Abstract: Joint estimation of the framer index and the frequency offset in an optical communication system are described among various other features. A transmitter can transmit data frames using pilot and framer symbols. A receiver can estimate the framer index and frequency offset using the pilot and framer symbols, and identify the beginning of a header portion of a data frame. By identifying the beginning of the header portion of a data frame, the receiver can then process data received from the transmitter in a manner synchronous to the manner in which the data was transmitted by the transmitter.

Abstract: A system and method for orchestrating secure digital signing of a document is provided. In a method a user may be required to sign a document using a digital signature. The method may include obtaining data elements, including a biometric data element and a location data element, associated with the user to verify the user. The authenticity of the data elements may be verified by means of cryptographic attestation and by comparing the biometric data element with user data stored in a user record. In response to verifying the data elements, a payload may be generated, including the data elements, and a hash algorithm may be performed on the payload. A hash of the payload obtained by the hash algorithm and a document identifier may be sent to a secure module unique to the user, via a signing application, for signing of the document.

Abstract: A network security computing system includes a steganographic communications analysis engine monitoring incoming and outgoing messages on a secure computing network. The steganographic communications analysis engine identifies a pattern of file transfers between a first computing device on the secure computing network and an internal or external message recipient. When a pattern is identified, the steganographic communications analysis engine quarantines an associated computing device from the secure network. The steganographic communications analysis engine analyzes files transferred between the computing device and the recipient for indications of steganographic information and causes display, based on an identified indication of steganography, an indication that the computing device had been compromised by command and control malware.

Abstract: An information processing server for managing a ticket, including: a server storage unit storing feature quantity data obtainable from biological information and created in advance, feature quantity identification information associated with the feature quantity data, and prescribed data that is identical to prescribed data stored in a determination device for determining a usage validity of a ticket; and a server control unit determining an item of feature quantity data from a piece of biological information on a user who is to use a ticket, determine a piece of feature quantity identification information based on a comparison between the determined item of feature quantity data and items of feature quantity data stored in the server storage unit, generate a code to be attached to the ticket based on an assigned piece of ticket identification information, the determined piece of feature quantity identification information, and the prescribed data, and generate ticket data.

Abstract: Presented herein are techniques for establishing data provenance by generating one-time signatures. In examples, systems may include one or more hardware processors that receive, via an application programming interface (API), a request for a one-time signature and data associated with the request, provide a seed identifier and the data associated with the request to an HSM in a set of HSMs, and receive a response message from the HSM, the response message including a one-time signature. In examples, the response message and the one-time signature are provided to the device that transmitted the request for the one-time signature and the data associated with the request.

Abstract: An access-control mechanism, wireless device, and method for controlling the access-control mechanism and wireless device is provided herein. During operation the wireless device will create a “group” of devices that will be allowed to enter through a passage barrier without authentication. When authenticating with the access-control mechanism, the wireless device will prove the access-control mechanism with a list of credentials (e.g., identification information) for each device within the group. The access-control mechanism will then determine if every device on the list is allowed entry. If so, non-authenticated entry for a number of devices/people through the passage barrier will be allowed. The number of non-authenticated devices/people allowed to enter will be equal to a number of devices that are in the group.

Abstract: Computer-implemented multi-device and multi-channel processes and machines authenticate ATM transactions by independently generating authentication hashes based on authorization arrays of varying length in which array cells have been wiped out based on a one time passcode sent by a server to a user's smart electronic device and then entered via that channel into the ATM either automatically or manually. The arrays are salted based on characteristics of the user's smart electronic device or the like. If the authentication hashes independently generated by the ATM and the server match, the ATM transaction is authorized.

Abstract: An information handling system may include a processor, a management controller communicatively coupled to the processor and configured for out-of-band management of the information handling system, and a smart network interface card communicatively coupled to the processor and the management controller, and configured to obtain a secret for authenticating the smart network interface card to the management controller, request an access token reference from the management controller, the request including the secret and an identifier of the smart network interface card in order to authenticate the smart network interface card to the management controller, in response to the request for the access token reference, receive the access token reference, and communicate a management task request to the management controller using the access token reference.

