Abstract: Systems and methods for protecting user data received by, stored on, and/or requested by third-party computing devices include a data entry computing system on a first network node. The data entry computing system includes a processing circuit configured to: identify user-entered data as sensitive user data, generate a content encryption key (CEK), generate encrypted user data by encrypting the sensitive user data with the CEK, and tag the encrypted user data and the CEK with a tag readable by a database server on a network node different than the data entry computing system. The tag includes information indicative of the user data. The processing circuit is configured to transmit the encrypted user data to the database server, wherein the database server excludes a private key of a key manager on a network node different than the data entry computing system.

Abstract: Provided is a method according to one embodiment of the present invention comprising the steps of: (a) a server generating, by means of a hash function, a message digest (MD) of a particular file when a request for authenticating same is obtained; (b) when an MD encoded with a private key of a particular user is obtained, and if (A) information for the MD, which was encoded with the private key of the particular user, decoded with a public key of the particular user matches (B) the MD generated in step (a), then the server registering, in a database, a hash value of the MD encoded with the private key of the particular user and a private key of the server; and (c) the server obtaining a transaction ID.

Abstract: Embodiments of systems and methods are provided herein to establish a secure communication channel for communicating dock configuration actions from an administrator information handling system (IHS) to a docking station. One embodiment of such a system includes an administrator IHS configured to communicate dock configuration actions to a docking station, a host IHS configured to verify the validity of a dock certificate received from the docking station against a dock certificate authority server, and a docking station configured to verify the validity of an administrator certificate received from the admin IHS against a preconfigured list of valid administrator certificates stored within the docking station. If the validity of the dock certificate and the administrator certificate are respectively verified by the host IHS and the docking station, the host IHS and the docking station are further configured to establish the secure communication channel between the administrator IHS and the docking station.

Abstract: A software architecture encoded on a non-transitory computer readable medium, where the software architecture includes a creation protocol, wherein the creation protocol is configured to create a plurality of dealing messages. The software architecture additionally includes a reading protocol, wherein the reading protocol is configured to read the dealing message to a receiver node of the selected group, wherein the receiver node is different from a dealer node whose information is contained in the corresponding dealing message. Moreover, the software architecture includes a verification protocol, wherein the verification protocol is configured to verify veracity of the corresponding dealing message, wherein the verification protocol is configured to be run by the receiver node. Further, the software architecture includes a complaint protocol, wherein the complaint protocol is configured to generate a complaint message, wherein the complaint message is signed by the receiver node.

Abstract: A digital electronic device, which performs authentication using a blockchain, includes: a physical node that is connected to a physical blockchain network and a virtual blockchain network constructed in the digital electronic device, and has attribute information including pubic key information, private key information, a unique identifier (ID), and a password available for encryption of a block including transaction data through the blockchain networks; at least one virtual node that is connected to the virtual blockchain network and has attribute information including pubic key information, private key information, a unique identifier (ID), and a password available for encryption of a block including transaction data through the virtual blockchain network; and a short range communication interface module configured to be able to directly communicate with a user communication device without passing through a gateway.

Abstract: The method comprises a client device receiving a verification request comprising an interaction identifier. The client device can compare samplings of block headers received from two or more full nodes. The client device can then, based on the comparing, verify at least one block header of the samplings of block headers. The client device can determine that a blockchain maintained by at least one of the two or more full nodes is valid in response to verifying the at least one block header of the samplings of block headers.

Abstract: Computer system, methods, and non-transitory storage medium for protecting a client device that is browsing a website from some undesired actions of third-party software. JavaScript Instrumenter to Secured Code (JISC) code (e.g. JavaScript/WebAssembly) is tailored per website that defines a set of policies of what each third-party code can and cannot do. The server also tracks and analyzes data reports from the websites, and provides reports and alerts to website administrators. Therefore, a browser on a client device visiting the website, and thus executing the JISC code that is tailored for that specific website, is protected from the third-party code, without hindering the proper action of the third-party software and without the third-party knowing that their code was monitored and controlled.

Abstract: Disclosed is a device and method to secure PUF information for authorized entities. In one embodiment, a device for securing physically unclonable function (PUF) information includes: a PUF information generator, comprising a PUF cell array and a helper data generator, configured to generate the PUF information, wherein the PUF information comprises a PUF response and helper data; and a PUF information encrypter, comprising a memory unit and a first crypto-system, configured to store at least one public key and encrypt the PUF information from the PUF information generator using one of the at least one public key.

Abstract: Managing passwords is provided. A machine training process is performed using a set of existing passwords to train a machine learning component. Members of a set of semantic categories are used to categorize respective passwords in the set of existing passwords. Password strengths corresponding to a set of candidate passwords are evaluated using the machine learning component. A resource is secured with a candidate password having a password strength greater than or equal to a defined password strength threshold level.

