Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a trusted bridge configured for at least temporary coupling between one or more data sources and a smart contract program of a blockchain. The trusted bridge comprises a secure enclave component and a relay component. Data obtained from a given one of the data sources via the relay component of the trusted bridge is authenticated in the secure enclave component of the trusted bridge. Information based at least in part on the data authenticated in the secure enclave component of the trusted bridge is provided to the smart contract program of the blockchain via the relay component of the trusted bridge. The secure enclave component illustratively receives a request for authenticated data from the blockchain smart contract program via the relay component, and responds to the request via the relay component.

Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a trusted bridge configured for at least temporary coupling between one or more data sources and a smart contract program of a blockchain. The trusted bridge comprises a secure enclave component and a relay component. Data obtained from a given one of the data sources via the relay component of the trusted bridge is authenticated in the secure enclave component of the trusted bridge. Information based at least in part on the data authenticated in the secure enclave component of the trusted bridge is provided to the smart contract program of the blockchain via the relay component of the trusted bridge. The secure enclave component illustratively receives a request for authenticated data from the blockchain smart contract program via the relay component, and responds to the request via the relay component.

Abstract: The present invention is direct to a two-mode blockchain consensus protocol and a system implementing such a protocol. The system includes a plurality of node computers (and a communications network connecting the plurality of node computers. The plurality of node computers includes a first node computer, a collecting node computer, a committee of node computers, and one or more node computers that operate based on proof of work algorithms. Each node computer in the plurality includes a blockchain consensus software application running on the processor of the node computer. The blockchain consensus software application is adapted to connect to the plurality of node computers that are connected to the communications network. The blockchain consensus software application implements the two-mode blockchain consensus protocol. Through the software application, the plurality of node computers operate to reach a consensus on adding data to a public ledger.

Abstract: The present invention is directed blockchain systems and censuses protocols that adopt a pipelining technique. The systems and protocols involve a committee of consensus nodes that include proposer nodes and voter nodes. Each proposer node can send two or more unnotarized proposals to the voter nodes, and the voter nodes can vote on an unnotarized proposal when they have the same freshest notarized chain or block. A sequence number is provided to facilitate the operation of the systems and protocols. The sequence number can be used to determine the freshest notarized chain or block and the finalized chain and switch proposer node. The systems and protocols also provide other features such as chain syncer, committee election scheme, and committee reconfiguration. The systems and protocols further provide a simple finalization process and thus have a low finalization time.

Abstract: The present invention is direct a two-mode blockchain consensus protocol and a system implementing such a protocol. The system includes a plurality of node computers (and a communications network connecting the plurality of node computers. The plurality of node computers includes a first node computer, a collecting node computer, a committee of node computers, and one or more node computers that operate based on proof of work algorithms. Each node computer in the plurality includes a blockchain consensus software application running on the processor of the node computer. The blockchain consensus software application is adapted to connect to the plurality of node computers that are connected to the communications network. The blockchain consensus software application implements the two-mode blockchain consensus protocol. Through the software application, the plurality of node computers operate to reach a consensus on adding data to a public ledger.

Abstract: The present invention is directed blockchain systems and censuses protocols that adopt a pipelining technique. The systems and protocols involve a committee of consensus nodes that include proposer nodes and voter nodes. Each proposer node can send two or more unnotarized proposals to the voter nodes, and the voter nodes can vote on an unnotarized proposal when they have the same freshest notarized chain or block. A sequence number is provided to facilitate the operation of the systems and protocols. The sequence number can be used to determine the freshest notarized chain or block and the finalized chain and switch proposer node. The systems and protocols also provide other features such as chain syncer, committee election scheme, and committee reconfiguration. The systems and protocols further provide a simple finalization process and thus have a low finalization time.

Abstract: The present blockchain systems and censuses protocols involve a committee of consensus nodes to notarize candidate blocks. The committee includes proposers and votes. A proposer can send an unnotarized proposal to the voters, and the voters can vote on an unnotarized proposal when the voter and the proposer have substantially the same freshest notarized chain. After receiving enough votes for the proposal, the proposal is notarized and added to the blockchain maintained by the systems and protocols. Epoch is provided to facilitate the operation of the systems and protocols. Epoch includes a value identifying a proposer and defines a duration in which the transmission and voting of the proposal can be completed. The time parameter can be used to determine the freshest notarized chain and the finalized chain. The finalized chain is determined by excluding a number of consecutive blocks with consecutive epoch values from the notarized chain.

Abstract: The present invention is directed blockchain systems and censuses protocols that adopt a pipelining technique. The systems and protocols involve a committee of consensus nodes that include proposer nodes and voter nodes. Each proposer node can send two or more unnotarized proposals to the voter nodes, and the voter nodes can vote on an unnotarized proposal when they have the same freshest notarized chain or block. A sequence number is provided to facilitate the operation of the systems and protocols. The sequence number can be used to determine the freshest notarized chain or block and the finalized chain and switch proposer node. The systems and protocols also provide other features such as chain syncer, committee election scheme, and committee reconfiguration. The systems and protocols further provide a simple finalization process and thus have a low finalization time.

