Abstract: System and method for digitally signing messages using multi-party computation.

Abstract: A mesh device for receiving and processing a private beacon message, which can be represented by one or more Bluetooth Low Energy mesh packets. Upon receiving the private beacon message, the mesh device decrypts a first portion of the private beacon by using a first encryption key corresponding to a first subnet, wherein the first portion comprises an initialization vector (IV), in the form of an index or other indicator. The decrypting using the first encryption key results in a first decrypted value for the IV index. The mesh device then determines whether the first decrypted value for the IV index is valid or invalid. If the mesh device determines the first decrypted value to be valid, the mesh device proceeds with authenticating the data contained in the private beacon message.

Abstract: Cryptocurrency based malware and ransomware detection systems and methods are disclosed herein. An example method includes analyzing a plurality of malware or ransomware attacks to determine cryptocurrency payment address of malware or ransomware attacks, building a malware or ransomware attack database with the cryptocurrency payment addresses of the plurality of malware or ransomware attacks, identifying a proposed cryptocurrency transaction that includes an address that is included in the malware or ransomware attack database, and denying the proposed cryptocurrency transaction.

Abstract: A device for wireless terminal authentication may include at least one processor configured to receive, from a wireless terminal device, a request for user information, the request comprising a certificate corresponding to the wireless terminal device. The at least one processor may be further configured to verify the certificate based at least in part on a public key stored on the electronic device. The at least one processor may be further configured to, when the certificate is verified, determine whether the certificate indicates that the wireless terminal device is authorized to receive the requested user information. The at least one processor may be further configured to transmit, to the wireless terminal device, the requested user information when the certificate indicates that the wireless terminal device is authorized to receive the requested user information.

Abstract: Methods and apparatus to establish secure low energy wireless communications in a process control system are disclosed. An example field device includes a Bluetooth Low Energy (BLE) interface to receive a first initialization message from a remote device over an unpaired BLE connection. The first initialization message includes a plaintext message containing authentication content. The authentication content is generated based on a private authentication token available to the remote device using middleware. The field device also includes a BLE message analyzer to validate the plaintext message based on the authentication content using the authentication token stored by the field device.

Abstract: A system for generating unique digital certificates is provided that generates computed hashes public keys and compares them. The system method computes a hash of a public key, compares the computed hash of the public key with hashes of public keys previously generated, generates the digital certificate having the public key and a device identifier only if the computed hash of the public key does not match any of the hashes of public keys previously generated, and provides the digital certificate.

Abstract: For each respective virtual machine (VM) of a plurality of VMs, a distributed computing system generates a unique Application Binary Interface (ABI) for an operating system for the respective VM, compiles a software application to use the unique ABI, and installs the operating system and the compiled software application on the respective VM. A dispatcher node dispatches, to one or more VMs of the plurality of VMs that provide a service and are in the active mode, request messages for the service. Furthermore, a first host device may determine, in response to software in the first VM invoking a system call in a manner inconsistent with the unique ABI for the operating system of the first VM, that a failover event has occurred. Responsive to the failover event, the distributed computing system fails over from the first VM to a second VM.

Abstract: Systems and methods providing access control and data privacy/security with decentralized ledger technology are disclosed. To ensure data privacy the decryption or access to data by a non-data owner requires joint orchestration of decentralized system nodes to provide partial decryption components with n-of-x required to fulfill request. Data can be encrypted, and access control policy can be decided including required number of key fragments to fulfill decryption. Access control policies can be stored in the decentralized ledger based system. Key information can be stored in the system in a decentralized manner with partial key fragments encrypted and split among system nodes. An access request can be sent to the system to fetch a data file, without disclosing the requester's identity in the system. The decentralized ledger based system can verify a legitimate request to access the data and denies access to malicious or faulty participants.

Abstract: A system, method and computer program product for computer based open innovation, includes an asset valuation device receiving asset information regarding one or more tangible or non-tangible assets, and generating a valuation signal, based on the asset information; a self-executing code device receiving the valuation signal, and generating a self-executing code signal, based on the valuation signal; an air router device having both a low band radio channel, and an internet router channel for redundant internet communications, and a malicious code removal device for scrubbing malicious code from data received, receiving the valuation signal, and generating a node voting request signal, based on the valuation signal; and a mesh network having a plurality of node devices receiving the node voting request signal, and generating vote confirmation signals, based on the node voting request signal.

Abstract: Systems and methods for providing independent situational awareness messages are provided. The method includes receiving, by a rendering engine, a request for information from an input interface. The rendering engine queries at least one data store in response to the request. The rendering engine obtains public content data and private content data from the data store. The rendering engine transmits the public content data over a public output interface. The rendering engine transmits the private content data over a private output interface.

