This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

An information processing method, an information processing device, a terminal and a server are provided. In some embodiments, the method includes: receiving scenario description information reported by a terminal, where the scenario description information includes webpage information and/or operation instruction information; calculating a usage scenario of the terminal based on the scenario description information; acquiring a response message corresponding to the usage scenario of the terminal, where the response message includes notice information and/or security operation prompt information, and the response message is for promoting the terminal to output the notice information and/or execute a security operation based on the security operation prompt information; and returning the response message to the terminal to perform scenario response processing.

A network device logs transmission control protocol (TCP) flow data for connections between registered devices that are registered for use of secure Internet of Things (IoT) application programming interfaces (APIs). The logging generates logged flow data. The network device receives, from a first registered device, a call validation request for an IoT API call directed to the first registered device from a second registered device. The call validation request includes packet information of the IoT API call. The network device compares the packet information with the logged TCP flow data. When the comparing indicates a match of the packet information and the logged TCP flow data, the network device sends a response to the first registered device to accept the IoT API call. Otherwise, the network device sends a response to the first registered device to reject the IoT API call.

A system and method of guaranteeing the presence of secure and tamper-proof remote files over a distributed communication medium, such as the Internet, is provided. The system and method automatically detects, and then self-repairs corrupt, modified or non-existent remote files. The method first performs an integrity check on a remote file and then determines whether the integrity check passed. If the integrity check passed, then the user goes through the authentication process as normal. If the integrity check fails, then the present invention redirects to an install module in order to prepare to reinstall the remote file. Via the install module, the present invention then reinstalls the remote file and the user is then taken through the authentication process as normal.

Methods are provided for predictive policy enforcement using encapsulated metadata. The methods involve obtaining a packet of an encapsulated traffic flow that is transported in a software-defined wide area network (SD-WAN) or in a cloud network. The packet includes a network virtualization tunneling header with an appended service plane protocol header and a payload. The methods further involve extracting, from the appended service plane protocol header, without performing deep packet inspection, enriched metadata that includes fields for one or more attributes related to a source of the packet or a destination of the packet, determining at least one network policy based on the enriched metadata, and applying, to the packet, the at least one network policy that relates to gathering analytics and/or transporting the encapsulated traffic flow to the destination.

In some embodiments, a data-secure sensor system includes one or more processors configured to receive sensor data (e.g., image data, audio data, etc.) and generate descriptive data based on the sensor data that corresponds to a physical area that corresponds to information about identified objects or activity in physical area, an input/output (I/O) port, and an I/O choke communicatively coupled between the one or more processors and the I/O port, the I/O choke configured to limit a communication bandwidth of the I/O port to a maximum data rate. The one or more processors can be configured to prevent the sensor data from being accessible via any external port of the data-secure camera system, including the I/O port, and allow the descriptive data to be accessible via the I/O port.

A network gateway apparatus monitors Quic user datagram protocol (UDP) Internet Connection (QUIC) packets between a first device and a second device, extracts a version of the QUIC protocol and a connection identification from an unprotected portion of the protected header in response to detecting a QUIC packet having a protected header in use, determines a salt used in encryption of the protected header based on the version of the QUIC protocol, calculates a client initial secret based on the salt and the connection identification, determines an unprotected payload of the QUIC packet based on the client initial secret, a protected payload of the QUIC packet and the unprotected portion of the protected header, and extracts a server name indication (SNI) from the unprotected payload.

Aspects of the present disclosure are presented for managing simultaneous outputs of surgical instruments. In some aspects, methods are presented for synchronizing the current frequencies. In some aspects, methods are presented for conducting duty cycling of energy outputs of two or more instruments. In some aspects, systems are presented for managing simultaneous monopolar outputs of two or more instruments, including providing a return pad that properly handles both monopolar outputs in some cases.

An example method is provided for a computing device to perform traffic handling for a container in a virtualized computing environment. The method may comprise receiving a traffic flow of packets from a virtual machine and identifying a container from which the traffic flow originates based on content of the received traffic flow of packets. The container may be supported by the virtual machine. The method may further comprise retrieving a policy configured for the identified container and handling the received traffic flow of packets according to the policy.

A custom browser can be setup or configured by end user to scan, monitor, filter out or eliminate any element of HTTP or HTTPS or Java script code or cookie downloading from the Internet in real time. The browser with custom security protects and eliminates unnecessary data or hacker attempts from the Internet by transcoding the downloading HTML/HTML5 code without requiring any plug-in, security app or changed system security level of devices. The application is particularly useful in IPTV and Remote UI HTML5 implementations.