Abstract: Techniques for implementing a ledger-independent token service are provided. According to one set of embodiments, a computer system executing the service can receive, from a user, a request to create a token on a distributed ledger network. The computer system can further provide to the user one or more token templates, where each token template corresponds to a type of physical or digital asset and defines a set of one or more attributes and one or more control functions associated with the type. The computer system can then receive, from the user, a selection of a token template in the one or more token templates and create the token on the distributed ledger network, where the created token includes the set of one or more attributes and one or more control functions defined in the selected token template.

Abstract: A system and method for authenticating a user are disclosed. The system and method may use particular measurements, with high statistical powers based on keyboard typing and cadence to produce a way of authentication users which is many orders of magnitude better than existing methods.

Abstract: Methods and systems for encrypting sensitive information are disclosed comprising hashing sensitive information by a hash function and selecting a salt or key salt based, at least in part, on the hashed sensitive information. If a salt is selected, the selected salt is combined with the hashed sensitive information to yield combined sensitive information, which is encrypted and stored. If a key is selected, such as an AES key, for example, the sensitive information is encrypted by the selected encryption key, and stored. The keys and salts may be encrypted by a cryptographic processing system that generates and stores keys, such as a key management system and/or a hardware security module, for further protection. The salts may be concatenated into a binary large object prior to encryption. Methods and systems for updating of stored records comprising encrypted sensitive information are also described.

Abstract: The UNIFIED ONLINE CONTENT MANAGER APPARATUSES, METHODS, AND SYSTEMS (“Online Content Manager”) transforms identification information and selection data inputs via a search engine component, a query interface component, a profile component, a content retrieval interface component, a content management system component and a collaboration component into a profile data output, a generated query output, search results output, and a secure homepage with customized content. In one embodiment, the method includes receiving a request to access secure content through a network; automatically constructing a query based on the request without additional input; providing the constructed query to the search engine and running the constructed query against an index of disparately owned content; trimming the results; constructing a display by placing the trimmed results of the query within a multi-source owner template interface; and providing the multi-source owner template interface to a requestor for display.

Abstract: A system and method for authenticating a user through unique aspects of the user's keyboard are provided. The system and method measure particular aspects of the keyboard performance, which identifies each keyboard uniquely. Thus, the proper keyboard used when logging in to a service or a network can be authenticated.

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.

Abstract: A technique provides access to content within a computing environment. The technique involves identifying a set of network addresses of a webpage, the webpage being associated with an application. Each of the set of network addresses is associated with content related to the application, and at least one of the set of network addresses is associated with content that is blocked. The technique further involves generating a set of assessed values for the set of network addresses of the webpage based on assessment criteria, and configuring a content filter to allow access to the content associated with the at least one of the set of network addresses based on the set of assessed values.

Abstract: A system and a method of detection of an attack on a computer network including a plurality of nodes, the method including: associating the plurality of nodes with each other in a distributed ledger configuration; producing, by a requesting node of the plurality of nodes, a request to set a value of at least one key derivation parameter; performing a vote of confidence among a subset of the plurality of nodes regarding the validity of the request; and detecting an attack on at least one node of a plurality of nodes according to the vote of confidence.

Abstract: A method for identifying and/or authenticating a user on a device, the method comprising: requesting identification or authentication of the user for a first task; determining a first threshold in dependence on the first task; selecting a first authentication process from a plurality of authentication processes; determining a confidence score in dependence on a performance of the selected first authentication process, wherein the confidence score indicates a level of confidence in the user's identity; determining whether the confidence score is above or below the first threshold; and if the confidence score is below the first threshold, selecting a second authentication process from the plurality of authentication processes, otherwise identifying or authenticating the user for the first task.

Abstract: Methods, apparatus, and processor-readable storage media for generating unique virtual process identifiers are provided herein. An example computer-implemented method includes generating a virtual process identifier for a process within a given network, wherein the virtual process identifier is based at least in part on multiple items of process-related information; associating the virtual process identifier with one or more types of events to be carried out within the given network in connection with the process; filtering repetitive events from a set of processed events carried out in connection with the process, wherein filtering the repetitive events comprises identifying multiple instances of the virtual process identifier associated with multiple instances of the same type of event; and reporting, to at least one server, the processed events remaining subsequent to the filtering step.

Abstract: In one embodiment, a service receives a plurality of process hashes for processes executed by a plurality of devices. The service receives traffic data indicative of traffic between the plurality of devices and a plurality of remote server domains. The service forms a bipartite graph based on the processes hashes and the traffic data. A node of the graph represents a particular process hash or server domain and an edge between nodes in the graph represents network traffic between a process and a server domain. The service identifies, based on the bipartite graph, a subset of the plurality of processes as exhibiting polymorphic malware behavior. The service causes performance of a mitigation action in the network based on the identified subset of processes identified as exhibiting polymorphic malware behavior.

