Abstract: A method for providing a blockchain network capable of optimizing storage used by service nodes in the blockchain network is provided. The method includes steps of: (a) a specific service node among the service nodes, wherein the specific service node is configured to optimize its storage if one of optimization conditions is satisfied, generating blocks while synchronizing with other service nodes; and (b) the specific service node (b1) determining whether one of the optimization conditions is satisfied, by referring to one of (i) (i-1) a latest-block number of a latest block among the blocks and (i-2) a predetermined threshold number, and (ii) a predetermined threshold time and (b2) if one of the optimization conditions is satisfied, applying storage-optimizing operation to information on transactions in target blocks which are part of the blocks not optimized, wherein the target blocks are determined by referring to one of (i) and (ii).

Abstract: A wireless apparatus includes a physical housing, communication circuitry provided in the physical housing, a transmission data inputter provided on the physical housing, and a transmission data generator provided in the physical housing, the transmission data generator including a proximity analyzer configured to detect whether the wireless apparatus is within range of a network; a non-standard preamble pattern generator configured to selectively generate, based on whether the proximity analyzer detects that the wireless apparatus is within range of the network, a data packet preamble having a non-standard preamble pattern in which at least two bits that are adjacent to each other within a series of bits have a same value as each other, and a packet encoder configured to generate data packets including the data packet preamble having the non-standard preamble pattern and raw transmission data.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically implement and manage hash-based consent and permissioning protocols. By way of example, an apparatus may obtain consent data that identifies one or more elements of data accessible to an application program executed by a device. The apparatus may generate a consent document for the application program based on at least a portion of the consent data, and may compute a consent hash value representative of the consent document. The apparatus may also generate and transmit permissioning data that includes at least the consent hash value to the device. The permissioning data may, for example, include information that instructs the executed application program to store the consent hash value within a local memory of the device and to associate the consent hash value with an access token of the executed application program.

Abstract: Technologies are shown for HGM based control for smart contract execution. HGM control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The HGM control rules are applied to HGMs collected from the call stack to allow or prohibit specific HGMs observed in functions or function call chains. HGM control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the HGM control rules, then the function call can be blocked from executing or completing execution. The HGM control rules can be generated by executing known sets of acceptable or vulnerable smart contracts and collecting the resulting HGMs.

Abstract: The present disclosure provides systems and methods for authenticated control of content delivery. The method includes receiving a request for an item of content from a computing device, the request comprising a security token associated with the computing device and an identifier of a group of domains, identifying the group of domains from the identifier, and retrieving a security key associated with the group of domains. The method further includes decrypting a signature of the security token, identifying an authentication string, determining that the authentication string matches a server authentication string, and identifying characteristics of the security token. The characteristics of the security token include a confidence score. The method further includes comparing the confidence score of the security token to a threshold, determining that the confidence score does not exceed the threshold, and preventing transmission of content to the computing device.

Abstract: A method and devices for securely and privately generating a threshold vault address and distributed individual key shares reliant upon individually selected polynomial functions, without revealing the key shares and without ever reconstructing the private key. A digital asset stored at the threshold vault address may be used as an input to a transaction through generating a digital signature corresponding to the threshold vault address. Methods and devices are described for collaboratively generating the digital signature without reconstructing the private key or revealing individual key shares. Methods and devices are described for refreshing the distributed private key shares.

Abstract: One of the various aspects of the invention is related to suggesting various techniques for improving the tamper-resistibility of hardware. The tamper-resistant hardware may be advantageously used in a transaction system that provides the off-line transaction protocol. Amongst these techniques for improving the tamper-resistibility are trusted bootstrapping by means of secure software entity modules, a new use of hardware providing a Physical Unclonable Function, and the use of a configuration fingerprint of a FPGA used within the tamper-resistant hardware.

Abstract: A trust token may be created including authentication data for a user and his or her associated communication device. The trust token may be transmitted by the communication device to one or more recipients, such as a token server. The recipients may interpret the trust token and verify it against data written to one or more nodes of a blockchain when the user and the communication device registered for the trust token. Once the trust token is verified, the token server may be configured to generate, maintain, and provision account tokens representing sensitive data. The token server may push one or multiple account tokens to the communication device, thereby allowing the communication device to perform transactions with the account tokens. In other words, the implementation of a trust token may allow the communication device to be provisioned with multiple account tokens, without requiring multiple logins or transmissions of sensitive data.

Abstract: Examples disclosed herein relate, among other things, to an apparatus that includes a processor and a non-transitory machine-readable medium on which is stored instructions that, when executed by the processor, cause the processor to generate a report, the report including a value, access a memory, the memory storing indications of whether values are to be masked, determine that the value is to be masked based on the accessed memory, and substitute the value in the report with a masked value.

Abstract: A processor-implemented method is disclosed. The method includes: obtaining a plurality of location data points associated with the user device, each location data point including geographic coordinates; storing, in a database, the plurality of location data points; obtaining a first set of geohashes corresponding to the plurality of location data points, each location data point mapping to one of the geohashes of the first set; determining, for each geohash in the first set, a representative geographic location based on stored geographic coordinates of location data points which map to the geohash; identifying a plurality of location clusters based on performing clustering using the geohashes of the first set; and determining normalized cluster locations associated with the plurality of location clusters based on the representative geographic locations associated with the geohashes of the first set.

