Abstract: A system, a computer readable storage medium, and methods for delivering content from a zero-knowledge edge server node in a content delivery network to an end user device, ensuring content control by a content provider (i.e. reduce piracy) while ensuring privacy of an end user device. One method includes publicizing that a particular content is available for download from the server node; initiating with the server node a communication session using a zero-knowledge protocol between the end user device and the server node operating in zero knowledge; downloading, while in the communication session, the particular content from the server node to the end user device; and receiving a response message from the end user device, including an indication of a content media player application, using the particular content, successfully executed at the end user device. The indication can be accompanied by a cryptographically verifiable proof of integrity.

Abstract: An example operation may include one or more of receiving a vehicle request from a user device, upon arrival of a vehicle to a requested location, comparing vehicle cryptographic hash key information associated with the vehicle with user device cryptographic hash key information to identify a current status of the vehicle, determining whether the current status of the vehicle passes an appraisal standard stored in a smart contract, and when the current status of the vehicle is identified as passing the appraisal standard and the cryptographic hash key information associated with the vehicle matches the user device cryptographic hash key information, notifying the user device of an approval of the appraisal standard.

Abstract: A third party intermediary and a data protection method, system, and non-transitory computer readable medium, include executing a program, via the processor, using zero-knowledge verifiable computing to remove private content from a pre-approved version of a content to ensure privacy of a condition of a user from a provider of the content.

Abstract: A third party intermediary and a data protection method, system, and non-transitory computer readable medium, include a content request receiving circuit configured to receive a service request from a user, to communicate the service request to a provider, and to receive pre-approved versions of content from the provider, a content matching circuit configured to match a pre-approved version of content of the pre-approved versions of content to the user based on a condition of the user, a user data receiving circuit configured to receive user data to complete the pre-approved version of the content, and a zero-knowledge verifiable computing circuit configured to execute a program using zero-knowledge verifiable computing to remove private content from the pre-approved version of the content to ensure privacy of the condition of the user from the provider.

Abstract: A method, apparatus and computer program product to detect whether specific sensitive data of a client is present in a cloud computing infrastructure is implemented without requiring that data be shared with the cloud provider, or that the cloud provider provide the client access to all data in the cloud. Instead of requiring the client to share its database of sensitive information, preferably the client executes a tool that uses a cryptographic protocol, namely, Private Set Intersection (PSI), to enable the client to detect whether their sensitive information is present on the cloud. Any such information identified by the tool is then used to label a document or utterance, send an alert, and/or redact or tokenize the sensitive data.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: A computer-implemented method validates firmware levels for peer-to-peer communication in a network. Communication rules between a first device and a second device are utilized to validate firmware levels between the first device and the second device on a network using zero knowledge communication authentications. Communication between the first device and the second device via the network is disabled in response to determining that firmware in the first device is not compatible with firmware in the second device.

Abstract: Methods for secure data monitoring utilizing secure private set intersections are disclosed. In embodiments, a computer-implemented method includes: generating a garbled circuit program compiled into a first and second half; sending the second half of the garbled circuit program to a client server of a client; receiving social network data from a social network provider; and generating search results, utilizing the first half of the garbled circuit program in cooperation with the second half of the garbled circuit program, based on client data input at the second half of the garbled circuit program. The client data is private with respect to the social network provider and the social network data is private with respect to the client.

Abstract: Systems for secure data monitoring utilizing secure private set intersections are disclosed. In embodiments, program instructions are executable by a computing device to cause the computing device to: generate a garbled circuit program compiled into a first half and a second half; send the second half of the garbled circuit program to a client server of a client; receive social network data from a social network provider; index, utilizing the first half of the garbled circuit program in cooperation with the second half of the garbled circuit program at the client server, the social network data based on predetermined intent categories; and generate search results, utilizing the first half of the garbled circuit program in cooperation with the second half of the garbled circuit program at the client server, based on client data at the second half of the garbled circuit program.

Abstract: Methods for cellular network authentication utilizing unlinkable anonymous credentials are disclosed. In embodiments, a method includes: contacting, by a computing device, a mobile device network with a request to connect to the mobile device network; conducting, by the computing device, an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; and connecting, by the computing device, to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential.

Abstract: Systems for cellular network authentication utilizing unlinkable anonymous credentials are disclosed In embodiments, a computer program product is provided including a computer readable storage medium having program instructions embodied therewith. The program instructions are executable by a computing device to cause the computing device to: contact a mobile device network with a request to connect to the mobile device network; conduct an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; connect to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential; and store a temporary mobile subscriber identity assigned to the mobile device by the mobile device network, wherein the temporary mobile subscriber identity is filled with a null value.

