Abstract: The disclosure relates to user-centric access to blockchain-based services accessed through a telecom network. User devices may each include a Digital Passport Application (“DPA”), which may be stored at an eSIM of the user device. The DPA may be directed to and anchor to an Edge Digital Gate (“EDG”) entitled to provide access to blockchain-based services. The DPA may store a digital persona that digitally represents an entity such as a user or machine so that the DPA may access and interact with blockchain-based services on behalf of the entity. For instance, the digital persona may bind a physical identity of the entity with a digital identity through a private key of the entity. The private key may be used to digitally signed the access token. The digital persona may further link the digital identity with one or more (typically multiple) virtual identities each associated with a blockchain-based service.

Abstract: Disclosed are methods, apparatus, systems, and computer readable storage media for providing access to a private resource in an enterprise social networking system. One or more servers may receive a request for access to a private resource to be granted to a user from a publisher. The publisher may be configured to publish a message as a feed item to one or more feeds, where the message includes a user identification identifying the user. The user does not have access to the private resource. The feed item may be provided to display in the one or more feeds. Access may be granted to the user via the one or more feeds. In some implementations, access may be granted in response to a user input from the feed item associated with a moderator or owner, the moderator or owner having a privilege to control user access to the private resource.

Abstract: An example operation may include one or more of identifying a new block to be created for a blockchain via a new block creation cycle, executing chaincode stored in the blockchain, identifying one or more credentials assigned as one credential per registered member organization of the blockchain based on the chaincode, validating the one or more credentials and determining consensus is satisfied via a consensus service, and creating the new block responsive to the consensus being satisfied.

Abstract: The present invention provides a method and a device for generating an HD wallet name card and a method and a device for generating an HD wallet trusted address. The method for generating the HD wallet name card comprises: first signature information is obtained by digitally signing first user information with a first private key; second signature information is obtained by digitally signing second user information with a first trusted private key; and the first user information, the second user information, the first signature information and the second signature information are integrated to generate the HD wallet name card. The present invention is advantageous in that the wallet information is digitally signed with the preset first trusted private key and the first private key, thus preventing the HD wallet name card from being forged, intercepted, and modified by a third party so as to ensure the security of transaction.

Abstract: Systems and methods for transmitting critical data to a server are provided. The data structure intended for transmission to the server is divided up on the client side into a substructure containing critical data (CD) and a substructure not containing CD. The substructure containing CD is further divided up at the client side into at least two substructures and the resulting substructures are sent consecutively to the server via a node with a transformation module. The substructure not containing CD is sent directly to the server, bypassing the node with the transformation module. After receiving the substructures, they are combined at the server side into a single data structure. The critical data are data with respect to which the law of the state in whose jurisdiction the client or an authorized entity is located imposes restrictions on the gathering, storage, accessing, dissemination and processing thereof.

Abstract: An apparatus, a computer program product and a method for dimensionality reduction comprising: obtaining a set of Application Programming Interface (API) functions of a system invocable by a program, and a set of artifacts. Each artifact is associated with at least one API function and indicative of a functionality thereof. The method further comprising: clustering the API functions based on an analysis of the artifacts to create a set of clusters smaller than the set of API functions, such that each cluster comprises API functions having a similar functionality; and performing a dimensionality reduction to a feature vector using the set of clusters.

Abstract: A method includes generating a private key associated with a distributed ledger. The private key is stored on a secure memory. A storage device is manufactured and includes an onboard computing device having the secure memory integrated therein. The onboard computing device is configured to sign one or more ledger operations with the private key.

Abstract: A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; determining possible security-relevant capabilities for the computing platform; and rendering graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform.

Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

Abstract: A source code analysis tool is augmented to support rule-based analysis of code to attempt to identify certain lexical information indicative of hard-coded secret (e.g., password) support in the code. The tool takes the source code as input, parses the content with a lexical analyzer based on language grammar, and processes the resulting data through preferably a pair of rule-based engines. Preferably, one engine is configured to identify variables explicitly intended to be used as a hard-coded secret, and the other engine is configured to identify data strings that could potentially support such a secret. The outputs of these rules engines are consolidated and evaluated to identify a likelihood that the code under examination includes support for a hard-coded secret. The result is then provided to the developer for further action to address any potential security vulnerability identified by the analysis.

