Abstract: The present disclosure relates to a computer-implemented method for authenticating a transaction over a secure network. The method comprises receiving, by a first authentication server, a sensitive data payload and a cryptogram, wherein the first authentication server is configured to either receive or generate a token associated with the sensitive data payload; transmitting, by the first authentication server, the token and the cryptogram to a second authentication server, wherein the second authentication server is configured to validate the token and the cryptogram and generate a first message including a validation result; transmitting, by the second authentication server, the first message to an issuer server to authenticate the transaction; and reviewing, by the issuer server, the validation result and generating an authentication value including a validation flag based on the review of the validation result.

Abstract: Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.

Abstract: Example methods are provided for virtual machine introspection in which a guest monitoring mode (GMM) module monitors the execution of guest calls by an agent that resides in a virtual machine (VM). The GMM module sets a bit in bit mask that corresponds to a guest call that the agent needs to execute, and inserts an invisible breakpoint in the code of the guest call. If the GMM module detects that despite the setting of the bit in the bit mask, the agent does not complete the execution of the code (due to the invisible breakpoint not being triggered), then the GMM module considers this condition as a potential hijack of the VM by malicious code.

Abstract: Examples disclosed herein relate to a computing device that includes a central processing unit, a management controller separate from the central processing unit, and a security co-processor. The management controller is powered using an auxiliary power rail that provides power to the management controller while the computing device is in an auxiliary power state. The security co-processor includes device unique data. The management controller receives the device unique data and stores a representation at a secure location. At a later time, the management controller receives endorsement information from an expected location of the security co-processor. The management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information and the stored representation of the device unique data.

Abstract: In one embodiment, method includes receiving, by a first network apparatus, a first multicast message from a second network apparatus. The first multicast message includes attestation-capability information associated with the second network apparatus and an attestation token. The attestation token is for proving that the second network apparatus is in a known safe state. The method also includes determining, by the first network apparatus, that the attestation-capability information satisfies a pre-determined attestation capability requirement and determining, by the first network apparatus, that the attestation token is valid for the second network apparatus at a current time. The method further includes establishing, by the first network apparatus, an adjacency to the second network apparatus.

Abstract: Disclosed herein are methods, systems, and processes for automated log entry identification and alert management. A log statement that includes a log format string and is part of program code associated with a computer program is accessed at a log management server. The execution of the log statement generates a log string that is associated with a trigger pattern of an alert configuration. A fixed part of the log format string that remains unchanged during execution of the log statement when the program code associated with the computer program is executed is extracted and a template is generated for the log statement to track changes to the fixed part of the log format string that causes a mismatch between the trigger pattern of the alert configuration and the log string. The template is then stored.

Abstract: Disclosed herein are methods, systems, and processes for automated log entry identification and alert management. A log statement that includes a log format string and is part of program code associated with a computer program is accessed at a log management server. The execution of the log statement generates a log string that is associated with a trigger pattern of an alert configuration. A fixed part of the log format string that remains unchanged during execution of the log statement when the program code associated with the computer program is executed is extracted and a template is generated for the log statement to track changes to the fixed part of the log format string that causes a mismatch between the trigger pattern of the alert configuration and the log string. The template is then stored.

Abstract: This disclosure provides techniques for recovering a root key from measurement of a circuit function. In some embodiments, a checkpointing feature is used to periodically mark measurements of this function and thereby track drift in the value of the root key over the life of a digital device; the checkpointing feature permits rollback of any measurement of the function in a manner that negates incremental drift and permits recovery of the root key for the life of a device (e.g., an IC circuit or product in which the IC is embedded). This disclosure also provides novel PUF designs and applications.

Abstract: An embodiment of a method of providing identity assurance for a decentralized application (DApp) includes executing, by at least one distributed node of a blockchain system, an entitlement contract stored on the blockchain to perform a read call from a DApp contract stored on the blockchain, the read call including an address signing a transaction to the DApp contract. Performing the read call may include reading a list of registered addresses stored on the blockchain, determining whether the list includes the signing address; and providing an output indicating whether the list includes the signing address. The method may further include executing, by the at least one distributed node, a registry contract stored on the blockchain to perform a read call from the DApp contract, the read call including an identifier of the decentralized application.

Abstract: An integrated supply platform system may include a blockchain database maintained by a blockchain network having a plurality of nodes. A plurality of tokens may be maintained in the blockchain database. The system may include smart contracts describing a deal between one or more users, and the smart contracts may be configured to transfer at least one token between the users upon completion of the deal. The system may include communication logic which may be executable by a processor of a client device and configured to communicate data of the smart contract between the client device and the blockchain database. A virtual machine logic may be stored in a memory of a node of the blockchain network. The virtual machine logic may be executable by a processor of the node of the blockchain network and configured to incorporate the data of the smart contract into the blockchain database.