Abstract: Methods and apparatus for providing access to a service are disclosed. An example apparatus includes at least one processor, and memory including machine readable instructions that, when executed, cause the at least one processor to perform operations including, in response to receipt of a first network communication, retrieve a first list identifying multicast group memberships of a device existing at a first time, the first list retrieved from a storage device based on an identifier in the first network communication, the first network communication including a second list identifying multicast group memberships of the device existing at a second time later than the first time. The device is authenticated based on a comparison of the first list to the second list. A second network communication is transmitted indicating the device has been authenticated in response to the authentication.

Abstract: There are disclosed techniques for use in authentication. The techniques including setting a proximity threshold that represents a distance by which a first device and a second device can be separated without impacting authentication such that the selection is dependent on one or more environmental factors associated with the first device. The techniques also perform a comparison between the proximity threshold and a distance between the first and the second devices to produce a comparison result indicating whether the first device is proximate to the second device. Finally, based on the comparison result, the techniques determine whether to grant authentication such that at least one factor in the determination is the proximity of the first and the second devices.

Abstract: Systems, methods, and computer-readable media are disclosed for detecting digital content performing browser fingerprinting using web real-time communication (WebRTC). In one embodiment, an example method may include receiving digital content from a content server, rendering the digital content at a browser, determining application programming interface (API) call activity on the browser, the API call activity being caused by the digital content, determining that the API call activity comprises WebRTC API call activity, and determining, based at least in part on the WebRTC API call activity, that the digital content violates a policy for serving digital content at user devices.

Abstract: Provided is a method according to one embodiment of the present invention comprising the steps of: (a) a server generating, by means of a hash function, a message digest (MD) of a particular file when a request for authenticating same is obtained; (b) when an MD encoded with a private key of a particular user is obtained, and if (A) information for the MD, which was encoded with the private key of the particular user, decoded with a public key of the particular user matches (B) the MD generated in step (a), then the server registering, in a database, a hash value of the MD encoded with the private key of the particular user and a private key of the server; and (c) the server obtaining a transaction ID.

Abstract: Embodiments disclosed provide access to Traversal Using Relays around Network Address Translation (TURN) servers using trusted single-use credentials, and related methods, systems, and computer-readable media. In one embodiment, a method comprises receiving, by a TURN authentication agent, a request for a TURN server credential. Responsive to determining that the request is authorized, the agent generates a trusted single-use credential and transmits it to the requestor. Using this trusted single-use credential allows untrusted clients to access a TURN server without exposing a userid/password combination. In another embodiment, a method comprises receiving, by the TURN server, a request for a TURN service. The server challenges the request, and receives a userid and a password. Responsive to determining that the userid and the password constitute a trusted single-use credential and responsive to determining that the request is authorized, the server provides the TURN service for the requestor.

Abstract: A system and method for transmitting packets to a plurality of network devices that cannot be accessed via a single multicast message is disclosed. The system includes a gateway controller that received a multicast request from a client, and creates a plurality of multicast messages based on the number of different security classes. The gateway controller parses the request from the client and identifies all of the desired destination nodes. The gateway controller then identifies the security class that each of these destination nodes belongs to. Based on this, the gateway controller then creates one or more multicast messages, where each multicast message is intended for the destination nodes that belong to a single security class. In certain embodiments, the gateway controller also aggregates the acknowledgments from the destination nodes and forwards this information to the client.

Abstract: Described herein are hardware monitors arranged to detect illegal firmware instructions in a firmware binary image using a hardware design and one or more formal assertions. The hardware monitors include monitor and detection logic configured to detect when an instantiation of the hardware design has started and/or stopped execution of the firmware and to detect when the instantiation of the hardware design has decoded an illegal firmware instruction. The hardware monitors also include assertion evaluation logic configured to determine whether the firmware binary image comprises an illegal firmware instruction by evaluating one or more assertions that assert that if a stop of firmware execution has been detected, that a decode of an illegal firmware instruction has (or has not) been detected.

Abstract: A transmission system includes a first security unit coupling to application ends, a second security unit coupling to a user end, and a server. The server sends a first attribute key to the first security unit based on attributes of the application ends and sends a second attribute key to the second security unit based on attributes of the user end. To enable one application end, the first security unit encrypts a session key with the first attribute key, opens a socket, and sends the encrypted session key to the server. When the second security unit receives a request for the application end, the server sends the encrypted session key to the second security unit. The second security unit decrypts the encrypted session key with the second attribute key and connects to the socket. The second security unit interchanges information with the first security unit via the session key.

Abstract: Methods and systems for encrypting sensitive information are disclosed comprising hashing sensitive information by a hash function and selecting a salt or key salt based, at least in part, on the hashed sensitive information. If a salt is selected, the selected salt is combined with the hashed sensitive information to yield combined sensitive information, which is encrypted and stored. If a key is selected, such as an AES key, for example, the sensitive information is encrypted by the selected encryption key, and stored. The keys and salts may be encrypted by a cryptographic processing system that generates and stores keys, such as a key management system and/or a hardware security module, for further protection. The salts may be concatenated into a binary large object prior to encryption. Methods and systems for updating of stored records comprising encrypted sensitive information are also described.