A tunnel connection is enabled between a user terminal and a service provider using a simpler network configuration. A communication system 10 includes a user terminal 20, a service provider 30, a carrier network 40 that connects the user terminal 20 and the service provider 30 to each other, and a network control device 50 that controls the carrier network 40. The network control device 50 sets respective virtual tunnel end points (VTEPs) for a POI terminal 46 that is on the carrier network 40 and that is connected to the service provider 30 and for the user terminal 20, and sets a virtual tunnel between the virtual tunnel end points. The user terminal 20 communicates with the service provider 30 via the virtual tunnel.

Methods and systems for penetration testing of a networked system involve assigning network nodes to disjoint classes based on current information about the compromisability of the network nodes. The classes distinguish between nodes not currently known to be compromisable, nodes that only recently have become known to be compromisable, e.g., by a first method of a attack, and nodes that have been known for a longer time to be compromisable. Nodes that only recently have become known to be compromisable can be re-targeted by the penetration testing system to determine whether such nodes can be compromised using multiple methods of attack and not just using the first method of attack.

Disclosed is an effective domain name defense solution in which a domain name string may be provided to or obtained by a computer embodying a visual domain analyzer. The domain name string may be rendered or otherwise converted to an image. An optical character recognition function may be applied to the image to read out a text string which can then be compared with a protected domain name to determine whether the text string generated by the optical character recognition function from the image converted from the domain name string is similar to or matches the protected domain name. This visual domain analysis can be dynamically applied in an online process or proactively applied in an offline process to hundreds of millions of domain names.

The disclosure relates to systems, methods and computer readable for generating double encryption of data through discrete modules that are air gapped at every stage. Furthermore, the transceivers disclosed can operate in “off-line” mode which can be adapted to communicate with any network access terminal regardless of the intermediate connecting network.

One or more embodiments of the disclosure provide systems and methods for providing media presentations to users of a media presentation system. A media presentation generally includes a plurality of media segments provided by multiple users of the media presentation system. In one or more embodiments, a user of the media presentation system may share a media presentation with a co-user. The media presentation system can provide a number of features to assist a user in sharing, filtering, and accessing media presentations.

Network circuitry authorizes User Equipment (UEs) for wireless services from wireless networks. The network circuitry stores lists of network identifiers that are associated with UE types. The network circuitry receives an authorization request that indicates a network identifier and a UE type. The UE type comprises model, operating system, user application, and/or radio frequency. The network circuitry retrieves a networks list for the UE type and compares the network identifier from the authorization request to the network identifiers on the network list. The authorization circuitry authorizes the UE responsive to a match between the network identifier from the authorization request and a network identifier on the network list.

Systems, methods, and computer-readable media for achieving privacy for both data and an algorithm that operates on the data. A system can involve receiving an algorithm from an algorithm provider and receiving data from a data provider, dividing the algorithm into a first algorithm subset and a second algorithm subset and dividing the data into a first data subset and a second data subset, sending the first algorithm subset and the first data subset to the algorithm provider and sending the second algorithm subset and the second data subset to the data provider, receiving a first partial result from the algorithm provider based on the first algorithm subset and first data subset and receiving a second partial result from the data provider based on the second algorithm subset and the second data subset, and determining a combined result based on the first partial result and the second partial result.

Disclosed are systems, methods, devices, and computer-readable media for offloading lattice-based cryptographic operations to hybrid cloud computing system. In one embodiment, a method is disclosed comprising receiving a first network request from a client device via a secure application programming interface (API), the request including unencrypted data; encrypting the unencrypted data using an algorithm that generates homomorphically encrypted data; issuing a second network request to a second API of a cloud platform, the second network request including the encrypted data; receiving a response from the cloud platform in response to the second network request; and transmitting, in response to the first network request, a result to the client device based on the response, the result obtained by decrypting an encrypted output returned by the cloud platform.

Aspects of the disclosure relate to an automated monitoring of proximate devices. A computing platform may cause a reporting device to detect a target device in a local network, retrieve network data associated with the target device, and send, to an intermediate server, the network data. The computing platform may send, to the intermediate server, a query. The intermediate server may send the network data in response to the query. Based on the network data, the computing platform may determine an amount of time that has elapsed since network activity was previously detected for the target device, and based on a determination that the amount of time exceeds a predetermined time threshold, the computing platform may generate an alert notification indicating that the target device may need to be traced. Subsequently, the alert notification may be sent to the reporting device.

A telecommunications network includes a serving network and a home network. In some examples the serving network receives, from the home network, identity data associated with a network terminal. The serving network determines a tied key using a tying key derivation function (TKDF) based on the identity data, then prepares an authentication request based on the tied key and sends the request to the terminal. In some examples, the home network receives the identity data from the access network and determines a tied key using a TKDF. The home network then determines a confirmation message based on the first tied key. In some examples, the serving network receives the identity data from the home network, and receives a network-slice selector associated with the network terminal. The serving network determines a tied key using a TKDF based on the identity data and the network-slice selector.