Abstract: A system and method for third party application integration into browser client application, utilizing an authentication engine operating on a cloud device that presents an application integration service token for integration through the operating system and software applications on the client device, wherein interacting with the application integration service token allows a workflow engine to produce third party data objects to be used to execute customer relationship management client workflows incorporating client application, context, and trust information.

Abstract: A transaction card includes a near-field communication (NFC) component, a security component, a wireless component, one or more memories, and one or more processors communicatively coupled to the one or more memories. The device receives a signal from a user device attempting to access a secure application, and energizes the NFC component based on the signal received from the user device. The device causes the security component to generate an encrypted code based on the NFC component being energized, and provides, via the security component, the encrypted code to the wireless component. The device provides, via the wireless component, the encrypted code to the user device to permit the user device to utilize the encrypted code as authentication for accessing the secure application.

Abstract: The invention provides improved verification solutions for blockchain-implemented transfers. It is suited for, but not limited to, implementation in an SPV wallet. In accordance with one embodiment, a system or resource is provided which comprises a plurality of novel SPV verification components, the activities of which are coordinated by a coordination component. The system enables Bob to send Alice a payment transaction template (template Tx3) and requests: the full transaction data for all input transactions (Tx1, Tx2) comprising at least one output that Alice wants to spend as inputs to a transfer (Tx3); the Merkle path for all input transactions (Tx1, Tx2) linking them to their respective Merkle roots associated with their respective block headers; the completed transfer transaction (Tx3). Alice provides this information plus her signature.

Abstract: The present disclosure relates to methods for authorizing user access to medical equipment via an equipment user interface. In an example, the method comprises, storing an authority public key of an authority asymmetric key pair and providing, to a user via an equipment user interface, an authorization challenge indicative of an equipment public key of a temporary equipment asymmetric key pair generated in medical equipment. The method further comprises receiving from the equipment user interface, a response code comprising validity information encrypted using a shared key derivable from the authority private key of the authority asymmetric key pair and the provided equipment public key, and authorizing the user access to the medical equipment, upon the validity information decrypted using the same shared key but derived in the medical equipment using the stored authority public key and an equipment private key of the temporary equipment asymmetric key pair, being valid.

Abstract: Techniques are disclosed for automated content generation in a computing environment. For example, a method comprises managing one or more pipelines respectively corresponding to one or more item lifecycle stages. Each pipeline of the one or more pipelines comprises a set of data processing elements configured to execute a set of operations associated with a corresponding one of the item lifecycle stages. At least a portion of the set of operations executed in each pipeline comprise one or more content generation operations configured to generate a content fragment to automatically document the corresponding item lifecycle stage. The method then builds a document from at least a portion of content fragments generated by the one or more pipelines.

Abstract: The Address Verification, Seed Splitting and Firmware Extension for Secure Cryptocurrency Key Backup, Restore, and Transaction Signing Platform Apparatuses, Methods and Systems (“SFTSP”) transforms contract deployment request, transaction signing request, key backup request, key recovery request inputs via SFTSP components into contract deployment response, transaction signing response, key backup response, key recovery response outputs. A contract deployment request message datastructure is obtained. Owner key identification parameters are determined. An owner public key is determined using the owner key identification parameters. An owner address is generated using the owner public key. A salt value is generated. A contract address for the smart contract is calculated as a function of the deployment factory address, the salt value, the contract code, and the owner address. An owner private key is determined using the owner key identification parameters and used to sign the contract address.

Abstract: A process for transmitting a file from a sender device to a receiver device includes generating a random symmetric session key for the sender device, and randomly selecting a private ephemeral key for the sender device. The private ephemeral key is associated with a corresponding first public key. A public ephemeral key is randomly selected for the receiving device. The public ephemeral key is associated with a corresponding first private key. A random value is generated, an encrypted session key is calculated, and the file is encrypted using symmetric encryption. The sender device includes a first public X509 certificate comprising a second public key and a corresponding second private key that is signed by a service provider, and the receiver device includes a second public X509 certificate comprising a third public key and a corresponding third private key.

