Abstract: Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.

Abstract: The present disclosure provides methods and devices for key management. In one example, a method of key management comprises: obtaining, at a user device, a number of users in a group of users and a minimum number of users for restoring a transaction key; randomly generating the transaction key; splitting the transaction key into a plurality of sub-keys, the number of sub-keys being the same as the number of users; and sending the plurality of sub-keys to a management device, each of the plurality of sub-keys being encrypted with a public key of a user corresponding to a sub-key.

Abstract: Network traffic through a router, e.g., home router, operating as a firewall is monitored and analyzed the network to identify devices and the type of one or more of the identified devices. In some embodiments, the device type identification is performed using a neural network. The router stores a set of firewall templates. At different times, different templates are applied, e.g. based on mode of operation, user selection, and/or time information. Rules in a firewall template, applicable at a given time to traffic corresponding to identified devices, that are attempting to send or receive via the router, are applied. Different rules may, and sometimes do, apply to different device type classifications.

Abstract: Access to a linked resource may be protected using a time-based transformation of links to the resource. A linked resource may be transmitted to a browser in a markup language page. Information indicative of a time-based transformation of a link may be transmitted to the browser in the markup language page, or separately from the markup language page. The time-based transformation may be applied to the transmitted link. The transformed link may be requested, and compared to a version of the link that has been transformed, using the time-based transformation with respect to the time the request is received.

Abstract: Access to blockchain data may be removed by deleting an encryption key held in a remote server. Incoming data is stored in the blockchain after being encrypted at the key server. An ordinary blockchain user gains access to the data, after forwarding the encrypted data to the remote key server for decryption. Upon receipt of an input (e.g., time stamp), the key server deletes the key. Thereafter, the encrypted data on the blockchain is rendered inaccessible to the ordinary blockchain data user. At no point, does the ordinary data user have access to the key stored in the remote server. Embodiments may find particular use in removing access to personal data stored in a blockchain following the elapse of a predetermined amount of time, as may be required by privacy laws. Granular control over data access can may be afforded through the use of composite keys and/or key hierarchies.

Abstract: Technologies are shown for system level function based access control for smart contract execution on a blockchain. Access control rules control function calls at a system level by utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for execution of a smart contract. The access control rules are applied to the function call stack to allow or prohibit specific functions or function call chains. Access control rules can also define allowed or prohibited parameter data in the function call chain. If the function call chain or parameters do not meet the requirements defined in the access control rules, then the function call can be blocked from executing or completing execution. The access control rules can produce sophisticated access control policies based on complex function call chains.

Abstract: Technologies are shown for HGM based control for smart contract execution. HGM control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The HGM control rules are applied to HGMs collected from the call stack to allow or prohibit specific HGMs observed in functions or function call chains. HGM control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the HGM control rules, then the function call can be blocked from executing or completing execution. The HGM control rules can be generated by executing known sets of acceptable or vulnerable smart contracts and collecting the resulting HGMs.

Abstract: Method and system for improving the security of storing digital data in a memory or its delivery as a message over the Internet from a sender to a receiver using one or more hops is disclosed. The message is split at the sender into multiple overlapping or non-overlapping slices according to a slicing scheme, and the slices are encapsulated in packets each destined to a different relay server as an intermediate node according to a delivery scheme. The relay servers relay the received slices to another other relay server or to the receiver. Upon receiving all the packets containing all the slices, the receiver combines the slices reversing the slicing scheme, whereby reconstructing the message sent.

Abstract: A trust token may be created including authentication data for a user and his or her associated communication device. The trust token may be transmitted by the communication device to one or more recipients, such as a token server. The recipients may interpret the trust token and verify it against data written to one or more nodes of a blockchain when the user and the communication device registered for the trust token. Once the trust token is verified, the token server may be configured to generate, maintain, and provision account tokens representing sensitive data. The token server may push one or multiple account tokens to the communication device, thereby allowing the communication device to perform transactions with the account tokens. In other words, the implementation of a trust token may allow the communication device to be provisioned with multiple account tokens, without requiring multiple logins or transmissions of sensitive data.

Abstract: A method is disclosed. The method includes receiving, by a token service computer, a token request message, the token request message being originated from a token requestor computer. The method also includes determining, by the token service computer, two or more access tokens based upon a single credential, and then transmitting the two or more access tokens to the token requestor computer in a token response message.

