Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: Systems and methods for authentication may include a first device having an association with a first account, including a memory containing one or more applets, a counter value, and transmission data, a communication interface, and one or more processors in communication with the memory and communication interface. The first device may create a cryptogram based on the counter value, wherein the cryptogram includes the counter value and the transmission data. The first device may transmit, after entry of the communication interface into a communication field, the cryptogram, and update, after transmission of the cryptogram, the counter value. The first device may receive, via the communication interface, one or more encrypted keys and one or more parameters. The first device may decrypt the one or more encrypted keys and, after decryption of the one or more encrypted keys, switch an association from the first account to a second account.

Abstract: A distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. The computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. Safe and performant transaction processing is provided using an optimistic concurrently control that includes a collision detection and undo mechanism.

Abstract: An electronic book distribution system includes electronic devices that reset their passcodes after specified authentication failures. The passcodes of an individual electronic device is reset to a value that is generated using a predefined function of a randomly generated support code. The support code is displayed to the user, and the user is instructed to contact a support service in order to obtain the new passcode. The support service independently authenticates the user, calculates the new device passcode using the same predefined function used by the electronic device, and provides the new passcode to the user.

Abstract: Methods to strengthen the cyber-security and privacy in a proposed deterministic Internet of Things (IoT) network are described. The proposed deterministic IoT consists of a network of simple deterministic packet switches under the control of a low-complexity ‘Software Defined Networking’ (SDN) control-plane. The network can transport ‘Deterministic Traffic Flows’ (DTFs), where each DTF has a source node, a destination node, a fixed path through the network, and a deterministic or guaranteed rate of transmission. The SDN control-plane can configure millions of distinct interference-free ‘Deterministic Virtual Networks’ DVNs) into the IoT, where each DVN is a collection of interference-free DTFs. The SDN control-plane can configure each deterministic packet switch to store several deterministic periodic schedules, defined for a scheduling-frame which comprises F time-slots. The schedules of a network determine which DTFs are authorized to transmit data over each fiber-optic link of the network.

Abstract: A system and method for sampling telemetry events are provided. The method includes receiving, by a cloud-based server, a plurality of telemetry events, related to an application, from a plurality of client devices; generating, by the cloud-based server, a sampling model for collecting a telemetry event based on the plurality of telemetry events, where the sampling model defines under what conditions the telemetry event is to be reported by a client device; generating, by the cloud-based server, an instruction for determining whether or not to report an incoming same telemetry event by the client device based on the sampling model; and providing, by the cloud-based server, the instruction to the client device, to allow the client device to determine whether or not to report the incoming same telemetry event based on the instruction.

Abstract: A system on a chip (SoC) includes a security processor configured to determine that a first channel ID describing a {source, destination} tuple for a crypto packet matches a second channel ID describing a corresponding {source, destination} tuple for a preceding crypto packet received immediately prior to the crypto packet. The SoC also includes a decryption engine configured to, responsive to the determination that the first channel ID matches the second channel ID: obtain a set of round keys applied to perform an add round key computational stage of a previous decryption datapath used to decrypt a preceding cipher text block obtained from the preceding crypto packet, and to reuse the set of round keys to perform a corresponding add round key computational stage of a current decryption datapath used to decrypt a cipher text block obtained from the crypto packet.

Abstract: Various systems and methods of establishing and utilizing device management (DM) services in Internet of Things (IoT) networks and similar distributed network architectures, are described herein. In an example, a Cloud-To-OCF Device mediator service may be established from OCF services definition; this mediator service may be used to establish connectivity between a cloud-capable device and a cloud-based service. Further systems and methods to provide a proxy access service (PAS) hosted on a cloud service provider, that enable a PAS to coordinate and preserve device-to-device interactions from end-to-end, are also disclosed.

Abstract: Presented are cryptographic digital assets for retail products, methods for making/using such cryptographic digital assets, and computing systems for generating, intermingling, and exchanging blockchain-protected products. A method for provisioning cryptographic digital assets associated with retail product transfers includes broadcasting notifications of a future transaction of a retail product, and receiving, over a distributed computing network from the computing devices of multiple users, requests to participate in the transaction. A select number of users is added to a virtual line associated with the retail product transaction; from the virtual line, a first user is selected to receive the retail product and a second user is selected to receive a cryptographic digital asset containing a digital retail product and a unique digital asset code.

Abstract: According to an embodiment, a data transfer control device includes a controller, and the controller generates tag information when the controller receives a tag generation request, and encrypts the tag information, transmits the encrypted tag information to a device that transmits the tag generation request, processes data stored at a predetermined address to generate data for transmission when an address at which the data related to the data transfer request is stored includes the predetermined address, scrambles or encrypts the data for transmission using the tag information, and transmits the scrambled or encrypted data to the device.

