The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid encryption. According to the present disclosure, a first device receives an encrypted communication from a second device. The encrypted communication includes a first encrypted secret, a second encrypted secret, a first signature, and a second signature. The first device verifies the first signature and the second signature, and, when the first and second signatures are valid, decrypts the first encrypted secret using a first encryption algorithm and the second encrypted secret using a second encryption algorithm. The first device combines the first decrypted secret and the second decrypted secret to recover a first communication and provides the first communication to a user of the first device.

A method for storing session state data of a session between a system having a plurality of nodes and a client device includes delivering a service to the client device during a session identified or otherwise specified by a session identifier. The service is delivered by a first of the plurality of nodes in the system. During the session, at least a second node in the system is selected on which session state data associated with the session is to be saved. The second node is selected based on the session identifier such that another node in the system is able to locate the session state data when stored on the second node from the session identifier without contacting a centralized mechanism that specifies where session state data is stored. The session state data is saved to the second node that is selected.

A method and system is disclosed for protecting neural network models by segmenting partitions of the models into segments of pre-configured memory size, hashing the segmented models, and concatenating the hash segments. The concatenated hash segment may be further hashed, encrypted, and stored with the neural network models as an executable loadable file (ELF) in memories external to the neural network prior to the use of the models by the neural network. The models may include model weights of the inference layers and metadata. The model weights and the metadata may be hashed as separate hash segments and concatenated. Segmenting the models into segments of pre-configured memory size and hashing the segmented models offline prior to the operation of the neural network enables rapid validation of the models when the models are used in the inference layers during online operation of the neural network.

Disclosed embodiments relate to systems and methods for securing the use of temporary access tokens in network environments. Techniques include identifying a request for an action involving a target network resource requiring a temporary access token; receiving, from the target network resource, a temporary access token; storing the temporary access token separate from the network identity; generating a customized replacement token having an attribute different from the temporary access token such that the customized replacement token cannot be used directly with the target network resource; providing the customized replacement token to the network identity; monitoring use of the customized replacement token to detect an activity identified as being at least one of potentially anomalous or potentially malicious; receiving an access request to access the target network resource; and based on the detected activity, denying the access request from the network identity.

A subscriber identity module (eUICC), comprises profiles for the utilization of a mobile terminal that include at least a first profile and at least a second profile, of which the second profile (Pr1, Pr2) is devised as an active profile. The first profile is designed as a root profile (PrR) which in a normal state of the subscriber identity module is in an inactive state, and which is devised to be activated in response to an authentication command (AUTHENTICATE) received at the subscriber identity module. The authentication command is specially parameterized for the root profile (PrR) with a specific root value of the network parameter (P2) to be activated during a change-over period. The initially active second profile (Pr1, Pr2) is deactivated during the change-over period. After the end of the change-over period, the first profile (PrR) is again deactivated and the second profile (Pr1, Pr2) is again activated.

Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

The present disclosure pertains to validation of runtime objects for a software deployment using a certificate. After creating the runtime objects during a build process, a certificate may be generated based on the runtime objects. The certificate may include a fingerprint of the runtime objects that may be used before deployment to determine whether the runtime objects have been changed. Before deployment, the runtime objects and the certificate may be obtained and the certificate may be validated. In addition, the runtime objects may be validated using the fingerprint included in the certificate. For instance, the fingerprint may be re-generating based on the runtime objects for deployment. The runtime objects may be validated by comparing the re-generated fingerprint to the fingerprint in the certificate. The runtime objects may be deployed if the certificate and the runtime objects are valid.

One-time password (“OTP”) generation on a smartwatch is provided. OTP generation may include communication between an application on a smartwatch and an application on a smartphone. The request for an OTP may be received at the smartwatch. The smartwatch application may communicate with the smartphone application. An OTP may be generated within a third-party library within the smartphone application. The generated OTP may be transmitted from the smartphone application to the smartwatch application. The OTP may be displayed on the smartwatch.

An apparatus to facilitate provenance audit trails for microservices architectures is disclosed. The apparatus includes one or more processors to: obtain, by a microservice of a service hosted in a datacenter, provisioned credentials for the microservice based on an attestation protocol; generate, for a task performed by the microservice, provenance metadata for the task, the provenance metadata including identification of the microservice, operating state of at least one of a hardware resource or a software resource used to execute the microservice and the task, and operating state of a sidecar of the microservice during the task; encrypt the provenance metadata with the provisioned credentials for the microservice; and record the encrypted provenance metadata in a local blockchain of provenance metadata maintained for the hardware resource executing the task and the microservice.

The present disclosure relates to methods of mining a block of a distributed ledger. The methods include: receiving a block to be mined, the block including a header hash and a plurality of transactions; creating a first signature based on a first function, where inputs to the first function include the header hash and the plurality of transactions; and creating a second signature based on a second function, where an input to the second function is the first signature. In one example, the second function is a multiplicative inverse function and the method further includes creating the second signature that is a multiplicative inverse value of the first signature with respect to a first irreducible polynomial. The method additionally includes creating a chain of signatures, where each of the signatures is a multiplicative inverse value of a previous output with respect to a respective irreducible polynomial.