Abstract: A system for authenticating the identity of a caller (i) receiving one or more online credentials of a caller initiating a phone call, where the one or more online credentials include one or more pieces of biometric information associated with the caller, and the one or more online credentials are received from a mobile device associated with the caller; (ii) requesting one or more additional online credentials associated with the mobile device; (iii) receiving the one or more additional online credentials; (iv) receiving telephone authentication information associated with the phone call; (v) authenticating the caller based, at least in part upon, the one or more online credentials, the one or more additional credentials, and the telephone authentication information; (vi) generating authentication status information based on the authentication of the caller; and (vii) transferring the authentication status information and the phone call to a call recipient.

Abstract: The disclosure relates to improvements in secure channel establishment. In some aspects, the techniques described herein relate to a method including: issuing, by a client device to a server, a request to establish a secure connection; receiving, by the client device, a response to the request to establish a secure connection from the server, the response including a digital certificate associated with a public key stored by the server, the public key used to establish a symmetric key; validating, by the client device, the digital certificate; and computing, by the client device, a shared secret using the public key stored by the server and a private key generated by the client device.

Abstract: There is provided an information processing device that includes an acquisition unit configured to acquire first input data input when first output data is obtained in predetermined processing of obtaining output data with respect to input data, an extraction unit configured to extract second input data related to the first input data acquired by the acquisition unit based on a similarity degree between the first input data and each input history data, which is a history of input data of a case of past execution of the predetermined processing, from the input history data, and a presentation unit configured to present the second input data extracted by the extraction unit.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a data power server for secure storage and retrieval of trade data. The server receives a request from a user to review or confirm one or more trade documents via a webserver. The server communicates with a connector grid server to retrieve the user's accessible documents. The connector grid server determines the electronic file IDs that are accessible to the user based on the accessibility policy. The server instructs a digital library server to download the electronic files containing the requested trade data. The digital library server retrieves and downloads the electronic files based on the file IDs. The webserver renders a GUI displaying the electronic files on an electronic client device operated by the user. Upon receiving the confirmation response from the user, the server instructs the digital library server to update the trade status.

Abstract: An electronic device, server and method are disclosed. The electronic device includes a communication module, memory, and a processor. The processor implements one method, including executing authentication and registering of an external electronic device as a sharing target, receiving a selection of at least one service to be shared with the external electronic device, encrypting data including an user identification (ID) and a password associated with the at least one service in response to the selection, transmitting a request for sharing the encrypted data to a server through the communication module to allow the external electronic device to use the at least one service without exposure of the ID and the password, receiving a response to the transmitted request from the server through the communication module, and generating a notification indicating whether the ID and the password are successfully shared for the selected at least one service, based on the received response.

Abstract: An access control server may receive, from an access requester, an access request for accessing a protected autonomous program protocol stored on a blockchain. The access control server may analyze parameters related to the access requester to determine whether the access requester is authorized to access the protected autonomous program protocol. An access control server may generate a cryptographic signature associated with the access request. An access control autonomous protocol recorded on the blockchain may receive the cryptographic signature, verify the cryptographic signature, and store proof of authorization in association with the protected autonomous program protocol. The proof of authorization is accessible by the protected autonomous program protocol to verify that the access requester is authorized to access the protected autonomous program protocol.

Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.

Abstract: Automated techniques for converting network devices from a Layer 2 (L2) network into a Layer 3 (L3) network in a hierarchical manner are described herein. The network devices may be configured to boot such that their ports are in an initialization mode in which the ports are unable to transmit locally generated DHCP packets. When a network device detects that a neighbor (or “peer”) device has acquired an IP address or has been configured by a network controller, then the port on which the neighbor device is detected can then be transitioned from the initialization mode into a forwarding mode. In the forwarding mode, the port can be used to transmit packets to obtain an IP address. Thus, the network devices are converted from an L2 device to an L3 device in a hierarchical order such that upstream devices are discovered and converted into L3 devices before downstream devices.

Abstract: Multi-factor authentication systems and methods are provided that include receiving a request to authenticate a user of a mobile device. The request for authentication may include credential information associated with the user and vehicle data. A determination may be made regarding whether the vehicle data was obtained from a vehicle via the mobile device. The received vehicle data and received credential information may be compared to stored data. When there is a match between the received vehicle data and received credential information and corresponding stored data, a notification may be provided to the user device indicating that the user has been authenticated.