Abstract: In one or more embodiments, a first information handling system (IHS) may: encrypt a document utilizing a symmetric encryption key to produce an encrypted document; and encrypt a metadata file, which includes the symmetric encryption key, utilizing a session encryption key to produce a first encrypted metadata file. In one or more embodiments, a second IHS may: decrypt the first encrypted metadata file utilizing the session encryption key to produce the metadata file; and encrypt the metadata file utilizing a public encryption key associated with a second TPM associated with a third IHS to produce a second encrypted metadata file. In one or more embodiments, the third information handling system may: decrypt the second encrypted metadata file utilizing a private encryption key associated with the second TPM to produce the metadata file; and decrypt the encrypted document utilizing the symmetric encryption key, from the metadata file, to produce the document.

Abstract: A system stores transaction data in a ring chain architecture. A ring chain comprises blocks of data stored as a length-limited block chain in a ring buffer configuration. A block of transactions is stored on a ring chain until enough new blocks are added to overwrite the ring buffer with new blocks. The system stores multiple ring chains that update at varying frequencies. A new block on a lower frequency ring chain stores an aggregation of data from the blocks that were added to a higher frequency ring chain in the time since the previous addition of a block to the lower frequency ring chain. Thus, a system of ring chains stores progressively summarized state transition data over progressively longer time intervals while maintaining immutability of the record and reducing storage requirements.

Abstract: An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.

Abstract: A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.

Abstract: A computer-implemented method for establishing consensus in a blockchain network, a total ordering service for a blockchain network, and a computer program product. One embodiment may comprise providing a first total ordering service (TOS) gateway for an organization in a blockchain network, generating a symmetric key at the first TOS gateway, splitting the symmetric key to generate a plurality of key shares, and distributing at least one of the plurality of key shares to a second TOS gateway in the blockchain network. The TOS gateway in some embodiments may have read/write access to a shared message queue that makes messages available to each other TOS gateway in the blockchain network. Some embodiments may further comprise recovering the symmetric key by requesting one of the key shares from the second gateway in the blockchain network, and reconstructing the symmetric key using the one of the key shares.

Abstract: A method of provisioning or distributing a cryptographic digital asset and supervising a secondary transfer of the digital asset includes receiving a transaction confirmation indicative of a completed transaction of a product from a first party to a second party; determining or receiving a unique owner identification (ID) code or wallet address of the second party; recording or transmitting a request to record ownership of the cryptographic digital asset to the unique owner identification (ID) code or wallet address of the second party; receiving a request to transfer the cryptographic digital asset to a second unique owner identification (ID) code or second wallet address; and recording or transmitting a request to record ownership of the cryptographic digital asset to the second unique owner identification (ID) code or second wallet address.

Abstract: A non-transitory computer readable medium stores a program causing a computer to execute a process which includes, for example, receiving entry of first information from a requesting user, specifying, among registered users, a candidate corresponding to the received first information, and controlling a display to display a first screen including (i) a clue of second information of the candidate, the clue only partially showing the second information of the candidate, and (ii) a button for calling up a second screen from which the second information is entered by the requesting user. The first screen does not receive entry of a password from the requesting user.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media provide for the intelligent detection of sensitive information within a communication platform. The system displays a communication interface including a first input section for receiving an input message associated with a sending user account, and a display section for displaying message information received by the sending user account from other user accounts. The system determines or retrieves a sensitive messaging profile for the sending user account, then receives an input message associated with the sending user account. The system detects that the input message comprises sensitive information, and transmits a sensitive message to one or more receiving user accounts within a sensitive container component, with the sensitive message including at least a subset of the input message.

Abstract: A method of event-based distribution of a cryptographically secured digital asset includes receiving, from a computing device associated with a user, an indication that the computing device is located at a predetermined venue within a predetermined window of time, receiving an indication that a conditional triggering event has occurred during the predetermined window of time, receiving, from the computing device, a unique owner identification (ID) code associated with the user, and transmitting a request to record a transfer of the cryptographically secured digital asset to the user on a distributed blockchain ledger. The request comprises both a unique digital asset ID code and the unique owner ID code, and transmitting the request to record the transfer of the cryptographically secured digital asset on the distributed blockchain ledger occurs only after the indication is received that the conditional event has occurred.

Abstract: Technology related to blockchain cybersecurity solutions and a blockchain applicability framework is disclosed. In one example of the disclosed technology, a system is configured to store, in a database, a plurality of cryptographically-signed records of data transmitted between an asset and a utility historian, and store, in a distributed ledger, a respective hash value corresponding to each record of the database. The system can be further configured to verify a selected record by recomputing a hash value corresponding to the selected record and comparing the recomputed hash value to the respective hash value stored in the distributed ledger in correspondence with the selected record.