A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes.

Various device attributes associated with a current event may be obtained. Similarity metrics may be determined that indicate a degree of similarity between the device attributes that are associated with the current event and stored device attributes that are associated with previous events and previously created fuzzy device identifiers. A fuzzy device identifier may be assigned to the current event based at least in part on a comparison of the similarity metrics with a threshold. If none of the similarity metrics compare favorably with the threshold, then a new fuzzy device identifier may be created for the current event. However, if at least one of the similarity metrics compares favorably with the threshold, then the previously created fuzzy device identifier whose stored device attributes are most similar to the device attributes that are associated with the current event may be assigned to the current event.

A lighting device includes a light source configured to emit a light and a sensor configured to receive identification information from an asset tag of a physical asset. The lighting device further includes a processor configured to send the identification information received from the asset tag and location information of the lighting device to a control device. The processor is further configured to receive a usage control message from the control device and transmit the usage control message, where the usage control message controls whether the physical asset is used at a location indicated by the location information.

The invention discloses a dual-modes switching method for blocking a network connection, comprising: a data packet collecting step of collecting data packets transmitting from all network nodes in a network segment, a data packet analyzing step of analyzing the data packets collected to obtain network node identification data, a list comparing step of comparing the network node identification data with identification data registered in an information device list to determine an illegal network node, an illegal-network-node-type determining step of determining what kind of type the illegal network node is, and a network connection blocking step of switching a first network connection blocking mode and a second network connection blocking mode according to the type of the illegal network node, thereby blocking the network connection of the illegal network.

A device may receive data relating to a site plan and image data relating to a network device. The device may determine a device identifier based on the image data, associate the device identifier with the site plan based on a common attribute between the network device and the site plan, and cause a certificate to be generated based on an authentication request to a network controller. The authentication request may cause the network controller to generate the certificate based on the device identifier and/or the site plan. The device may cause an Internet protocol (IP) address to be assigned to the network device based on the certificate, a location of the network device, and/or another related parameter, cause a node configuration to be generated based on the IP address, the device identifier, and/or the site plan, and provision the network device according to the node configuration.

A system that includes a tagging engine and a routing engine. The tagging engine is configured to link a data element with an access control tag. The tagging engine is configured to apply context rules to the access control tag array based on the content of the data element to change the access control tag value for one or more of the access control tags. The tagging engine sends the data element with the access control tag array to a target network node within an end user group. The routing engine is configured to identify an access control tag value in the access control tag array corresponding with the end user group and to forward the data element to the target network node in response to determining that the access control value is greater than or equal to the access control level associated with the end user group.

A computer-implemented method includes: (i) receiving location information that represents a physical location of a user; (ii) receiving first sensor data that has been generated by a sensor on a client device of the user; (iii) in response to receiving the first sensor data, obtaining second sensor data that has been generated by a sensor on a sensor device and that represents an environmental condition of an area around the physical location; (iv) determining whether the first sensor data matches the second sensor data; and (v) in response to determining that the first sensor data matches the second sensor data, determining that the user is authentic.

A computer-implemented method includes receiving a request to provision a set of storage volumes for a server cluster, wherein the request includes an identifier for the server cluster and generating a provisioning work ticket for each storage volume in the set of storage volumes, each provisioning work ticket including the identifier for the server cluster. The provisioning work tickets are provided to a message broker. Multiple volume provisioning instances are executed such that at least two of the volume provisioning instances operate in parallel with each other and such that each volume provisioning instance receives a respective provisioning work ticket from the message broker and attempts to provision a respective storage volume of the set of storage volumes for the server cluster in response to receiving the volume provisioning work ticket.

A VPN servers request is transmitted from a user device to a central server. A first VPN server is received from the central server at the user device. Responsive to the user device failing to establish a first encrypted tunnel with the first VPN server, a request for another VPN server is transmitted from the user device to the central server. A second VPN server is received from the central server. A second encrypted tunnel is established with the second VPN server. An encrypted communication is obtained by encrypting a communication directed to a network server. The encrypted communication is transmitted from the user device to the VPN second server.

A method for providing a software based secure, robust, flexible, usable, and auditable single method that can practically eliminate threat occurring from phishing, man-in-middle theft, pharming/channel redirection, piggybacking of spyware, and application modification in client applications. These can be very strongly achieved using dynamic virtualization technology. This virtualization technology entirely protects applications from such threats is by creating highly dynamic virtual images of real data that are private, relative, one-time use, and short-lived. These virtual images are strongly made private and relative by creating virtual device id of the client device, virtual application signature of the client application, virtual private network of the network and virtual certificate of the server.