Abstract: An arrangement to direct a packet sent out from an arbitrary apparatus connected to a network to a predetermined authentication server without changing the configuration of a computer network. A packet transmitted from apparatus, such as a personal computer, newly connected to the network, is guided to an authentication server via communication control apparatus. The communication control apparatus replaces a MAC address of the destination addresses of another server, which is included in the ARP cache of the personal computer, with the MAC address of the communication control apparatus to guide the packet from the personal computer to the communication control apparatus. The communication control apparatus further transmits the received packet to a predetermined authentication server.

Abstract: A method and a system for secure communication are provided, said method including: a first terminal sending a request message to a second terminal, initiating a first time counting according to a preset timing mode when finishing sending the request message (101); the second terminal receiving the request message, and obtaining a response message according to the request message (102); the first terminal sending a response notification message to the second terminal when a value of the first time counting reaches a first value, and initiating a second time counting according to a preset timing mode when finishing sending the response notification message (103); the second terminal receiving the response notification message, and sending a response message to the first terminal (104); the first terminal permitting starting to receive the response message when a value of the second time counting is within an effective threshold of a second value (105).

Abstract: This disclosure describes dynamic access control using capabilities (via dynamic access control interface (150)) on a blockchain system (180). The blockchain data structure is a time-stamped list of blocks, chained together cryptographically. In this disclosure, capabilities can be recorded on a blockchain system (via capabilities storage (170)) and thus access propagation is known. This makes revocation of access achievable by recording a new transaction, which in effect removes the previous authorization. There will be no change to transaction history and instead a new transaction records (170) the current status of the capability. An example implementation on a blockchain system (180) is given in Ethereum, which allows programs called “smart contracts” to run as transactions.

Abstract: An example operation may include one or more of receiving, at an endorser node, a request message from a client system which comprises data to be stored on a blockchain, determining whether to endorse the data via invocation of chaincode which receives the data as input and executes the data against a current state of the blockchain, in response to a determination to endorse the data, generating a response message including a result of the execution and signing the response message based on a traceable blinded ring signature associated with the endorser node, and transmitting the generated response message that has been signed with the traceable blinded key ring to the client system.

Abstract: To provide validation information to web publishers indicative of the presence of operational malicious software protection systems on user computing devices, an evaluation system resident on a web publisher server can cause web content, including validation request data, to be transmitted from the publisher server to a computing device. A submission system resident on the computing device can analyze the web content for the validation request data, and can cause the validation information to be transmitted from the computing device to the evaluation system based on the analysis. Upon receiving the validation information, the evaluation system can analyze it to determine the likelihood that content delivered to the computing device will be viewed by a real user (and not by automated computer programs).

Abstract: Novel hardware-based frameworks and methods for the detection and inhibition or prevention of insider threats utilizing machine learning methods and data collection done at the physical layer are provided. Analysis is done on unknown USB-powered devices, such as a keyboard or mouse, introduced to a computing environment and, through the utilization of machine learning, the behavior of the unknown device is determined before it can potentially cause harm to the computing environment.

Abstract: A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.

Abstract: The present disclosure provides a method for securely transmitting electronic healthcare records between computing devices in communication. A request is received to access a database of electronic health records, checking for an authorization requirement, and generating a token associated with the authorization requirement and the received request. The token corresponds to a block in a Blockchain. The block includes a cryptographic hash of a previous block, a timestamp, and transaction data related to the received request, and the at least one authorization requirement. The token can be sent to allow access to at least one electronic health record in the database of electronic health records.

Abstract: Described herein is a system and method for performing ancillary activity. A device activity being performed by a user device of a user is detected. Attribute data associated with a plurality of attribute sources is accessed. A user preference indicating a preference for performing on a secondary user device a complementary activity corresponding to the device activity is inferred. Based on the inferred user preference, the secondary user device is identified according to a device status of the secondary user device, the device status indicating a device capability to perform the complementary activity. The complementary activity to be performed on the secondary user device is generated by analyzing at least one of the device activity, a device functionality of the secondary user device, and the user preference. Instructions to perform the complementary activity are transmitted to the secondary user device.

Abstract: Disclosed is a method and system for modifying content stored in a blockchain. The method comprises identifying an old block of the blockchain comprising undesired data in a transaction of the old block. An updated block may be created by correcting the transaction of the old block. A new block hash may be determined for the updated block. Corrected form of the transaction may be submitted, as a new transaction, along with the new block hash and the difference between the new block hash and hash of the old block. Miners may be allowed to mine the corrected form of the transaction, along with other new transactions. The other new transactions may be mined, based on a consensus of users of the blockchain, into a new block connected to a tip of the blockchain, and the old block may be edited to introduce the corrected form of the transaction.

Abstract: An apparatus, in one example, comprises a storage system configured to perform one or more deduplication operations on encrypted datasets received for a plurality of tenants and store at least a portion of the encrypted datasets, the datasets having been encrypted for respective ones of the plurality of tenants using a common encryption key. The apparatus further comprises a cryptographic module associated with the storage system, the cryptographic module configured to, in response to a request to access an encrypted dataset stored by the storage system corresponding to a given one of the plurality of tenants, further encrypt the encrypted dataset using a tenant encryption key associated with the given one of the plurality of tenants. The storage system is further configured to send the further encrypted dataset to the given one of the plurality of tenants that requested access.