Methods, computing systems and computer program products implement embodiments of the present invention that include associating a token with a computing device, defining preferences for the computing device, and conveying, by the computing device, the token and the preferences to an event processing system. Upon the event processing system, an event message from a computing system via a one-way firewall and matching the computing device preferences to the event message, the event processing system can convey the token and the event message to a push notification system. In some embodiments, upon the push notification service receiving the token and the event message, the mobile device can be identified based on the token, and the event message can be conveyed to the computing device. The event messages may include a severity level, and the preferences may include a severity threshold and a message detail level.

A computer-implemented method includes producing medical information that characterizes a group of individuals from a set of private data representing pre or post-encounter characteristics of the individuals, wherein the individuals have had encounters with a healthcare facility. The identity of the individuals is unattainable from the produced medical information. The method also includes providing the produced medical information to report the pre or post-encounter characteristics of the group.

Disclosed is an information transmission method and device, and a computer storage medium. The method is applied to a local end in a flexible Ethernet (FlexE) network structure and includes: when receiving an information block of a FlexE frame, acquiring, by the local end, bit error state information in the received information block according to a preset acquisition policy; storing, by the local end, the bit error state information at a preset position in a FlexE protocol overhead frame; and transmitting, by the local end, the FlexE protocol overhead frame storing the bit error state information to an opposite end.

One or more hardware identity circuits (which may be reconfigurable) may be employed in a device or system in order to impose a tampering penalty, preferably without relying on battery-backed volatile memory to do so. The device or system may also include a cryptographic division and distribution (sharing) of a secret internal to the device or system.

A system, method and non-transitory computer readable medium for detecting unsecured sensors in a network. A computing system can find an IP address associated with an unsecured sensor based on a port through which the unsecured sensor communicates with the network. The computing system can ascertain a prefix route associated with the IP address for the unsecured sensor based on a portion of the IP address. The computing system can determine geographic coordinate data associated with the prefix route. The computing system can identify location data of a set of facilities within a specified geographic radius of the geographic coordinate data. The computing system can associate the unsecured sensor with a first one of the facilities in the set of facilities based on a distance between geographic coordinate data and the location data associated with the first one of the facilities being less than a specified distance threshold.

A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.

An apparatus into which security information is provisioned through communication with a server may include: a communication interface receiving security data from the server; and a secure component including a secure storage and a controller storing the security information in the secure storage based on the security data. The communication interface may include a presentation layer handler performing mutual authentication between the apparatus and the server according to a first encryption protocol based on unique information assigned to the secure component, and an application layer handler requesting and receiving the security data to and from the server according to a second encryption protocol.

An authorization method using provisioned certificates is disclosed. The method includes writing security attributes to fields within a certificate and issuing the certificate to a software application on a principal node. The software application requests to perform actions on one or more resources on a resource node, sending one or more action requests along with a copy of its certificate. The resource node has an agent which verifies the permissions from the certificate and routes the request to its designated resource. The resource node returns one or more messages to the principal node, verifying whether or not complete the requests.

A method for new wireless extender onboarding in a wireless network includes scanning a machine readable indicia on the new wireless extender, transmitting an identifier represented by the machine readable indicia to a network gateway of the wireless network, computing a secure hash of the identifier provided into a proprietary information element, transmitting the secure hash to existing wireless extenders in the wireless network, communicating beacons comprising the secure hash to the new wireless extender, determining a strongest received signal strength indication from received signal strength indications associated with the network gateway and the existing wireless extenders, and initiating a Wi-Fi Protected Setup (WPS) pairing session with one of the network gateway and the existing wireless extenders associated with the strongest received signal strength.

Security rule feedback systems and methods include capturing network traffic data, the network traffic data including a plurality of traffic records. The traffic records are grouped into first and second traffic records having corresponding first and second source address identifiers, first and second source port identifiers, first and second destination address identifiers, and first and second destination port identifiers. Network interfaces associated with the first and second records are identified based on source address identifiers. Security rule populations are associated to the network interfaces. A determination is made as to a direction of network traffic based on the security rule populations. Thereby, dispensable security rules may be identified.