Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for communicating and sharing blockchain data. One of the methods includes sending, by a consensus node of a blockchain network, current state information associated with a current block of a blockchain to a trusted node with proof of authority outside of the blockchain network; sending a hash value to the trusted node for retrieving an account state stored in the historic state tree; receiving the account state in response to sending the hash value; and verifying that the account state is part of the blockchain based on the hash value.

Abstract: A method, a computer system, and a computer program product for authenticating a transaction are provided. An authentication system receives the transaction over a particular channel of a plurality of support channels. A risk score is determined for the transaction based on a number of contextual risk factors. An authentication scheme is determined from a number of authentication schemes for authenticating an identity of the user within an authentication context. The authentication scheme is determined based on the particular channel and the risk score. In response to successfully authenticating the identity of the user within the authentication context, the authentication system determines whether the transaction is a permitted transaction based on an assurance level associated with the authentication context. In response to determining that the transaction is the permitted transaction, the transaction is authenticated.

Abstract: Data stored on a data asset may be migrated to another data asset while maintaining compliance to applicable regulations. A data asset may experience a failure. Based on the type of data stored by that data asset and the applicable regulations, requirements, and/or restrictions that relate to a transfer of that type data from that data asset, a target data asset may be determined. The data stored on the data asset may then be transferred to the target data asset. The disclosed systems may use data models and/or data maps in determining the requirements for a data transfer and selecting target data assets.

Abstract: A method is provided to reduce inappropriate online behavior. The method includes providing a network service, receiving a request from a user to use the network service, and requesting a usage report about an email account associated with the user. The usage report is based on analysis of usage data representative of usage of the email account, and the analysis is based on at least one of a date that the email account was established, tracked history of emails received by the email account, and a history of IP addresses used when accessing the email account for communicating with multiple other email accounts, and the usage data is unrelated to content included in email messages exchanged by the email account. Either a first level or a second level of the network service available to the user is selected, wherein selection of the first or second level is based on whether the usage report meets selectable criteria.

Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.

Abstract: Techniques are provided for secure detection and management of compromised credentials. A first candidate credential is received, comprising a first username and a first password, wherein the first candidate credential was sent in a first request from a first client computer to log in to a first server computer. A first salt associated with the first username in a salt database is obtained. A first hashed credential is generated based on the first password and the first salt. The first hashed credential is transmitted to a set model server computer, wherein the set model server computer is configured to maintain a set model that represents a set of spilled credentials, determine whether the first hashed credential is represented in the set model, and in response to determining that the first hashed credential is represented in the set model, performing additional processing on the first hashed credential.

Abstract: Apparatuses, systems, methods, and computer program products are presented for aggregation platform permissions. A hardware computing device is configured to aggregate a user's data from a first plurality of third-party service providers over a data network for the user to access through a second plurality of third-party service providers. A permissions module is configured to monitor which of a second plurality of third-party service providers have access to which portions of data from which of a first plurality of third-party service providers. A graphical user interface is configured to display one or more user interface elements allowing a user to grant and/or revoke access to portions of data from a first plurality of third-party service providers individually to a second plurality of third-party service providers.

Abstract: This application discloses a method of provisioning an electronic device. The electronic device establishes a communication link with a client device that can obtain network credentials for accessing a secure wireless network. The network credentials is configured to enable the electronic device to independently access the secure wireless network. The client device encrypts at least a portion of the network credentials using a password key provided by a remote server. The password key is based on a secret not known to the client device, and the secret is associated with the electronic device at the remote server. The client device sends the encrypted network credentials to the electronic device over the established communication link, thereby allowing the electronic device to recover the network credentials based on the secret and access the secure wireless network using the network credentials.

Abstract: In some examples, a network device includes an interface, and a processor to apply a restriction on multicast communication associated with an entity on the interface. The restriction on multicast communication includes detecting, on the interface, a multicast communication pattern associated with the entity, indicating, based on the multicast communication pattern on the interface violating a threshold, that the entity is malicious, and blocking processing of the multicast communication associated with the entity in response to indicating that the entity is malicious.

Abstract: Techniques are described that facilitate generating a set of communication privilege rules that control real-time communication session associated with a client account. More specifically, a Communication Privilege Control (CPC) system is described that can generate a set of communication privilege rules for control of a communication session. The CPC system may detect a real-time communication session between a client device associated with a client account and a third-party device, and in doing so, determine whether the real-time communication session is restricted by the set of communication privilege rules. In doing so, the CPC system may transmit notification data to a trusted device associated with the client account. The notification data may include one or more selectable options to permit the trusted device to control the real-time communication session.

Abstract: A system, method and program product for obfuscating audible messages in a listening space A system is provided that includes an orchestrator having: an invocation detection system that triggers an obfuscation event; a system for selecting injector nodes in the listening space for the obfuscation event; and a key management system that distributes keys, derived from a natural interface key, to the injector nodes to cause the injector nodes to inject sounds into the listening space to obfuscate an audible message broadcast by a source node for a target node; and a machine learning system that calculates the natural interface key based on interactions captured from the source node in the listening space.

