Abstract: An example operation may include one or more of receiving, at a node, a request to execute a software model that has been decomposed into a plurality of sequential sub-components, executing a sub-component from among the plurality of sub-components based on input data included in the received request to generate output data, hashing the input data and the output data to generate a hashed execution result of the sub-component, and storing the hashed execution result of the sub-component within a block among a hash-linked chain of blocks which include hashed execution results of other sub-components of the software model executed by other nodes.

Abstract: Interaction characteristics of a user interacting with a virtual reality (VR) terminal are obtained through preset sensing hardware in response to a request for execution of a target task requiring user identity verification. The obtained interaction characteristics of the user are compared with preset interaction characteristics of an authorized user of the VR terminal to verify identity of the user. The target task is executed and the user is authenticated as an identity-verified user of the VR terminal based on a successful user identity verification.

Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.

Abstract: A method of authenticating a user of a user device, the method includes receiving a user effort-based identity authentication token from a user device, generating a challenge request, receiving an effort validation response, generated by an effort validation server in response to a user performed requested effort, receiving the effort-based identity authentication token, and authenticating the user as a function of the received validation response and the user effort-based identity authentication token.

Abstract: In some examples, a Domain Name System (DNS) server is to receive, over a network, a DNS query containing a domain name, the DNS query sent by a device. The DNS server is to determine whether the domain name is potentially generated by malware. In response to determining that the domain name is potentially generated by malware, the DNS server is to generate a DNS response containing information indicating that the domain name is potentially generated by malware, and send the DNS response to the network.

Abstract: A pharmaceutical transport system may include a pneumatic tube network and a pharmaceutical transport container movable within the pneumatic tube network. The pharmaceutical transport container may include a tubular container having open and closed positions for receiving at least one pharmaceutical therein, and an electronic lock securing the tubular container in the closed position and opening based upon a match between an entered digital code and a current changing digital code.

Abstract: A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.

Abstract: Systems and methods for tamper-resistant verification of firmware with a trusted platform module. Embodiments may be configured to ensure the integrity of computer system firmware while still allowing reprogramming of nonvolatile storage devices with arbitrary information.

Abstract: Subject matter disclosed herein may relate to at least one processor to establish a communication connection between a portable computing device and a particular external device, the at least one processor to initiate transmission of one or more signal packets representative of one or more communication, security, and/or cryptographic parameters to the particular external device responsive at least in part to the establishing the communication connection.

Abstract: Subject matter disclosed herein may relate to at least one processor to selectively authorize requests from one or more external devices to read from and/or write to particular bio-ledger entries and/or particular biosphere ledger entries based, at least in part, on security tokens provided by the one or more external devices and based, at least in part, on first and/or second sets of particular authorizations.

Abstract: A communication system comprising a server and a plurality of clients constrained so that in order to communicate with each other by means of the system they must communicate via the server, the server having access to a set of stored communication rules defining permitted and/or non-permitted communications between the clients and the server being configured to, on receiving a message from a first client designating as recipients a second client and a third client, the first client matching a first set of characteristics stored in the communication rules and the second client and the third client being clients who are not permitted to directly communicate according to the communication rules, alter the communication rules to permit the second and third clients to directly communicate.

Abstract: The present disclosure relates to the management of end user privacy controls using a privacy broker system, method, computer program and electronic device for managing end user privacy controls of a plurality of end users across a plurality of end user services. The system is configured to receive from a publisher entity a privacy event relating to an end user of the plurality of end users, determine one or more target subscriber entities and communicate the privacy event to the one or more target subscriber entities.

Abstract: A direct cloud access (DCA) computing system for enabling access by a developer computing device hosted on a development network to a plurality of production networks hosted on a cloud services platform is provided. The DCA system includes a development private network interface to a private network, and a production private network interface to the private network. The DCA system further includes a plurality of DCA computing devices each coupled to a respective one of the plurality of production networks. Each DCA is programmed to establish a first VPN connection with a developer computing device on the development network via the private network, receive a client VPN packet addressed to the first DCA network address, and transmit the packet to the production computing device based on a resource address.

Abstract: A system and method of authentication is provided that uses the spatiotemporal context of a user which has been measured using third party monitoring systems. Spatiotemporal data obtained from third party systems such as CCTV networks, microphone networks, UAV networks, CAV networks, ATM networks or the like is used to determine a unique spatiotemporal fingerprint for an individual. That is, the unique identifier is not derived from a device carried by the individual. This fingerprint can then be used to verify a user and detect abnormal and unexpected behaviour.

Abstract: Technologies for detecting bot signals include extracting at least a primary signal and a secondary signal from header data logged by an automated service during a time interval, where the header data is associated with web-based client-server requests received by an online system, generating distribution data representative of the secondary signal when the primary signal matches a first criterion, converting the distribution data to a quantitative score, after the time interval, causing a web-based client-server request to be blocked or redirected when the quantitative score matches a second criterion.

Abstract: Enhanced electronic security systems and methods are provided. A whitelist, blacklist, or both of resource access sources that are allowed to use a particular resource access account are obtained. Upon detecting an access attempt to a particular resource on a computer network, a source of the access attempt and a resource access account used in the access attempt is identified. The whitelist, blacklist, or both are referenced to determine if the source of the access attempt is allowed to use the resource access account used in the access attempt. When the source of the access attempt is not allowed to use the resource access account used in the access attempt, one or more mitigation tasks may be performed.

Abstract: In accordance with embodiments of the present disclosure, a binary translator can perform address shifting on the binary code of an executing application. Address shifting serves to shift the addresses of memory operations that can access locations in the kernel address space into address locations in the user space, thus avoiding speculative access into the kernel address space.

Abstract: A processor-implemented method provides a calculated identity confidence score for an identity. The processor(s) in each of a plurality of decentralized identity providers calculate an identity confidence score of an entity. The processor(s) store the calculated identity confidence score in a blockchain. The processor(s) retrieve the calculated identity confidence score from the blockchain. The processor(s) provide the calculated identity confidence score to a requestor, which is a computer-based system that performs an action based on the provided calculated identity score.

Abstract: A network device receives a smart contract for permissions to access a service, wherein the smart contract is in an initial block for authorizations in a shared ledger. The network device receives, from an authorization server device, an update to the shared ledger, wherein the update is a proposed block in the shared ledger requiring validation. The network device stores, in a local memory, a copy of the shared ledger with the update, when the update is validated by the distributed consensus network. The network device receives, from a client device, an item request for an item associated with the service, wherein the item request includes a client identifier. The network device identifies if there is match of the client identifier and the item in the copy of the shared ledger and sends, to the client device, the item when there is match of the client identifier and the item.

Abstract: First information about regions of storage space in a storage environment available for a volume is provided to a service provider, with the storage environment being external to the service provider. The service provider is notified that information usable to locate a storage destination of a portion of the volume is unavailable. Second information that includes the storage destination in the storage environment is obtained from the service provider. A data operation is performed at the storage destination, with the storage destination determined based at least in part from the second information.