving system using congruent techniques.

Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

Abstract: The present invention makes it possible to reduce the volume of communication data necessary for updating the configuration of a circuit unit of a reconfigurable circuit device. In an vehicle control system 10 including an FPGA 3, the FPGA 3 includes a circuit unit including a reconfigurable circuit and a circuit SRAM that stores configuration information of the circuit unit. A transfer check unit that acquires a difference command regarding a change part of a circuit element in the circuit unit, and a data conversion unit 4 that updates the configuration information based on the difference command are provided. Further, in the vehicle control system 10, a non-volatile memory 6 that stores the configuration information to be stored in the circuit SRAM is further provided. The data conversion unit 4 may update the configuration information stored in the non-volatile memory 6 based on the difference command acquired by the transfer check unit.

Abstract: Methods, systems, and devices for wireless communications are described. A user equipment (UE) may identify a communication configuration for a bearer including a first link and a second link. The UE may identify packets for transmission, and each of the packets may be associated with a sequence number. The UE may receive a first grant of first uplink resources and a second grant of second uplink resources, and the UE may determine an association of the packets to the first uplink resources or the second uplink resources based on the sequence numbers of the packets and respective completion times of decoding processes associated with the first uplink resources and the second uplink resources. The UE may transmit the packets over the first uplink resources or the second uplink resources in accordance with the determined association of the packets to the first uplink resources or the second uplink resources.

Abstract: Disclosed are systems and methods for authenticating a wireless module. A method comprises the steps of: (i) generating (1332), by the wireless module (112A), a first encryption value, and retrieving a unique identifier of the wireless module from memory; (ii) verifying (1334), by the wireless module, the generated first encryption value and retrieved unique identifier; (iii) sending (1336), by the wireless module, the retrieved unique identifier and a second encryption value to the gateway (110A); (iv) verifying (1338), by the gateway, the received unique identifier and second encryption value, wherein verifying the second encryption value authenticates the wireless module; (v) sending (1340), by the gateway, a third encryption value to the wireless module; and (vi) verifying (1342), by the wireless module, the received third encryption value, wherein verifying the third encryption value authenticates the gateway.

Abstract: A proxy system is installed on a computing device that is in the network path between the device and the Internet. The proxy system, residing on the computing device, decrypts and inspects all traffic going in and out of the computing device.

Abstract: Sender Policy Framework (SPF) is one of the most widely used methods of distinguishing electronic mail that is authorized by the purported sending domain from unauthorized mail. SPF policies are published into a domain's DNS and then looked up and evaluated by mail receivers. Due to the complexity and limitations of the SPF specification, implementation mistakes are widespread. This problem is compounded by the common practice of nesting SPF policies which introduces hidden risks, particularly exceeding DNS lookup limits. To address these issues, inline service provider designation may be configured to capture the benefits of existing techniques without their associated costs. Additionally, the domain owner may enjoy simplified SPF service provider onboarding and policy failover redundancy to protect against SPF service provider disruptions, thus improving policy availability uptime.