Abstract: A cache service provides applications in a containerized, multi-tenant cloud-computing system low-latency access to secrets. The cache service may operate as a cluster-level service or a sidecar service. The cache service may store copies of secrets (which are located in one or more absolute stores) in a cache storage. The cache service and the cache storage may be closer to the applications than the one or more absolute stores are to the applications. The cache service may aggregate secrets associated with multiple entities in a single cache storage. The cache service may support isolation between secrets such that secrets of a first entity are isolated from secrets of a second entity. The cache service may enforce granulated access controls such that it can apply different access controls to secrets of a first entity than to secrets of a second entity.

Abstract: When personally identifiable information (PII) is to be stored or updated, a system first seeks consent from the user for the PII store or update. If the user grants consent, then the system stores the PII in the user's personal device or updates the PII stored in the user's personal device. The system then retrieves that PII and generates a token representing that PII. Even if the token were taken by a malicious user, it would not be possible for the malicious user to determine the user's actual PII from the token. In this manner, the security of the PII is improved over conventional systems.

Abstract: Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.

Abstract: A secure enclave is hosted by an untrusted host. To securely persist data on the untrusted host, the secure enclave generates or updates a persistent file system, wherein the persistent file system is a collection of logical files. The secure enclave segments the persistent file system into a plurality of sectors. The secure enclave provides a key specification to a key derivation enclave. The secure enclave obtains an encryption key dynamically generated based on the key specification. The secure enclave cryptographically protects each of the plurality of sectors using the key and causes the host to write a plurality of encrypted sectors to a disk as a single physical file.

Abstract: Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.

Abstract: Methods and systems are presented for providing a framework for facilitating offline cryptocurrency transactions. A first application executed in a first secure enclave of a first device can register itself with a cryptocurrency computer network for initiating offline cryptocurrency transactions and reserve a denomination of cryptocurrency for the offline cryptocurrency transactions based on a token. The first application initiates an offline cryptocurrency transaction with a second application executed in a second enclave of a second device by transmitting a request comprising the token via a peer-to-peer connection. The second application verifies the request based on the token and attributes associated with the first application and the first secure enclave. Upon accepting the request, the second application stores the token in the second secure enclave.

Abstract: An attestation service is configured to receive a request to enable attestation for a compute instance according to an attestation policy indicating one or more baseline health measurement values for validating compute instances. The attestation service provides a network endpoint for the compute instance to request attestation. The attestation service receives, via the network endpoint from a compute instance, one or more health measurement values of the compute instance. The attestation service validates the compute instance based at least on a comparison of the one or more current health measurement values and the one or more baseline health measurement values. The attestation service, in response to validating the compute instance, generates an attestation token indicating that the compute instance is authorized to access a secured resource of the provider network.

Abstract: Various aspects of the subject technology relate to systems, methods, and machine-readable media for providing encryption of data with data separation. Various aspects may include performing determining a request payload for a communication from a client device. Aspects may also include creating a first reference data object for a first subset of data fields of the request payload. Aspects may also include creating a second reference data object for a second subset of data fields. Aspects may also include replacing a first value of the first subset with a first reference value. Aspects may include replacing a second value of the second subset with a second reference value. Aspects may include encrypting a response payload with the first reference data object and the second reference data object in an encrypted text-based structured data file format with a cryptographic key.

Abstract: A system may be configured to identify VPN traffic. Some embodiments may: obtain a plurality of default port numbers and/or protocol types; obtain information continually updated to indicate at least one of a predetermined host or DNS; and detect VPN traffic based on a used port number and/or used protocol type, the VPN traffic being generated based on user-interaction at a client device. The detection may be performed by comparing the port number or protocol type against the obtained port numbers or protocol types, the VPN traffic being detected from among a larger set of network traffic. Some embodiments may further: determine that the detected port number or protocol type indicates a higher level of security; filter the larger set of traffic by identifying the detected VPN traffic routed to the predetermined host or DNS; and block or otherwise disrupt the VPN traffic.

Abstract: Examples described herein relate to a Transport Layer Security (TLS) offload engine to: based on detection of encrypted data unassociated with a previously detected data header: search for one or more data headers; identify at least two candidate data headers for validation; and based on receipt of an indication that the at least two candidate data headers are valid, perform decryption of received data in one or more packets. In some examples, the TLS offload engine is to: based on receipt of an indication that one or more of the at least two candidate data headers is not a valid header, search for two or more other candidate data headers.