Abstract: A blockchain single-leader election algorithm that overcomes the deficiencies of existing blockchain implementations, such as implementations that rely on the proof of work, is described herein. For example, the single-leader election algorithm may include a series of rounds, where at most one node is selected as a leader in each round and the selected leader is able to form a new block in the blockchain. The single-leader election is not an election in which there are votes, but an election in which a node is selected as a leader at random to avoid bias, such as the bias that is present in existing blockchain implementations. Any node can become a leader, and the elections are driven by burning or destroying a cryptocurrency that is different than the cryptocurrency provided to a node as a block reward and transaction fees when the node is selected as a leader.

Abstract: The disclosed computer-implemented method may include initializing a server instance using a specified network address and an associated set of credentials, logging the network address of the initialized server instance as well as the associated set of credentials in a data log, analyzing network service requests to determine that a different server instance with a different network address is requesting a network service using the same set of credentials, accessing the data log to determine whether the second server instance is using a network address that is known to be valid within the network and, upon determining that the second server instance is not using a known network address, preventing the second server instance from performing specified tasks within the network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A cybersecurity assessment system is provided for monitoring, assessing, and addressing the cybersecurity status of a hierarchy of target networks. The cybersecurity assessment system may scan individual target networks and produce data regarding the current state and properties of devices on the target networks. The cybersecurity assessment system may generate user interfaces to present cybersecurity information regarding individual target networks, and composite cybersecurity information regarding a hierarchy of target networks or some subset thereof. The cybersecurity assessment system can generate access configurations that specify which cybersecurity information of the hierarchy can be accessed by individual target networks of the hierarchy.

Abstract: Systems and methods for combining input data and machine learning models that remain secret to each entity are described. This disclosure can allow groups of entities to compute predictions based on datasets that are larger and more detailed collectively than individually, without revealing their data to other parties. This is of particular use in artificial intelligence (AI) tasks in domains which deal with sensitive data, such as medical, financial, or cybersecurity.

Abstract: A method may include sending, to an entry point of an instrumented web application, a first request including a first value of a parameter. The first value may correspond to a first vulnerability category. The method may further include receiving, from the instrumented web application, first taint analysis results, determining that the first taint analysis results include a sink function corresponding to a second vulnerability category, and sending, to the entry point, a second request including a second value of the parameter. The second value may correspond to the second vulnerability category. The method may further include receiving, from the instrumented web application and in response to sending the second request, second taint analysis results including the sink function, and detecting, in the instrumented web application and using the second taint analysis results, a vulnerability corresponding to the sink function and the second vulnerability category.

Abstract: Systems, methods, and storage media for determining the probability of cyber risk-related loss within one or more computing systems composed of computing elements are disclosed. Exemplary implementations may: assess vulnerability by determining an exposure window for a computing element based on the number of discrete times within a given time frame where the computing element is in a vulnerable state; determine a frequency of contact of the computing element with threat actors; normalize the exposure window and the frequency of contact; calculate a threat event frequency by dividing the normalized exposure window by the normalized frequency of contact; and repeat the steps for multiple elements. When combined with liability data that describes the loss magnitude implications of these events, organizations can prioritize the elements based on loss exposure and take action to prevent loss exposure.

Abstract: Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the data RCP. The data RCP is encrypted using the Key RCP to produce a subsequent data RCP. The subsequent data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a data RCP to obtain a Key RCP using each element of the data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the data RCP to produce a subsequent Key RCP. A data structure is encrypted using the data RCP to produce an encrypted data structure.

Abstract: A method, comprises: receiving, by a server device, a policy identifier from a user device, wherein the policy identifier represents the occurrence of an event on the user device; matching, by the server device, a policy to the policy identifier; and outputting, by the server device, the matched policy to the user device to cause the user device to set the policy on the user device.

Abstract: A user may be authenticated using an authentication scheme based on user access to two or more selected electronic devices. A security key may be assigned to the user. The security key is divided into multiple parts that are distributed among electronic devices associated with the user. The security key can be reconstructed based on a distributed trust among the devices, where some devices may have a higher trust level than others. For example, each device can receive a number of key parts. In response to a request to authenticate the user, parts of the security key may be retrieved from two or more, but less than all, of the plurality of electronic devices associated with the user. The retrieved parts are used to reconstruct the security key, and the user is authenticated based on the reconstructed security key.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.