Abstract: A method and apparatus for secured, peer-to-peer transfer of data rights over a computer network, the method being accomplished by a distributed computing system including a distributed ledger platform. Root rights are defined and delegated to wallets in a multilevel manner to thereby isolate wallets associated with the root right from cyber risk.

Abstract: Generating a cybersecurity risk model using sparse data is disclosed, including: obtaining signals associated with a cybersecurity risk, wherein the obtained signals include technographic signals and query derived signals obtained from queries; generating pseudo signals based at least in part on a priori factors relating to the cybersecurity risk; and combining the pseudo signals and the obtained signals into a Bayesian model indicating the cybersecurity risk.

Abstract: A system determines baseline deployment properties of operating system deployments stored by a deployment repository and endpoint deployment properties of a deployed operating system executed by an endpoint device. An artificial intelligence model is configured to determine a security response based at least in part on the endpoint deployment properties of the endpoint device. By providing the endpoint deployment properties to the artificial intelligence model, a mismatch value is determined that corresponds to an amount that the endpoint deployment properties are different than the baseline deployment properties. Based on the mismatch value, an action is determined to improve security of the deployed operating system executed by the endpoint device. The determined action is executed to improve security of the deployed operating system.

Abstract: Disclosed herein are computer-implemented methods of, and computer systems for, constructing dual cryptographic proofs for transactions where transaction data is stored in a cryptographically-linked data file and in an incremental hash tree, where a dual cryptographic proof includes linear cryptographic proof data from the cryptographically-linked transaction file and binary cryptographic proof data from the incremental hash tree. The transaction may include one or more key-value pairs.

Abstract: A mobile device is disclosed. The device includes a communicator, a GPS unit for calculating location information, a memory, a display, and a processor, and the processor is configured to generate movement path information of the mobile device by performing homomorphic encryption of a plurality of pieces of location information stored in the memory, transmit the movement path information to a server apparatus through the communicator, based on operation result data obtained by operating based on the movement path information and comparison target path information being transmitted from the server apparatus, decrypt the operation result data, and output a message notifying whether a route overlaps the comparison target path information based on a decrypted result through the display. Therefore, the route overlap is rapidly and accurately confirmed without invasion of privacy.

Abstract: A method for authenticating a wearable device is disclosed. The method includes: receiving, from a tokenization service provider (TSP), a signal representing a first code derived by the TSP from decrypting a security token previously provisioned in the computing device, wherein the security token was received at a terminal from the computing device and transmitted to the TSP; obtaining, based on the received signal representing the first code, a device identifier of the computing device and an identifier of an account; querying a device database to verify that the computing device is associated with a first status; verifying that the account is enabled for an operation initiated using the computing device; and transmitting an authorization message to the terminal, the authorization message authorizing the operation.

Abstract: A data storage method is provided at a computer system, including: obtaining first data and second data of a target object, the first data and the second data being data of different dimensions for measuring any aspect of the target object from generation to existence; storing the first data and the second data of the target object in the first node; receiving audit information of the first node for indicating the first data and the second data stored in the first node; verifying the audit information based on target audit information of at least one target node that transacts with the first node; broadcasting a verification success notification in the data storage system in a case that the verification succeeds; and determining that a consensus on the audit information is reached in a case that the received verification success notification meets a consensus success condition.

Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.

Abstract: A function is decomposed into a plurality of function shares. The function returns a Boolean result based on whether an input y satisfies a query on a data set. The function shares hide the function from non-collaborating entities that separately execute the function shares. Each of the functions shares are sent to one of a plurality of servers having a same data set. The function shares are executed on the data set at the servers to obtain a respective plurality of shares. A conditional disclosure of secrets operation is simulated on the shares and the input y. The conditional disclosure of secrets operation uses a secret known to at least one of the servers, and further uses a source of randomness shared between the servers. A Boolean value corresponding to the Boolean result is returned based on the conditional disclosure of secrets operation returning the secret.

Abstract: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.

Abstract: A method and system for determining whether a consensus has been achieved for adding a block to a distributed ledger. The system receives a candidate block to add to the distributed ledger and receives block approvals of approving participants for the candidate block. The system calculates a total block approval stake that the approving participants have in the distributed ledger. The system identifies a total stake that participants have in the distributed ledger. When the total block approval stake is at least a threshold fraction of the total skate, the system indicates that the consensus has been achieved for adding the candidate block to the distributed ledger.

