Abstract: In an embodiment, a request for hosting a blockchain may be obtained from a client device. A node device to host the blockchain may be determined. Information associated with the node device may be provided to the client device, where the information is used for creating the blockchain on the node device. First data may be obtained from the client device and second data may be obtained from the node device for verifying that the node device hosting the blockchain complies with a hosting verification condition. Based on the first data, the second data, and the hosting verification condition, hosting information associated with the node device may be determined. Based on the hosting information, the node device may be removed from a set of node devices for hosting the blockchain.

Abstract: Described are systems, methods, and computer-program product embodiments for providing Session Initiation Protocol (SIP) network security. In some embodiments, a SIP processing system includes a SIP device configured to establish and control a SIP communication session between SIP user agents. In some embodiments, the SIP processing system includes a SIP device that establishes a recording session with a first server to receive SIP messages relayed in the SIP communication session. The first server decodes the SIP messages based on metadata in the SIP messages to extract multimedia content. Then, the first server opens a socket connection to establish a security session with a security system configured to determine whether the portion is associated with a detected threat and transmits a portion of the decoded multimedia to the security system. Based on a threat status generated by and received from the security system, the first server controls the SIP communication session.

Abstract: A data management blockchain and protocol for controlling access to data, in which no central trusted authority is required, is presented. The data management blockchain and protocol comprises an initial announcement of public keys by a plurality of blockchain participants, through which each blockchain participant establishes an identity. Subsequently a first of the plurality of blockchain participants publishes data encrypted with a cryptographic key on the blockchain. A second of the plurality of blockchain participants is assigned as an owner of the data by an authority. Access to the data is granted or revoked to further participants by the second of the plurality of blockchain participants through signed permission messages published on the blockchain, and a corresponding hand-over of the cryptographic key by the first of the plurality of blockchain participants, allowing access to the data. Access to further data may be revoked by changing the cryptographic key used.

Abstract: Construction of the static webpage begins. A first portion of content of the static webpage to encrypt is identified, the first portion being less than the entire static webpage. The first portion of content of the static webpage is encrypted. A first decryption key is provided to a first group of user devices, wherein the first decryption key allows each user device in the first group of user devices to decrypt the first encrypted portion of content of the static webpage. The static webpage is provided to a server, wherein the server allows public access to the static webpage.

Abstract: Systems and methods for performing network-side Simultaneous Authentication of Equals (SAE) to allow an end user device to access a network. A passphrase is assigned to an end user device for use in authenticating the end user device for a network using SAE. An identification of the end user device is determined during an authentication process. The passphrase assigned to the end user device is determined at a network side using the identification of the end user device. A shared secret is generated using the passphrase. Whether the end user device has generated the shared secret is determined by comparing network side and user side confirmation values. The end user device is authenticated for the network, if it is determined that the end user device has generated the shared secret.

Abstract: Security-enhanced computing systems and methods are described in regard to a migration of at-risk software that is valid in a first language is translated to a second language and situated in a safer environment. If expressions in said first language are encountered in said safer environment, errors or other special handling may result.

Abstract: Methods and systems are disclosed for controlling user creation of data resources on a software platform for storing and executing data resources for multiple users. The methods and systems may be performed using one or more processors or special-purpose computing hardware and may comprise receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said user. A further operation may comprise performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions.

Abstract: Carrier secure communications are provided by receiving, by a service provider device from an application interacting with a user device over a carrier network, an encrypted first request for user information. The carrier network intercepted a first request from the application based on a service provider identifier in the first request, and encrypted the first request to provide the network carrier encrypted first request to the service provider device. The service provider device may decrypt the encrypted first request to provide the first request and process the first request. The first request may include a carrier injected header that includes information about the user and/or user device that provided the first request. The information in the injected header may be used by the service provider device in processing the first request such as retrieving secure information without user credentials or storing data provided in the first request.

Abstract: A method for protecting data in a data memory against an undetected change, wherein a functional variable x is encoded via a value, an input constant, an input signature and a timestamp D into a coded variable, where the functional variable is normalized relative to a base to form the integer value from the functional variable.

Abstract: A token-based storage service may comprise a repository of key-value data. In response to a request to store a data item, the storage service may generate a token comprising a namespace and a unique identifier. The token may be used as a key to store and retrieve the data item from the repository. Requests to access the data may be validated based on ownership information stored with the data item and information indicative of the origin of the request for access. In response to a request to store a new version of the data item, a new token may be generated.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining computer code; determining from the computer code a collection of components reachable from the computer code; providing information about the components to a server; identifying by the server using information retrieved from a database, reachable components associated with the collection of components, which have stored vulnerabilities; determining from the computer code and the reachable components that have stored vulnerabilities, a collection of reachable finer resolution components; identifying, further components from the collection of reachable finer resolution components, which have stored vulnerabilities; and outputting information about the further components, wherein the computer code cannot be reconstructed from the information about the collection of components and the information about the finer resolution components.