Abstract: The present invention is direct a two-mode blockchain consensus protocol and a system implementing such a protocol. The system includes a plurality of node computers (and a communications network connecting the plurality of node computers. The plurality of node computers includes a first node computer, a collecting node computer, a committee of node computers, and one or more node computers that operate based on proof of work algorithms. Each node computer in the plurality includes a blockchain consensus software application running on the processor of the node computer. The blockchain consensus software application is adapted to connect to the plurality of node computers that are connected to the communications network. The blockchain consensus software application implements the two-mode blockchain consensus protocol. Through the software application, the plurality of node computers operate to reach a consensus on adding data to a public ledger.

Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a trusted bridge configured for at least temporary coupling between one or more data sources and a smart contract program of a blockchain. The trusted bridge comprises a secure enclave component and a relay component. Data obtained from a given one of the data sources via the relay component of the trusted bridge is authenticated in the secure enclave component of the trusted bridge. Information based at least in part on the data authenticated in the secure enclave component of the trusted bridge is provided to the smart contract program of the blockchain via the relay component of the trusted bridge. The secure enclave component illustratively receives a request for authenticated data from the blockchain smart contract program via the relay component, and responds to the request via the relay component.

Abstract: One embodiment of the present invention provides a system for detecting insider attacks in an organization. During operation, the system collects data describing user activities. The system extracts information from the data that includes user information and user communications. The system then generates a topic-specific graph based on the extracted information. The system analyzes a structure of the graph to determine if one or more rules have been violated. The system may determine that a rule associated with the graph has been violated and signal an alarm in response to detecting the rule violation.

Abstract: One embodiment of the present invention provides a system for detecting insider attacks in an organization. During operation, the system collects data describing user activities. The system extracts information from the data that includes user information and user communications. The system then generates a topic-specific graph based on the extracted information. The system analyzes a structure of the graph to determine if one or more rules have been violated. The system may determine that a rule associated with the graph has been violated and signal an alarm in response to detecting the rule violation.

Abstract: A private stream aggregation (PSA) system contributes a user's data to a data aggregator without compromising the user's privacy. The system can begin by determining a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero. The system also selects a set of data values associated with the local user. Then, the system encrypts individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value. The system also sends the set of encrypted data values to the data aggregator.

Abstract: A recommender system can generate a predicted item rating for one user by performing collaborative filtering on item ratings from other users. The recommender system can include a client device that interfaces with a server to obtain a predicted item rating for a local user. The client device can generate a standardized ratings vector for the user, and computes a group identifier for the user based on the standardized ratings vector. The system also generates a noisy ratings vector for the local user, and sends a user-ratings snapshot to a recommendation server that includes the group identifier and the noisy ratings vector. The recommender system can also include the recommendation server that generates a predicted item rating for the user by performing collaborative filtering on ratings vectors from a plurality of other users that belong to the same ratings group.

Abstract: A recommender system can generate a predicted item rating for one user by performing collaborative filtering on item ratings from other users. The recommender system can include a client device that interfaces with a server to obtain a predicted item rating for a local user. The client device can generate a standardized ratings vector for the user, and computes a group identifier for the user based on the standardized ratings vector. The system also generates a noisy ratings vector for the local user, and sends a user-ratings snapshot to a recommendation server that includes the group identifier and the noisy ratings vector. The recommender system can also include the recommendation server that generates a predicted item rating for the user by performing collaborative filtering on ratings vectors from a plurality of other users that belong to the same ratings group.

Abstract: Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system receives a request to access the controlled resources. The system then determines a user behavior score based on a user behavior model, and recent contextual data about the user. The user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern. The recent contextual data, which comprise a plurality of data streams, are collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication. The plurality of data streams provide basis for determining the user behavior score, but a data stream alone provides insufficient basis for the determination of the user behavior score. The system also provides the user behavior score to an access controller of the controlled resource.

Abstract: Embodiments of the present disclosure provide a method and system for protecting privacy by generating artificial contextual data. The system collects real contextual data related to a user. The system then generates artificial contextual data, based on the collected real contextual data. The system also groups the generated contextual data into one or more groups. Each group of contextual data corresponds to a persona that can be presented as the user's persona. Subsequently, the system transmits the generated contextual data to an entity, thereby allowing the user to obscure the real contextual data related to the user.

Abstract: A private stream aggregation (PSA) system contributes a user's data to a data aggregator without compromising the user's privacy. The system can begin by determining a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero. The system also selects a set of data values associated with the local user. Then, the system encrypts individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value. The system also sends the set of encrypted data values to the data aggregator.

Abstract: Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system first receives a request to access the controlled resource from a user. Then, the system determines whether the user request is inconsistent with regular user behavior by calculating a user behavior measure derived from historical contextual data of past user events. Next, responsive to the determined inconsistency of the user request, the system collects current contextual data of the user from one or more user devices without prompting the user to perform an explicit action for authentication. The system further updates the user behavior measure based on the collected current contextual data, and provides the updated user behavior measure to an access controller of the controlled resource to make an authentication decision based at least on the updated user behavior measure.

Abstract: Embodiments of the present disclosure provide a method and system for protecting privacy by generating artificial contextual data. The system collects real contextual data related to a user. The system then generates artificial contextual data, based on the collected real contextual data. The system also groups the generated contextual data into one or more groups. Each group of contextual data corresponds to a persona that can be presented as the user's persona. Subsequently, the system transmits the generated contextual data to an entity, thereby allowing the user to obscure the real contextual data related to the user.