Abstract: A system for providing dynamic, multi-factor authentication for machine-to-machine connections using unique authentication streams of chained, cryptographic blocks or codes by generating and managing a root authentication stream of chained cryptographic blocks representing an enterprise. The root authentication stream may be utilized by deployed machine instances to instantiate the unique authentication streams for each of the deployed machine instances, thereby enabling secure and continuous authentication for the machine-to-machine connections.

Abstract: Secure communications are provided between a user computing device and a server computing device. An enrollment request is received from a user computing device that is configured via a distributed client software application and is processed. The enrollment request is usable to enroll the user computing device in a network and includes an encrypted partial initial biometric vector associated with a user. An authentication request is processed that is subsequently received that includes an encrypted partial second biometric vector and that is associated with a user of the user computing device. A comparison of the encrypted partial initial biometric vector and the encrypted partial second biometric vector is performed, and a value representing the comparison is generated and transmitted to the user computing device. The user computing device is authenticated where the value is above a minimum threshold.

Abstract: A network connection method, a hotspot terminal, and a management terminal are provided. A hotspot terminal receives an Internet access request sent by a mobile terminal, sends an input request to the mobile terminal according to the received Internet access request; receives user identity information sent by the mobile terminal; receives a permission confirmation instruction that is entered by an administrator according to the user identity information; determines Internet access permission of the mobile terminal according to the received permission confirmation instruction. According to the network connection method provided in the embodiments of the present application, the tedious and complex process where a mobile terminal logging into a remote network by using a hotspot terminal is significantly improved.

Abstract: A method for cryptographic data processing by means of a circuit comprises using a first circuit section to perform a first cryptographic operation in order to obtain first cryptographic data. The method further includes transmitting the first cryptographic data to a second circuit section via a transmission area of the circuit that physically separates the second circuit section from the first circuit section and whose resistance to attacks is at most as high as the resistance of the first circuit section. The method includes using the second circuit section to perform a second cryptographic operation using the first cryptographic data in order to obtain second cryptographic data.

Abstract: Methods and apparatuses for performing oblivious transfer using a trusted intermediate environment are described. A data object identifier is used to identify requested data object. The requested data object is stored as a plurality of corresponding data chunks over a plurality of data buckets. The data object identifier is encoded with information identifying each of the plurality of corresponding data chunks within each respective data bucket. A trusted intermediate environment receives a data stream that includes data chunks stored in an assigned data bucket. Using the encoded information from the data object identifier, the trusted intermediate environment determines which of the data chunks in the data stream is the corresponding data chunk streamed from the assigned data bucket.

Abstract: Method and system for improving the security of storing digital data in a memory or its delivery as a message over the Internet from a sender to a receiver using one or more hops is disclosed. The message is split at the sender into multiple overlapping or non-overlapping slices according to a slicing scheme, and the slices are encapsulated in packets each destined to a different relay server as an intermediate node according to a delivery scheme. The relay servers relay the received slices to another other relay server or to the receiver. Upon receiving all the packets containing all the slices, the receiver combines the slices reversing the slicing scheme, whereby reconstructing the message sent.

Abstract: Techniques for generating and using reader-friendly policy statements are disclosed. In one or more embodiments, a policy management service receives a request for an authorization policy in a language-localized syntax. The policy management service identifies a syntax graph corresponding to the authorization policy and traverses the syntax graph to obtain at least a requestor variable value associated with the authorization policy, an action variable value associated with the authorization policy, a resource variable value associated with the authorization policy, and a location variable value associated with the authorization policy. The policy authorization service generates a reader-friendly policy statement in the language-localized syntax using the requestor variable value, the action variable value, the resource variable value, and the location variable value. Responsive to the request, the policy authorization service provides the reader-friendly policy statement.

Abstract: A layered authentication process can use a first authentication layer to filter out invalid requests. The first layer can perform a lightweight authentication to determine requests that do not meet certain authentication criteria. This can include, for example, denying requests that have invalid credentials or that are received from unapproved locations or sources, or that lack the proper format. Requests that pass the initial authentication can be directed to a more robust authentication service that is capable for performing a full authentication of the request. Such an approach prevents various invalid requests from being delivered to the robust authentication service, thereby preventing the robust authentication service from being overwhelmed by a large number of requests, such as may correspond to a coordinated attack on the service.

Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.

Abstract: Technologies are shown for system level function based access control for smart contract execution on a blockchain. Access control rules control function calls at a system level by utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for execution of a smart contract. The access control rules are applied to the function call stack to allow or prohibit specific functions or function call chains. Access control rules can also define allowed or prohibited parameter data in the function call chain. If the function call chain or parameters do not meet the requirements defined in the access control rules, then the function call can be blocked from executing or completing execution. The access control rules can produce sophisticated access control policies based on complex function call chains.