Abstract: Disclosed are a method for automatically encrypting a short message, a storage device and a mobile terminal. The method comprises: matching a number and content of a short message respectively with a pre-set short message encryption number group and a key word database; if the matching succeeds, performing encryption processing on the short message; and distributing the short message to an application program having the authority to monitor the short message. The short message content is encrypted before the application program receives the short message, preventing important information from being maliciously stolen by the application program.

Abstract: A secure computation device obtains concealed information {M(i0, . . . , iS?1)} of a table M(i0, . . . , iS?1) having one-variable function values as its members. It is to be noted that M(ib, 0, . . . , ib, S?1) generated by substituting counter values ib, 0, . . . , ib, S?1 into the table M(i0, . . . , iS?1) represents a matrix Mb, ?, ?, which is any one of Mb, 2, 1, . . . , Mb, 3, 2. The secure computation device obtains concealed information {Mb, ?, ?} by secure computation using concealed information {ib, 0}, . . . , {ib, S?1} and the concealed information {M(i0, . . . , iS?1)}, and obtains concealed information {Mb, ?, MU} of a matrix Mb, ?, MU, which is obtained by execution of a remaining process including those processes among a process Pj, 1, a process Pj, 2, a process Pj, 3, and a process Pj, 4, that are performed subsequent to a process P?, ?.

Abstract: A method comprising receiving, by a one-time pad (OTP) hub, from a first user of a computer network, a communication encrypted with an OTP associated with said first user, wherein said communication is intended for a second user; encrypting, by said hub, said communication with an OTP associated with said second user; decrypting, by said hub, said communication with an OTP associated with said first user; and delivering said communication to said second user.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A method is disclosed. The method includes receiving, by a token service computer, a token request message, the token request message being originated from a token requestor computer. The method also includes determining, by the token service computer, two or more access tokens based upon a single credential, and then transmitting the two or more access tokens to the token requestor computer in a token response message.

Abstract: A system and method for public API authentication by an API server includes receiving from a client/app a PK request for a Partial Key (PK), having a User ID, Session ID, rolling hash function (Fn2) version defining a client/app hash function (Fn2), and a received Temporary Key (TK); validating the received TK using Fn2 with the Session ID and either an Initial Key (IK) or a current PK; when the TK validation is complete, sending a PK calculated using a PK hash function (Fn1) with the User ID and a slot-generated rolling random number; receiving an API request for an API service having the User ID, Session ID, Fn2 version, and a received Authorization Key (AK); validating the received AK using Fn2 with the Session ID and the current PK; and when AK validation is complete, sending a successful response from the API service.

Abstract: Methods and apparatus for implementing and controlling a firewall in a router, e.g., a home router, are described. Network traffic through a router is monitored and analyzed the network to identify devices and the type of one or more of the identified devices. In some embodiments, the device type identification is performed using a neural network. The router stores a set of firewall templates. At different times a different templates are applied, e.g. based on mode of operation, user selection, and/or time information. Rules in a firewall template, applicable at a given time to traffic corresponding to identified devices, that are attempting to send or receive via the router, are applied. Different rules may, and sometimes do, apply to different device type classifications.

Abstract: A mobile device enabled tiered data exchange via a vehicle is disclosed. A mobile device can access profile information related to a tiered-data sharing profile. The tiered-data sharing profile can associate data with a sharing tier designating security, privacy, or authorization constraints on sharing the associated data. A sharing tier can further designate obfuscation of the data as a constraint on sharing the data. The mobile device can enable access to the data subject to the constraints of the tiered-data sharing profile. In an embodiment, tiered data can be shared from the mobile device to an external service device via vehicle device. In another embodiment, tiered data can be shared from the mobile device to a service device of the vehicle.

Abstract: Methods and apparatuses are described to enable an access point to communicate privacy settings and disclaimer to an electronic device. An AP transmits an indication that the AP supports communication of privacy settings and privacy disclaimer. The AP receives, from an electronic device, a request for information about the privacy settings and privacy disclaimer associated with the AP. The AP transmits, to a network server such as an ANQP server, a query request for information about the privacy settings and privacy disclaimer associated with the AP. The AP receives, from the network server, a query response including information about the privacy settings and privacy disclaimer associated with the AP. The AP transmits, to the device, a response including information about the privacy settings and privacy disclaimer associated with the AP.

Abstract: An approach for securely accessing self-sovereign data via a bot-chain ledger may be provided. A bot may request access to a piece distributed data at a bot-chain client. A bot registry service may validate the requesting bot is registered with the bot-ledgering client. The bot-ledgering client may generate a token for the requesting bot and provide the identity of a data bot with permission to access the piece of distributed data. A data bot may request to read the piece of distributed data at the bot-ledgering client. The bot-ledgering client may verify the data bot is registered with the bot-chain. The bot-ledgering client may generate an access token and send it to the data bot.