Abstract: A method for downloading a profile on an embedded universal integrated circuit card (eUICC) of a terminal is provided. The method includes transmitting a profile request containing eUICC authentication information to a profile providing server through a security channel, upon receiving, from the profile providing server, profile-related information generated in response to the profile request, displaying non-encrypted profile information contained in the profile-related information on a screen, identifying whether a user input indicating whether to proceed to download the profile is detected, and downloading the profile, corresponding to the identified user input.

Abstract: Systems and methods for creating fingerprints for devices are described herein. In various embodiments, the system includes a device management system operatively coupled to a merchant system. According to particular embodiments, the device management system: 1) receives a first payload correspond to a device from the merchant system, the first payload including data in a particular format; 2) creates a fingerprint for the device by parsing the first payload and creating a record of a section format for each of one or more distinct sections of the particular format; and 3) comparing a format of each subsequent payload that corresponds to the device to the fingerprint for the device to determine whether the device has been compromised.

Abstract: A method for pairing a key fob with a control unit is provided. The key fob executes an ID authenticated key agreement protocol with a pairing device based on a key fob identification to authenticate one another and to generate a first encryption key. The pairing device encrypts a control unit identification using the first encryption key. The key fob receives the encrypted control unit identification transmitted from the pairing device. The key fob then executes an ID authenticated key agreement protocol with the control unit based on the control unit identification to authenticate one another and to generate a second encryption key. The key fob then receives an operational key transmitted from the control unit that is encrypted with the second encryption key.

Abstract: Exemplary embodiment of the present disclosure can include, for example, a logic-locking circuit (“SARLock”), which can include a logic cone(s) receiving a distinguishing input pattern(s) (DIP), a comparator(s) receiving the DIP(s) and a key value(s), and a logic gate(s) connected to an output of the logic cone and to an output of the comparator. A mask(s) can be connected to the comparator(s) and the logic gate(s). The logic gate(s) can be a XOR gate(s). The comparator(s) can be configured to flip a signal(s) based on a combination of the DIP(s) and the key value(s). A mask(s) can be connected to the comparator(s) and the logic gate(s), which can be configured to prevent the flipped signal(s) from being asserted for a correct key value(s).

Abstract: A printable electronic document is received into a computerized device. The printable document contains original markings that can be printed on print media to produce a printed document. However, before printing, a computerized device adds first hidden markings to the printable electronic document. Such first hidden markings have a first vector graphic size. Further, the computerized device removes a pattern from the first hidden markings in the printable electronic document and adds (only to the removed pattern in the printable electronic document) second hidden markings that have the same vector graphic size as, but are out of phase with, the first hidden markings. Also, the computerized device adds geometrically shaped distraction markings to the printable electronic document. The geometrically shaped distraction markings have a second vector graphic size that is much larger than the first vector graphic size of the first and second hidden markings.

Abstract: The application describes an authentication process that incorporates voice commands with an HTTP interface module to perform a multifactor authentication (MFA) process. For example, a first computer system may initiate the MFA process by sending, with a HTTP interface module maintained by the first computer system, a request to initiate the MFA process to the second computer system. The MFA process may also transmit an one-time password (OTP) to a first user device. The first computer system may receive an audible recitation of the OTP from a second user device. The OTP may be parsed and used to generate an HTTP request. The HTTP interface module may send the HTTP request to the second computer system. When the second computer system authenticates the user based at least in part on the non-audible file, the first computer system may receive confirmation of authentication of the user to initiate the transaction.

Abstract: A method for enhanced web browsing includes displaying additional information associated with potential leads referenced within the web content of web page. The method generally includes receiving, by an executable application associated with a web browser on a computer system, contents of a web page to be displayed by the web browser and parsing the content to identify one or more references to at least one potential lead, such as a business entity. The executable application then determines whether the at least one potential lead is associated with a record stored in a database, and displays the contents of the web page on the browser with the references highlighted and linked to the corresponding record in the database. Upon selecting the highlighted reference, an object comprising the information from the record in the database is displayed in the web browser.

Abstract: A system for managing communication ports in a Kafka cluster is disclosed. The disclosed system receives a maintenance signal to shut down the Kafka cluster for maintenance. The Kafka cluster comprises a plurality of Kafka servers communicating with each other via a plurality of internal communication ports. In response to receiving the maintenance signal, the system shuts off a plurality of external communication ports arranged between the Kafka cluster and a plurality of external servers. Then, the system synchronizes the Kafka servers by replicating data among the Kafka servers. After determining that the Kafka servers are synchronized, the system shuts down the Kafka servers for maintenance. The internal communication ports are retained open when the system shuts down the external communication ports and during the maintenance.

Abstract: In one embodiment, a wireless mobile User Equipment (UE) device comprises a message generator configured to send a SIP request message via a first IP network and a processor configured to process a SIP response message received from a network node via the first IP network, the processor further configured to process instructions to provide a treatment for at least one message body content of the SIP response message based on a value of a content type indicator independent of at least one of an absence of a content disposition indicator, a content disposition indicator without a value and a content disposition indicator having a value. The treatment, applied by the UE device, may comprise one of: (i) performing an Emergency Services (ES) call effectuated via a CS network and (ii) performing a registration and an ES call effectuated via an IP network.