Abstract: A device for storing key-value (KV) data includes non-volatile memory and a controller. The controller includes a decapsulator and a KV mapper to receive network data communicated over a network, for example using a layer 2 protocol. The decapsulator is configured to decapsulate a payload from the network data, the payload including a key-value pair and first information. The KV mapper is configured to receive the key-value pair and the first information decapsulated from the network data, and determine, based on the received key-value pair and first information, a first location of the non-volatile memory. The controller is further configured to store KV data corresponding to the key-value pair at the first location of the non-volatile memory based on the first information.

Abstract: Disclosed are various examples for enrollment of gateway enrollment for Internet-of-Things (IoT) device management using a client device. In one example, an onboarding token is retrieved using a request for the onboarding token. The request is authenticated based on user credentials. A gateway account is created using a request to create the gateway account that is transmitted to the management service. The request to create the gateway account includes a gateway identifier. The request is authenticated based on the onboarding token. Gateway credentials for the gateway account are relayed from the management service to the gateway. The gateway credentials authenticate communications between the gateway and the management service. The gateway credentials are concealed from users of the client device.

Abstract: A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.

Abstract: In an embodiment, a data processing method comprises creating and storing a scoring threshold value that is associated with determining whether a baseline operation rule is to be generated; receiving, from service monitoring processes, datasets of operations performed on digital objects by processors associated with computer applications; aggregating operations and identifying operation properties from the aggregated operations to generate an aggregated baseline dataset that represents operation properties from aggregated operations; assigning score values to each of the operation properties, wherein each assigned score value represents whether a particular operation property is a candidate for generating a rule that defines expected operation property values for the particular operation property; automatically generating a set of baseline operations rules for only those operation properties that have assigned values that exceed the score threshold value.

Abstract: An access point receives from a client a first nonce and a first cryptographic hash for the first nonce, the first cryptographic hash calculated using a first key derived from a second key, the second key input on the client or derived from a passphrase input on the client, derives first keys from each of a stored primary input and at least one stored secondary input valid at the deriving, the stored primary input and the at least one stored secondary input each being one of a second key and a passphrase, verifies the cryptographic hash using each derived first key to find a derived first key that checks the first cryptographic hash, generates a third key and a second cryptographic hash using the derived first key that checks the first cryptographic hash, and sends the third key and the second cryptographic hash to the client.

Abstract: Described herein are various embodiments of a network element including an access control list processing module to process an access control list of the network element. In one embodiment, the access control list processing module converts the access control list into set of subsections of rules, where each rule of a subsection mutually exclusive of each other rule in the subsection. The network element may then make forwarding decisions for network data using the set of subsections of rules. In one embodiment, semantics preserving transformations can be applied to rules and data to enable more efficient processing of filtering or rules.

Abstract: The present technology pertains to a organization directory hosted by a synchronized content management system. The corporate directory can provide access to user accounts for all members of the organization to all content items in the organization directory on the respective file systems of the members' client devices. Members can reach any content item at the same path as other members relative to the organization directory root on their respective client device. In some embodiments novel access permissions are granted to maintain path consistency.

Abstract: The automatic selection of an identity provider to be used to authenticate users when requesting to access network resources for a tenant. The authentication is initiated by checking the username against the directory of the tenant. If that check results in finding an entry for the username in that directory, the entry is checked for an identity provider. If that check results in finding an identity provider, the user is directed to that found identity provider for authentication. Thus, in many, most, or all cases, an identity provider is found and selected for authentication of the user without the user having to manually select the identity provider. The username may be an internal user of an entity. The selection of the identity provider works in either case since there would still be an entry for that user in the directory of the tenant.

Abstract: Systems and methods for providing event media distribution associated with an event to a user include receiving an electronic invitation to the event having a time and location associated therewith and displaying the electronic invitation, including a response option and one or more mode options. The mode options are associated with one or more rules regarding automatic sharing of media associated with the event. The user may give an affirmative response that they will attend, as well as a selection of one or more mode options. When user of the mobile communications device is present at the event, the user device shares information to and from the devices of other attendees in accordance with the selected mode option(s).