Abstract: Methods and apparatuses for automatic determination of a content security policy for a network resource are described. A proxy server receives from a first authenticated client device a first request for a first network resource, retrieves the first network resource and transmits a first response to the first client device that includes a content tracker that causes the client device to report information on additional network resources identified when the first client device interprets the first network resource. A content security policy is determined based on the reported information. The proxy server receives, from a second client device, a second request for the first network resource. The proxy server transmits, to the second client device, a second response that includes the content security policy that is determined based on the information on the additional network resources.

Abstract: A method and system for controlling distribution of information items of a subject is proposed. The method and system comprises verifying compliance of a combination of new information items (to be received by a target computing system) and available information items (already available to the target computing system) with one or more sharing rules; a receipt of the new information items by the target computing system is controlled according to a result of this verification.

Abstract: A system and method for providing access to data of a first party including receiving information for identifying the first party, authenticating the first party using the received information for identifying the first party and generating a first read-only personal identification number (PIN). The first read-only PIN is associated with a first set of access rights for the data of the first party and provided to a second party. The first read-only PIN is stored with the first set of access rights in a computer database. A third party receives the first read-only PIN from the second party, authenticates the received first read-only PIN using the stored first read-only PIN and provides the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated.

Abstract: Storing and executing an application in a personal storage with a user-granted permission in a decentralized network that implements a distributed edger. First, receiving a request from an entity for storing an application in a data storage that is associated with a DID owner. The application is configured to use data stored in the data storage as one or more inputs to generate one or more results. Next, one or more characteristics of the application associated with the entity is identified. Based on identified one or more characteristics, a write permission is to be granted to the entity, and the application is stored in the data storage. Thereafter, the application stored in the data storage is executed using data stored in the data storage.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that maintain data confidentiality in communications involving voice-enabled devices in a distributed computing environment using homomorphic encryption. By way of example, an apparatus may receive encrypted command data from a computing system, decrypt the encrypted command data using a homomorphic private key, and perform operations that associate the decrypted command data with a request for an element of data. Using a public cryptographic key associated with a device, the apparatus generate an encrypted response that includes the requested data element, and transmit the encrypted response to the device. The device may decrypt the encrypted response using a private cryptographic key and to perform operations that present first audio content representative of the requested data element through an acoustic interface.

Abstract: Big data analytics is being used by many market participants. PII (Personally Identifiable Information) (e.g., age, race, social security number, address, etc.) plays a vital role in providing user-centric services. Many IT companies collect, store and process PII of their customers by means of various mobile applications. The example embodiments may explain how collective permission gathering through multiple Android applications by same publishers can disclose user's PII by using two new PII risk factors, and determine total risk factor for PII.

Abstract: Storing and executing an application in a personal storage with a user-granted permission in a decentralized network that implements a distributed edger. First, receiving a request from an entity for storing an application in a data storage that is associated with a DID owner. The application is configured to use data stored in the data storage as one or more inputs to generate one or more results. Next, one or more characteristics of the application associated with the entity is identified. Based on identified one or more characteristics, a write permission is to be granted to the entity, and the application is stored in the data storage. Thereafter, the application stored in the data storage is executed using data stored in the data storage.

Abstract: One or more embodiments of the present specification provides cross-blockchain interaction systems. One system includes: one or more anchor devices, wherein at least one of the one or more anchor devices comprises a first client terminal associated with a first blockchain network, and wherein the first client terminal is configured to monitor cross-blockchain requests sent from the first blockchain network; and one or more relay devices, wherein at least one of the one or more relay devices comprises a second client terminal associated with a second blockchain network that monitors cross-blockchain requests intended for the second blockchain network.

Abstract: According to some embodiments, an electronic device can implement a failsafe action. The system comprises a processor and a computer-readable medium comprising processor executable instructions, that when executed by the processor, performs a method, the method comprises receiving a first antidote message within a first time interval. Based on receiving the first antidote message, continuing normal operation of the electronic device is continued. The electronic device waits for reception of a second antidote message within a second time interval. A determination is made that the second antidote message was not received within the second time interval. In response to determining that the second antidote message was not received, implementing a first failsafe action.

Abstract: An example method includes establishing a single-user login session associated with a first user-account such that the single-user login session has read and/or write access to first user data associated with the first user-account. The method further includes accepting, within the single-user login session, a further login associated with a second user-account to convert the single-user login session to a multi-user login session having read and/or write access to second user data associated with the second user-account in addition to having read and/or write access to the first user data. Computer readable media and computing devices related to the example method are disclosed herein as well.