Abstract: Implementations provide a computer-implemented method that includes: accessing, by a node of a blockchain network, a first set of data encoding a set of transaction records, wherein the blockchain network comprises a plurality of consensus nodes; at least based on the first set of data, generating, by the node, a transaction hash for the set of transaction; accessing a second set of data encoding a compliance status of the node of the blockchain network; at least based on the second set of data; generating, by the node, a compliance hash for the node of blockchain network; generating, by the node, a root hash that combines the transaction hash and the compliance hash; and submitting, by the node and to the plurality of consensus nodes of the blockchain network, a block that includes the root hash for entry into the blockchain.

Abstract: A method for the digital signing of a message by a sender of the message. A check value based on a symmetrical key pair is ascertained using a secret key as part of a symmetrical key pair and the message. A digital signature is ascertained using a private key as part of an asymmetrical key pair and the check value. The digital signature is provided for transmission, to a method for checking a received, digitally signed message by a receiver.

Abstract: The present invention discloses methods and systems for providing UICC/eUICC related response information to information requests at a cellular router. The method includes receiving an information request from a wireless communication module, and determining whether a response to the information request is cached. When the response information is not cached, forwarding the information request to a massive SIM apparatus (MSA). MSA will then respond to the information request. A response based on the MSA's response will then be sent to the wireless communication module for the information request. When the response information is cached, retrieve the response information and send it to the wireless communication module.

Abstract: A computer implemented method includes receiving a request for device validation, reading a genesis record from a device, the genesis record containing a device identification (ID), an original owner ID, a current owner ID, and a first hash of the device ID, an original owner ID, a current owner ID, and validating, by multiple processing entities having replicated copies of a chain that includes the genesis record and a succeeding transfer block, ownership of the device.

Abstract: A lightweight attribute-based signcryption (ABSC) method for cloud-fog-assisted Internet-of-things: performing, by a central authority, system initialization to generate a system key pair, and disclosing a public key, the public key including a symmetric encryption algorithm (SEA) and a key derivation function (KDF); generating, by the central authority, a decryption key and an outsourcing decryption key based on a decryption attribute set of a data user, and generating a signature key and an outsourcing signature key based on a signature access structure; calling, by a data owner, a fog node for outsourcing signature, performing symmetric encryption on a plaintext based on a symmetric key, and performing ABSC on the symmetric key based on a defined encryption access structure; and calling, by the data user, a fog node for outsourcing signature verification, calling a fog node for outsourcing decryption, and performing symmetric decryption on a ciphertext based on an outsourcing decryption result.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: An optical arrangement includes at least one pair of displays, each pair having a first display and a second display configured to generate light in a visible spectral range. For each pair of displays, the optical arrangement includes a first polarizer configured to polarize the light incident from the first display, a second polarizer configured to polarize the light incident from the second display. The optical arrangement also includes first and second polarizing beam splitters for each pair of displays. Each polarizing beam splitter is configured to receive the polarized light from the first and second polarizers. Each polarizing beam splitter is also configured to reflect one of an s-polarized component and a p-polarized component of the received polarized light into at least one field of view (FOV) and transmit the other of the s-polarized component and the p-polarized component of the received polarized light into the subject FOV(s).

Abstract: Methods, systems, and devices for intruder detection are described. A security and automation system may include a camera configured to monitor a zone of a premises. The security and automation system may detect a person in the zone, for example using the camera, a motion sensor, or another sensor. The security and automation system may determine that the person has remained in the zone for a threshold duration. The security and automation system may generate a notification (e.g. an audiovisual notification) based on determining that the person has remained in the zone for the duration. In some examples, the notification may include a verbal message, a flashing light, etc., to indicate to the person that video recording was initiated. The techniques described herein may inform an intruder that video is being recorded, which may discourage an intruder from an intended action (e.g., theft, property damage, etc.), among other benefits.

