Providing authentication servers (e.g. a RADIUS server) combined with a distributed data store (e.g. a memory cache) for storing a time-limited trust relationship message to establish/enable a time-limited trust between the authentication servers during network roaming of a user device. This circumvents the need for the traditional method of synchronous authentication messaging sequences, permitting transmission of authentication messaging sequences in a more time-efficient asynchronous manner.

The invention concerns a sensing device (1) configured to selectively operate in: a manufacturing mode, an unprovisioned mode, a provisioned mode and an end-of-life mode. In the manufacturing mode, the electronic circuit (14) permanently stores a unique code (149) in a storage medium (12), while in the unprovisioned mode, the electronic circuit (14) waits for a provisioning code (31) for generating a private and a public key (143). In the provisioned mode, the electronic circuit (14) signs a timestamp (146) provided by a time-keeping unit (13) and data (110) provided by a sensing unit. The collected data (110), the timestamp (146), the digital signature (144) and the public key (143) is then transmitted. In the end-of-life mode, the electronic circuit (14) permanently erases the private key.

A computing device may include a memory and a processor cooperating with the memory and configured to receive requests from a client device to connect with the computing device. The client device may be shared by multiple authenticated users and have a public/private encryption key pair associated therewith, and the requests may be based upon connection leases and the public key for the client device. The connection leases may also be generated for respective authenticated users and include an authenticated version of the public key for the client device so that the connection leases are specific to the client device and respective users. The processor may also provide the client device with access to computing sessions for respective authenticated users based upon the connection leases and verification of the public key, and prevent the use of the connection leases for authorizing connections for other authenticated users.

A computer-implemented method for detecting anomalous behavior of one or more computers in a large group of computers comprises (1) receiving log files including a plurality of entries of data regarding connections between a plurality of computers belonging to an organization and a plurality of websites outside the organization, each entry being associated with the actions of one computer, (2) applying a first plurality of algorithms to determine features of the data which may contribute to anomalous behavior of the computers, and (3) applying a second plurality of algorithms to determine which computers are behaving anomalously based upon the features.

A computer-implemented method for determining features of a dataset that are indicative of anomalous behavior of one or more computers in a large group of computers comprises (1) receiving log files including a plurality of entries of data regarding connections between a plurality of computers belonging to an organization and a plurality of websites outside the organization, each entry being associated with the actions of one computer, (2) executing a time series decomposition algorithm on a portion of the features of the data to generate a first list of features, (3) implementing a plurality of traffic dispersion graphs to generate a second list of features, and (4) implementing an autoencoder and a random forest regressor to generate a third list of features.

Methods and systems for secure, encrypted and distributed ownership and usage of big data are provided. According to one example, a server maintains a local key management data store, a data blockchain copy, an audit blockchain copy, and a metadata blockchain copy. A data operation from a user electronic device is received. The server verifies that the user electronic device has access against the local key management data store, runs the data operation and records metadata about the data operation, and writes data blocks to the data blockchain copy, the audit blockchain copy, and the metadata blockchain copy. The server broadcasts the updated blockchain copies to the peer-to-peer network for replication.

A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped entries of machine data. A model management server detects data constraints for a security model. Using the timestamped entries, the data constraints are validated to obtain a validation result, where validating the data constraints includes determining whether the timestamped entries satisfy the availability requirement set for the data element. The model management server determines a data availability assessment of the security model based on the validation result.

Various embodiments relate to a method performed by a processor of a computing system. An example method includes determining a first cryptographic algorithm utilized in a first block of a first blockchain. The first block of the first blockchain has a first unique block identifier. A second cryptographic algorithm utilized in a second block of the first blockchain is determined. The second block of the first blockchain having a second unique block identifier. A first cryptographic algorithm status transition (“CAST”) event is defined if the second cryptographic algorithm is different than the first cryptographic algorithm. A first CAST record is defined upon occurrence of the first CAST event. The first CAST record includes the second cryptographic algorithm and the second unique block identifier. The first CAST record is digitally signed and stored on a second blockchain. The second blockchain may be referenced out-of-band of the first blockchain.

Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. An ARP responder can receive an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment. The ARP responder can build an ARP response including attestation information of the ARP responder. Further, the ARP responder can provide, to the ARP requestor, the attestation information for verifying the ARP responder using the ARP response and the attestation information of the ARP responder.

The present teaching relates to a method and system for reducing request traffic directed to a server. Upon receiving a request associated with an application in a time-window, an identifier that is to be associated with the request is generated. A first criterion associated with the request is evaluated based on the identifier, and the request is transmitted to a server based on a second criterion related to the time-window and the first criterion.