Abstract: A side-channel attack countermeasure that leverages implementation diversity and dynamic partial reconfiguration as mechanisms to reduce correlation in the power traces measured during a differential power analysis (DPA) attack. The technique changes the underlying hardware implementation of any encryption algorithm using dynamic partial reconfiguration (DPR) to resist side-channel-based attacks.

Abstract: A method and apparatus for performing multi-factor authentication of a merchant system by a commerce platform are described. The method may include authenticating the commerce platform to a cloud services provider, the cloud services provider providing a private communications network for use by the commerce platform and the merchant system. The method may also include receiving, by the commerce platform, an authentication request from the merchant system, wherein the request received from the merchant system originates from the private communications network provided by the cloud services provider, and wherein the authentication request uses an encryption key.

Abstract: Methods and systems are described for performing multifactor authentication. An authentication code may be encrypted in optical indica. Optionally, Advanced Encryption Standard (AES), Rivest-Shamir-Adleman (RSA), DES (Data Encryption Standard), and/or a hashing function may be utilized to encrypt the authentication code. An image of the authentication code may be captured from a device having a display using a digital camera. The image may be in a compressed format and transmitted over a network to an image analysis system. The image analysis system may decode the optical indicia to obtain the encoded authentication data and may perform decryption on the decoded data. If a hashing function is utilized to encrypt the authentication data, the encoded authentication data may be compared to a hash of stored authentication data. If needed, the image analysis system may perform image enhancement prior to performing decoding, including contrast enhancement, deblurring, and/or image rotation.

Abstract: The invention relates to a method, a non-transitory computer program product, and an apparatus for encrypting and decrypting physical-address information. The method includes: receiving a first read command requesting of the flash controller for first physical block addresses (PBAs) corresponding to a logical block address (LBA) range from a host side, wherein each first PBA indicates which physical address that user data of a first LBA of the LBA range is physically stored in a flash device; reading the first PBAs corresponding to the LBA range from the flash device; arranging the first PBAs into entries; encrypting content of each entry by using an encryption algorithm with an encryption parameter to obtain an encrypted entry; and delivering the encrypted entries to the host side.

Abstract: Some systems and/or methods are configured to receive sensitive data from a vendor, determine a token key for the vendor, and utilize a proprietary algorithm, based on the token key to generate a vendor-specific token that is associated with the sensitive data. A token identifier may be created that comprises data related to the token key sending the vendor-specific token and the token identifier to the vendor.

Abstract: An example operation may include one or more of receiving, by a first node, a freshness of goods data from a second node over a blockchain, and executing, by the first node, a smart contract to: calculate an initial order quantity based on a pre-set critical order number and a non-expiring goods order quantity and alter a final order quantity based on the initial order quantity and the freshness of the goods data.

Abstract: A method of securely exchanging a session token for a claims-based token by a plug-in integrated into an extensible system includes the steps of: transmitting, to an extensible system server of the extensible system, the session token and a request for a first claims-based token that corresponds to the session token and that is cryptographically signed by an authentication server; acquiring, from the extensible system server, the first claims-based token; transmitting, to the authentication server, the first claims-based token and a request for a second claims-based token; and receiving, from the authentication server, the second claims-based token, wherein the second claims-based token is cryptographically signed by the authentication server, and wherein if the second claims-based token is transmitted to a resource provider server hosting a resource provider service, the resource provider service performs a requested operation on behalf of an interactive user of the extensible system.

Abstract: Systems and methods for enabling a blockchain-based secure, anonymizing message bus are disclosed. An example method includes sharing public keys associated with messaging participants for communicating information using a message-bus smart contract implemented on a blockchain network. The method also includes a first participant sending a message via a smart contract call against an instance of the message-bus smart contract, and a second participant determining and receiving the message using the blockchain network.

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating an adversarially resistant model. In one embodiment, a novel architecture is presented that enables the identification of an image that has been adversarially attacked. The system and method used in the identification introduce the use of a denoising module used to reconstruct the original image from the modified image received. Then, further to the reconstruction, an adversarially trained model is used to make a prediction using at least a determination of a loss that may exist between the original image and the denoised image.

Abstract: Disclosed is a method of loading a signature rule and a network device thereof. According to an example of the method, the network device may first receive a signature rule library sent by a cloud server, wherein the signature rule library contains one or more signature rules, each of which is associated with corresponding device type configuration information. The network device may determine for each signature rule whether device type configuration information associated with the signature rule matches local device type configuration information of the network device. If the device type configuration information associated with the signature rule matches the local device type configuration information of the network device, the network device may load the signature rule.