Abstract: Methods and systems are described herein for facilitating blockchain operations in decentralized applications by offering enhanced efficient when conducting blockchain operations using cryptography-based, digital ledgers through the use of specialized indexing. For example, as opposed to relying on raw blockchain data to power decentralized applications, the methods and systems use a blockchain indexer. The blockchain indexer provides a queryable record of a subset of blockchain operations.

Abstract: Methods and systems disclosed herein extend an entity's private cloud security model to the entity's public cloud. Public cloud access permissions are defined, in accordance with a security model implemented in the entity's private cloud, for one or more of the entity's public cloud resources. The public cloud permissions are pushed or otherwise provided to an access module within the private cloud. Upon receiving a request to access a public cloud resource, the private cloud access module is invoked to grant or deny the access request in accordance with the public cloud access permissions. Similarly, upon receiving a request to access a private cloud resource, the private cloud access module is invoked to process the access request in accordance with private cloud access permissions, thereby beneficially enabling users to interact with a single access interface regardless of whether the resource reside within the entity's cloud platform.

Abstract: A method of generating a shared augmented reality payment authentication entry interface includes detecting a first consumer device and a second consumer device; prompting a display of a first augmented reality payment authentication interface at the first consumer device; and prompting a display of a second augmented reality payment authentication interface at the second consumer device.

Abstract: The present disclosure relates to a privacy preserving data storing method, in particular for analyzing a travel behavior of one or more users of mobility-as-a-service (MaaS) transportation services. The method comprises storing at least one user identification, user ID, identifying the one or more users on a trip together with a trip identification, trip ID, identifying the trip in a database entry of a first database and storing trip information on the trip with the trip ID in a database entry of a separate second database. The method further provides for associating the database entries of the first and second databases associated with the same trip ID for an analysis of the travel behavior of the users based on the associated database entries of the first and the second database.

Abstract: A data transmission method to transmit data contained in k independent data streams to k receivers with a data transmission device, wherein specific data stream identifiers are attached to the independent data streams and then multiplexed into I multiplexed data streams. The multiplexed data streams are then transmitted via I UARTs to k microcontrollers which demultiplex the multiplexed data streams and select one of the contained independent data streams via an allocation protocol. The allocation protocol is identical on all microcontrollers and utilizes the specific data stream identifiers to allocate the k independent data streams to exactly one of the k receivers. The microcontrollers then send their selected independent data stream to an allocated receiver.

Abstract: A technology is disclosed for the browser side capturing of user interaction session data and replay of the session data for a high-fidelity reconstruction of the experience the user perceived. In addition to capturing central structuring and markup documents and browser side updates thereof, additional resource documents that are loaded and used by the browser to render the central documents are captured and added to the session recording data. Identification information is created for resource documents, based on the content of those documents, which allows the capturing system to distinguish different versions of those content documents that share the same name but have different content. The captured session data contains data to identify the correct versions of resource documents during replay. Various measures to reduce the amount of transferred resource content data are applied, that consider already captured resource document versions or the usage frequency of a monitored application.

Abstract: Systems and methods for provisioning secure programmable logic devices (PLDs) are disclosed. An example secure PLD provisioning system includes an external system comprising a processor and a memory and configured to be coupled to a secure PLD through a configuration input/output (I/O) of the secure PLD. The external system is configured to generate a locked PLD comprising the secure PLD based, at least in part, on a request from a secure PLD customer, wherein the request from the secure PLD customer comprises a customer public key; and to provide a secured unlock package for the locked secure PLD. The external system may also be configured to provide an authenticatable key manifest comprising a customer programming key token and a corresponding programming public key associated with the locked secure PLD, wherein the authenticatable key manifest is signed using a programming private key generated by the locked secure PLD.

Abstract: A computer-implemented method and a computer system are provided for selecting active or passive decryption mode when observing network traffic between a downstream client and an upstream server. The method includes selecting a decryption mode in an initial stage of setting up a secure session based on a determination of a most probable decryption mode based on decryption modes used for similar and/or past secure sessions, wherein the initial stage is when the client initiates a transport layer connection before the transport layer connection or the secure session is established. The method further includes validating the selected decryption mode at least once during the secure session based on whether the selected decryption mode is actually and/or is probably supported based on security algorithms supported by the client and/or server, and switching the decryption mode based on a result of validating the selected decryption mode.