Abstract: In one aspect, a method for defining a group-based policy for access to computing resources by an application/container or a group of application/container, includes the step of with a credential server: specifying a computing resource; specifying a group name and a strong cryptographic identity associated with the group name. The method includes the step of specifying a policy for an application/container belonging to a specific group to access the set of resources belonging to another group. The method includes the step of with a handler process: reading a list of subnets for which authentication is to be enforced. The method includes the step of processing an initiate authentication request with an initiator of a new network connection or initiating a new authentication request with the initiator of the network connection.

Abstract: A computer-implemented method includes scanning changed computer instructions to detect vulnerabilities when the changed computer instructions are committed to a version control repository wherein the changed computer instructions comprise changes to a previous version of computer instructions. A vulnerability associated with an open issue for the previous version of computer instructions is determined to not be present in the vulnerabilities detected in the changed computer instructions and computer instructions are sent to close the open issue automatically based on the determination that the vulnerability is not present in the changed computer instructions.

Abstract: Aspects of the disclosure provide a technological improvement to a cipher by improving data security of format-preserving encryption (FPE), by, inter alia, embedding specific key identifiers for rotating keys directly into ciphertext. Aspects of the disclosure relate to methods, computer-readable media, and apparatuses for improving data security in a format-preserving encryption (FPE) context by using specific methods of rotating and identifying the appropriate encryption key from among numerous rotating keys stored in a key data store. Specific to FPE, a plaintext of the data and its corresponding ciphertext of the data remain the same in length/size; yet the methods, computer-readable media, and/or apparatuses disclosed herein permit embedding of an identification of a specific key among the plurality of rotating keys for the particular ciphertext without compromising the technical requirements of FPE.

Abstract: A system, a method, or a computer program for provisioning a non-enterprise client device with access to an extranet enterprise domain. The system includes an enterprise client device connected to an intranet, a provisioner that receives an extranet registration request from the enterprise client device, an active directory connected to the intranet, a database that stores a non-enterprise client record populated with the non-enterprise client data, a primary transmission system connected to the intranet that transmits a portion of the non-enterprise client data and a linkage message outside of the intranet, and a secondary transmission system connected to the intranet and configured to transmit to an access message outside of the intranet, wherein the provisioner generates a unique permanent identification IDINDEX for the non-enterprise client record.

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.

Abstract: A method for protecting information from databases includes a web application firewall and a database activity monitor. According to one aspect, a web gateway receives a request from a client device and provides the request to an application server to query a database. The web gateway receives sensitive data information describing requested data output by the database. The sensitive data information may include, for example, hints for detecting a type or structure of sensitive data output by the database. Additionally, the web gateway receives response data from the application server. The web gateway identifies sensitive data within the response data based on the sensitive data information. The web gateway protects the sensitive data to be provided to the client device using one or more data protection operations, which may include alerts, blocking policies, masking, or anomaly detection using machine learning algorithms.

Abstract: A data processing method includes determining whether a first conflicting application related to a first conflicting peripheral is in a whitelist, independently taking over the first conflicting peripheral in response to the first conflicting application being in the whitelist, where the first conflicting application runs in a rich execution environment (REE), and sending data generated by the first conflicting peripheral to the first conflicting application in response to a trusted user interface (TUI) being displayed.

Abstract: A request is obtained that, if fulfilled, is operable to access a computing resource, with the request including an indication to evaluate the request in a verification mode while inhibiting fulfilment of the request. Responsive to the request, a policy applicable to the request is determined, decision data that is relevant to the policy is obtained, and the request is evaluated based at least in part on the policy and the decision data to produce an evaluation result. Further responsive to the request, fulfillment of the request is inhibited, a verification report is generated based at least in part on the evaluation result, and a notification is provided indicating that the verification report is generated.

Abstract: A communication apparatus includes a communication unit having a first storage area of a predetermined size in which access from another apparatus is permitted and a second storage area of the predetermined size in which access from the other apparatus is permitted, and an encryption unit to generate concatenated encrypted data by using a block encryption method to encrypt a plurality of pieces of data which are to be read out by the other apparatus and encrypted. Data different from the concatenated encrypted data is held in the second storage area, and the concatenated encrypted data generated by the encryption unit is of a size not exceeding the predetermined size and is held in the first storage area. In addition, the size of padding data included in the concatenated encrypted data is smaller than a total size of padding data generated by individually encrypting the plurality of pieces of data.

Abstract: A method of an enterprise server for performing two-way authentication with a mobile device in a network is provided. The method includes receiving, by an enterprise server of the network, a user context record (UCR) generated by the mobile device when the mobile device initiates a connection request to the network; calculating, by the enterprise server, an authenticity score based on the received UCR; validating, by the enterprise server, the authenticity of the mobile device based on the authenticity score; and generating and transmitting, by the enterprise server, an information to the mobile device for the mobile device to validate the authenticity of the enterprise server based on the transmitted information.