Abstract: A method, system, and computer program product for performing strong desensitization of sensitive data within a garbled circuit includes: compiling a predetermined program into a first program, where the compiled first program is encoded in a form of a garbled circuit, and where the predetermined program runs on sensitive data; and executing the first program, where executing the first program includes: executing an analytics function using tokenized data with a first set of sensitive information and analytics data with a second set of sensitive information, where the tokenized data originated from a data provider and the analytics data originated from an analytics provider; and generating an output of the first program using a result of the analytics function, where the output contains desensitized data.

Abstract: A method, system, and computer program product for performing strong desensitization of sensitive data within a garbled circuit includes: compiling a predetermined program into a first program, where the compiled first program is encoded in a form of a garbled circuit, and where the predetermined program runs on sensitive data; and executing the first program, where executing the first program includes: executing an analytics function using tokenized data with a first set of sensitive information and analytics data with a second set of sensitive information, where the tokenized data originated from a data provider and the analytics data originated from an analytics provider; and generating an output of the first program using a result of the analytics function, where the output contains desensitized data.

Abstract: An example operation may include one or more of connecting, by a multi-party smart contract server, to a blockchain network configured to store cryptographic proofs, generating, by the multi-party smart contract server, a proposed transaction, providing, by the multi-party smart contract server, the proposed transaction to a plurality of participant nodes, receiving, by the multi-party smart contract server, responses to the proposed transaction from the participant nodes, executing, by the multi-party smart contract server, a smart contract to request from respondent participant nodes attestations of required conditions of the smart contract, receiving and verifying, by the multi-party smart contract server, the attestations from the respondent participant nodes, and executing the proposed transaction and posting a cryptographic proof of a successful execution to the blockchain, by the multi-party smart contract server, in response to a satisfaction of the required conditions of the smart contract.

Abstract: A trusted computing environment may be dynamically certified by providing a selectable boot option that controls running a loadable boot image in one of a test mode and a production mode. The test mode may automate running a processing standard validation test to obtain a processing standard validation test result. Responsive to running the processing standard validation test with a successful test result, a record indicating the successful test result and the loadable boot image is stored within the trusted computing environment, utilizing a certification process. Responsive to running the production mode, the trusted computing environment and the loadable boot image may be loaded.

Abstract: A computer-implemented method includes crawling, by a web crawler, one or more webpages to gather information, resulting in gathered information. The computer-implemented method includes obtaining, by a honeypot logger, activity log data of one or more hackers that access a portion of honeypot content deployed by a honeypot. The computer-implemented method includes dynamically configuring, by a machine capable of learning, the honeypot using the activity log data and the gathered information.

Abstract: A method, system and computer program product for providing an attestation of an operating environment. The method begins with booting, with a secure boot process with attestation, at least one processor with secure processor technology that allows user-level code to allocate private regions of memory which are protected from processes running at higher privilege levels. Next, one or more operating system containers are loaded in a server or a virtual machine. Each of the one or more operating system containers use each of their own process space and network space in order to operate on a single operating system kernel without creating separate virtual machines. If a set of one or more conditions of booting and loading has been satisfied using zero-knowledge verifiable computing then an attestation is sent calculated using a zero-knowledge verifiable computing technique to a second processor-based device.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with the processing circuit, executable by the processing circuit, or integrated with and executable by the processing circuit. The logic is configured to cause the processing circuit to limit functionality of a remote controlled device during periods of time that a user of the remote controlled device is not authenticated, and to receive identity information of the user of the remote controlled device via an authentication process, with the identity information establishing an identity of the user. Also, the logic is configured to cause the processing circuit to authenticate the user prior to allowing full functionality of the remote controlled device, send an indication of the identity of the user to the remote controlled device, and provide full functionality of the remote controlled device to the user in response to successfully authenticating the user.

Abstract: An example operation may include one or more of receiving a vehicle request from a user device, upon arrival of a vehicle to a requested location, comparing vehicle cryptographic hash key information associated with the vehicle with user device cryptographic hash key information to identify a current status of the vehicle, determining whether the current status of the vehicle passes an appraisal standard stored in a smart contract, and when the current status of the vehicle is identified as passing the appraisal standard and the cryptographic hash key information associated with the vehicle matches the user device cryptographic hash key information, notifying the user device of an approval of the appraisal standard.

Abstract: A method securely manages smart card transactions. A processing entity receives a smart card identifier from a smart card, where the smart card is a virtual card on a mobile computing device that comprises a processor, where the smart card identifier is a transaction-specific identifier for a transaction. A protected application is received at the mobile computing device, where a received protected application initially cannot be utilized by an operating system for execution by the processor. A security object is received at the mobile computing device, where the security object is used to convert the received protected application into an executable application that can be utilized by the operating system for execution by the processor. The processor executes the executable application to act as the virtual card, where the virtual card provides a functionality of a predefined physical electronic card.