Abstract: A method for operating an attribute assertion device having a processor and memory to create an unlinkable digital signature-equivalent of an assertion message that is verifiable—by a service provider receiving the unlinkable digital signature-equivalent—as being generated from a digital signature of a known attribute provider having a public key PKAP. Operating the processor of the attribute assertion device to transform a digital signature of the attribute message into an unlinkable digital signature-equivalent using a one-way transformation of the signature, with the transformation process using a random value generated by the attribute assertion device and a challenge provided by the service provider.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: Techniques for validating a user on an electronic device in an Internet of Things (IoT) environment are provided. An example of an apparatus according to the disclosure includes a transceiver configured to detect one or more proximate devices, and at least one processor operably coupled to the transceiver and configured to receive authentication information from the user, determine that the one or more proximate devices is at least one companion device, and validate the user based on the authentication information and a detection of the at least one companion device.

Abstract: Embodiments seek to protect privacy of potentially sensitive client resources in web transactions using crowd-disambiguation. Crowd-disambiguation machines can aggregate information about resources from multiple clients as resource fingerprints, and can use the fingerprints to provide crowd-sourced services in a privacy-protected manner. For example, embodiments can communicate a resource fingerprint as a fully ambiguated resource instance (FARI) and a partially disambiguated resource instance (PDRI). When one (or few) clients communicates the resource fingerprint, the identity of the resource remains obfuscated from the crowd-disambiguation machine. As more clients communicate fingerprints for the same resource (e.g., identified by the matching FARIs), respective, differently generated PDRIs of those fingerprints enable the crowd-disambiguation machine to resolve further portions of the resource, ultimately permitting the resource to be revealed and considered non-private (e.g.

Abstract: Aspects refresh permission credentials by populating within user profile data sets cached for members an invalidated value and a first timestamp of said populating the invalidated value; selecting user profile data sets including the invalidated value; identifying a second timestamp of time of creation of the permission credential within the selected user profile data sets; and in response to determining that a time elapsed between the first and second timestamps does not exceed a threshold, rebuilding the selected user profile data sets to include an updated value of the permission credential and set the second timestamp value to a current time of the rebuild, and cache (store) the rebuilt selected user profile data set within the repository.

Abstract: In some embodiments, a method can include measuring, via a sensor disposed within an interior of a housing, an out-of-band characteristic of an electronic circuit disposed within the interior of the housing. The method can further include receiving, from the sensor and at a management circuit disposed within the interior of housing, a sensor signal indicating the out-of-band characteristic of the electronic circuit. The method can further include analyzing, at the management circuit, the out-of-band characteristic of the electronic circuit to produce an alarm signal. The method can further include sending, from the management circuit, the alarm signal to initiate a remedial action in response to receiving the alarm signal.

Abstract: The present disclosure relates to a transaction licensing system (TLS) for managing transactions and entitlements in a cloud-based system, wherein a transaction is a communication with an external server. The TLS includes at least one transaction licensing database (TLDB) that is configure to store entitlement and transaction data. The entitlements may include a general entitlement pool, as well as specialized entitlement pools with entitlements for executing particular transactions. The TLS is configured to determine identifying information for a transaction and then use this information to determine whether the general or specialized entitlement pools associated with the transaction has entitlements available in the TLDB to execute the transaction. When a suitable entitlement is determined to be available, the transaction is executed and the general or specialized entitlement pool is appropriately decremented. When no suitable entitlements are available, the TLS returns an exception.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: The present invention relates to a dynamic security method and system based on multi-fusion linkage response. In the method, a site control device conducts active response and passive response through identity authentication and key management to give an alarm for abnormal behaviors. The system comprises an access authentication active response module, an access control active response module, an access control passive response module, an abnormal pretending passive response module, a key vulnerability passive response module and an abnormal state passive response mechanism module. On the basis of ensuring validity and feasibility for the security of a terminal device, the present invention can build a secure and trusted industrial control system operating environment.

Abstract: Data obfuscation is generally discussed herein. In one or more embodiments, a memory circuit can include a storage portion including entries with corresponding addresses, one or more of the entries configured to include data stored thereon, and processing circuitry to read first data from a first entry of the entries, alter the first data by at least one of: (1) flipping one or more bits of the first data, (2) scrambling two or more bits of the first data, and (3) altering an address of the first data, and write the altered first data to the storage portion.