Abstract: The invention relates to an authentication device intended to be used with an electronic device comprising a screen and a radio transceiver, the authentication device being characterised in that it comprises a light receiver, disposed on a face of the authentication device intended to be placed facing the screen, a radio transceiver and a memory comprising an encryption key, the authentication device being adapted to receive, via the light receiver, and decode an identification light signal emitted by the screen, the identification light signal encoding a message comprising identification information, broadcasting the identification information via its radio transceiver, receiving, via its radio transceiver, a request to establish a connection from the electronic device and establishing the connection, receiving, via the connection established, a message comprising information to be encrypted, encrypting said information using the encryption key and sending a message to the electronic device, the message comp

Abstract: A method protects a computer asset by identifying a particular signature, which is software that causes a particular gateway to block an intrusion from reaching a particular computer asset, and installs the particular signature on the particular gateway, thus protecting the computer asset from the intrusion.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate end-user defined policy management. An example apparatus includes an edge node interface to detect addition of a networked user device to a service gateway, and to extract publish information from the networked user device. The example apparatus also includes a device context manager to identify tag parameters based on the publish information from the networked user device, and a tag manager to prohibit unauthorized disclosure of the networked user device by setting values of the tag parameters based on a user profile associated with a type of the networked user device.

Abstract: A method including receiving, by a device, a sharing link to be utilized by the device to obtain access to encrypted content, the sharing link including a static portion and a dynamic portion; transmitting, by the device, a request to access the encrypted content, the request being routed based at least in part on the static portion and the request identifying the encrypted content in the dynamic portion; receiving, by the device, access to the encrypted content based at least in part on transmitting the request. Various other aspects are contemplated.

Abstract: To provision a client application on a client device, a user may be provided with a QR code, a one-time password, or a manual entry page for starting a credential provisioning process via a credential provisioning service provided by a credential provisioning server in a secure network. The client application may include information on trusted servers operating in the secure network. The credential provisioning server may operate to perform a sequence of actions to verify user credentials and determine, based on rules applicable to the user, the client device, or a combination thereof, whether the client application is to be provisioned on a client device. If so, the credential provisioning server may operate to generate a key pair, obtain a signed certificate, encrypt them, and send them to the client device such that the client application can use them to establish a mutual secure connection with a trusted server.

Abstract: A method and system for providing secure delivery, transport, modification, exchange of digital design and build files that have been bundled into a digital asset within a complex digital supply chain. The system also provides for quality standards when the digital asset is used to manufacture a physical part, and provides for secure feedback to stakeholders for the purpose of digital logistics, data analytics, or liability. The system includes, but is not limited to, manufacturing, licensing, modification and delegation policy, generating authorization certificates, authenticating manufacturing devices and provide qualitative and quantitative file consumption data.

Abstract: Approaches provide for securing an electronic environment. A threat analysis service can obtain data for devices, users, and threats from disparate sources and can correlate users to devices and threats to build an understanding of an electronic environment's operational, organizational, and security concerns in order to provide customized security strategies and remediations. Additionally, the threat analysis service can develop a model of an electronic environment's behavior by monitoring and analyzing various the data from the data sources. The model can be updated such that the threat analysis service can tailor its orchestration to complement existing operational processes.

Abstract: A plurality of clients including a platform (200) and at least one client (100) communicate with each other in accordance with a publish-subscribe model. A topic common key manager (260) of the platform (200) provides, to the client (100), a topic common key associated with a topic and being for encryption and decryption of a message directed to the topic. A message manager (270) transmits the message encrypted with the topic common key associated with the topic, and decrypts a received message with the topic common key associated with the topic. A topic common key storage (150) of the client (100) stores the topic common key provided from the platform (200) in association with identification information of the topic. A message manager (170) transmits the message encrypted with the topic common key, and decrypts a received message with the topic common key.

Abstract: Methods for applying hop-by-hop security in IAB networks. Integrity protection is applied at a layer below the IP layer for each link in a transmission route. Integrity is verified at the receiving node of each link of a route through an IAB network and if that verification fails the received traffic is discarded.