Abstract: Systems and methods for token metadata management are disclosed. A system can determine that a token has been minted on a blockchain based on a smart contract identifying an identifier of the token and a base uniform resource identifier (URI). Responsive to determining that the token has been minted on the blockchain, the system stores metadata for the token at a location in a database. The database corresponds to the base URI and the location in the database is identified by the identifier of the token. The system generates a metadata URI for the token based on the base URI and the identifier for the token, detects a change to a status of a contest identified in the metadata of the token, and upon detecting the change to the status of the contest, modifies the metadata of the token using the metadata URI.

Abstract: Systems, methods, and computer program products are configured to apply k-anonymity to an answer to a query sent to a relational database. A query to the relational database is obtained, the relational database containing a plurality of records. A frequency of occurrence of the attributes in the relational database is determined, an anonymization rule set is created based on the frequency of occurrence of the attributes, the anonymization rule set defining which attributes are to be suppressed in the answer to the query, the anonymization rule set is used to generate the answer to the query, wherein the answer to the query has k-anonymity, and a display or other device is controlled based on the answer to the query.

Abstract: A method of transmitting an encrypted data packet includes, with a processor, in response to receiving the encrypted data packet, executing an extended Berkeley packet filter (eBPF) application at an express data path (XDP) hook point located within a kernel space, determining whether the encrypted data packet is to be processed via a trusted application (TA) within a trusted execution environment (TEE) based on an analysis by the eBPF application, and identifying application intelligence data defining packet forwarding decisions based on a manner in which the encrypted data packet is processed.

Abstract: Systems and methods for a bifurcated self-executing program that wraps a first self-executing program (e.g., a first smart contract) on a blockchain within a second self-executing program (e.g., a second smart contract), in which the second self-executing program enforces the requirement for particular security credentials/certificates. The bifurcated self-executing program comprises a single compiled self-executing program that combines the first self-executing program and the second self-executing program.

Abstract: An example operation may include one or more of anonymizing, via an anonymization service hosted within a trusted execution environment (TEE), raw data provided by a computing node to generate anonymized data, generating, via the anonymization service, an authenticator object that binds together a hash of the raw data and a hash of the anonymized data, transmitting the generated anonymized data to the computing node, and submitting the authenticator object to a blockchain ledger via a blockchain transaction.

Abstract: A system is disclosed for identifying a user based on the classification of user characteristic data. An identity verification system receives a request from a requesting target user for access to an operational context and characteristic data describing actions of the requesting target user. The identity verification system inputs the characteristic data to an identity confidence model to determine an identity confidence value describes a likelihood that an identity of the requesting target user matches an authenticating identity and determines a false match rate and false non-match rate, which represent a performance of the identity confidence model. The identity verification system determines a match probability for the requesting target user by adjusting the identity confidence value based on the determined false match rate and false non-match rate and grants the requesting target user access to the operational context if match probability is greater than the operational security threshold.

Abstract: Facilitate configuration of authentication information for a service provided over IP network when there is no shared authentication information between IoT device and service provider device for a service used by IoT device, an intermediary device capable of authenticating legitimate access mediates between devices. An example: a cipher key CK stored in intermediary device and IoT device, as a result of SIM authentication of the SIM of the IoT device, is used as master key for services used by IoT device. By generating unique application key for a service used by IoT device on the intermediary device and IoT device on the basis of master key, and sending it to service provider apparatus from intermediary device by secure connection, common keys are set as authentication information to IoT device and service provider apparatus. A SIM authentication process for generating cipher key can suppress SQN attack based on a bad request.

Abstract: Disclosed are systems and methods for performing distributed, keyless authorized electronic transactions. The disclosed systems and methods provide an electronic transaction framework where hardware and/or software devices can be used to authenticate users and/or authorize transactions involving such users. The disclosed framework operates as a distributed system in that it can be built without an entity that all parties must trust. The framework relies entirely on one-way functions and avoids using both symmetric and asymmetric cryptography; therefore, the framework does not have secret keys that can be compromised. The framework provides a distributed, electronic authorization system that does not require a reference clock to which components are synchronized, thereby enabling dynamic, agile authorization with improved security for user and transactional data.

Abstract: The method provides an automated and scalable system for the generation, distribution, management of symmetric pre-shared keys (PSKs) to applications executing on headless and mobile devices. It helps achieve device protection, application security, and data protection with data authenticity and confidentiality in intra-device, inter-device, device-to-edge, and device-to-cloud communications. It helps Transport Layer Security (TLS) enabled applications dynamically acquire and renew PSKs and use identity hints for PSK based authentication ceremony during a TLS handshake. It helps client-server applications dynamically acquire and renew PSKs using keyed-hash message authentication code (HMAC) for data integrity and authenticity, content signing, and data encryption for confidentiality. It helps manage and distribute API shared secrets and API access tokens required for authenticated API requests and API security.

Abstract: A software and/or hardware facility that can be used by content owners to assert ownership of content so that copyright friendly websites and services can take action against copyright piracy effectively, efficiently and is scalable is disclosed. The facility makes available to all content owners watermarking/fingerprinting technology so an identifier (e.g., a unique code) can be embedded in the content (e.g., video/audio portion of each video content asset). The facility utilizes blockchain technology to add information related to each unique identifier in a database and allows an authorized user (e.g., the owner) to update the information through a blockchain transaction.

Abstract: A system and method for creating a secure overlay network on top of the public Internet, optionally by creating an identity-based network in which user identities are the identifiers rather than IP addresses, and whereas only authenticated and authorized users whose identity has been established have visibility and access to the network; establishing fully encrypted and private network segments; providing superior performance through improved protocols and routing; and implementing a decentralized topology that allows any two nodes on it to communicate regardless of each node's location or network settings—as if the two nodes are on the same local area network.

Abstract: Person or object authentication can be performed using artificial intelligence-enabled systems. Reference information, such as for use in comparisons or assessments for authentication, can be updated over time to accommodate changes in an individual's appearance, voice, or behavior. In an example, reference information can be updated automatically with test data, or reference information can be updated conditionally, based on instructions from a system administrator. Various types of media can be used for authentication, including image information, audio information, or biometric information. In an example, authentication can be performed wholly or partially at an edge device such as a security panel in an installed security system.

Abstract: A method for improving data transmission security at a user equipment comprises receiving, from a source network node, a connection release message including instructions for computing a hash value for data to be included in a connection request message; computing the hash value based on the instructions included in the connection release message; calculating a token based on the hash value, and sending, to a target network node, the connection request message including the token. The method may further forward the data from the target network node directly to a gateway after the token has been verified. The method may reduce a signaling overhead by having a fixed-size hash value for data. Furthermore, the method may improve a transmission security by including the token in an RRC message, in which the token is calculated based on the hash value representing the data.

Abstract: A data transmitter is disclosed. The data transmitter includes a digest generator configured in response to receiving a set of data from a data source to generate a digest from the set of data using a cryptographic primitive. The data transmitter further includes a packet generator configured to generate a series of one or more packets carrying the set of data for transmission, wherein each packet in the series includes a header, the set of data, a footer and the digest.

Abstract: Techniques are presented relating to security of blockchain transactions that transfer digital assets or entities from one resource to another. Techniques provide a computer-implemented method for improving the security, anonymity and/or control of a value-mixing blockchain transaction having a plurality of participating nodes, each node having a respective output address to which the transaction is to allocate value. The method includes encrypting by a node its output address using that node's public key, adding the encrypted output address to a set of output addresses for the transaction, shuffling the order of the encrypted output addresses in the set. Each participating node identifies its encrypted output address in the set, and replaces its encrypted output address with its unencrypted output address. The result is a shuffled set of output addresses that cannot be linked to a particular input. with its unencrypted output address.

Abstract: Disclosed herein are systems and methods for providing and using a decentralized network using a blockchain. A provider (and/or miner) may provide network coverage to one or more devices in return for tokens on the blockchain. The blockchain may employ a proof-of-coverage scheme to verify (and even guarantee) that the miners are honestly representing the wireless network coverage they are providing. In some instances, the proof of coverage may require the providers to prove coverage periodically, upon demand, and/or at random intervals.

Abstract: In a particular embodiment, decentralized oracles in an unmanned aerial vehicle (UAV) transportation ecosystem includes: receiving, by an oracle node of a plurality of oracle nodes, from a validating node of a plurality of validating nodes of a UAV transportation ecosystem, a request for data for fulfillment of a smart contract, wherein the plurality of oracle nodes are communicatively coupled via an overlay network implemented using a network communicatively coupling the plurality of validating nodes; generating, based on responses to the request from the plurality of oracle nodes, the data for fulfillment of the smart contract; and providing the data for fulfillment of the smart contract.

Abstract: Systems and methods for identifying and transacting with accounts across multiple external systems using inter-system account identifiers, without exposing internal account identifiers of an originating system, are disclosed. An example method, executed by the originating system, includes generating a first and a second inter-system account identifier based on a first and a second request, respectively, received at the originating system from a first and a second external system, respectively, that provide different services to an internal account of the originating system. The first and second inter-system account identifiers are communicated to the first and the second external system, respectively.

Abstract: A system and a method for secure communications over a network, the method comprising: receiving a data packet from a first device, the data packet comprising an encrypted data part and a metadata part, the metadata part comprising a cleartext part and removable metadata, the removable metadata comprising a network access code that is authenticatable by means of a network access key; validating the data packet, wherein validating the data packet comprises authenticating the network access code using the network access key; removing the removable metadata from the data packet after validating the data packet, thereby altering the data packet; and transmitting the altered data packet to a second device. The system comprises a first, a second, and a third device. The third device may comprise a receiver and a transmitter, and a validator that comprises a processor and a memory.

Abstract: This disclosure is directed to embodiments of systems and methods for controlling the access to files or other data. In some of the disclosed embodiments, a computing system receives a request for access to data by a first device operated by a first user, and determines that an identity of a second user associated with the data is to be authenticated to allow access to the data by the first device. The computing system invokes an authentication process to authenticate the identity of the second user based on an input provided to a second device by the second user and, based on that authentication process, determines that the identity of the second user has been authenticated based on the first input. The computing system then provides access to the data by the first device based at least in part on authentication of the identity of the second user. The authentication process may, for example, authenticate the identity of the second user based on a biometric input provided by the second user.