Abstract: There may be provided a computer-implemented method. It may be implemented using a blockchain such as, for example, the Bitcoin blockchain. The computer-implemented method includes: i) joining a congress by transferring, by a node operating in a proof-of-work blockchain network, one or more digital assets to a congress pool having one or more other digital assets associated with other members of a congress; ii) detecting, by the node, a special transaction of digital assets on the proof-of-work blockchain network to an address associated with the congress pool, the special transaction satisfying determined criteria; and iii) minting, by the node, one or more digital assets on a proof-of-stake blockchain network in response to detecting the special transaction.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to facilitate and/or support one or more operations and/or techniques for authenticating an identity of a subject. In particular, some embodiments are directed to techniques for authentication of an identity of a subject as being an identity of a particular unique individual based, at least in part, on involuntary responses by the subject to sensory stimuli.

Abstract: A transmitting multi-link device (MLD) includes circuitry and a transmitter. The circuitry, in operation, constructs an Additional Authentication Data (AAD) and a Nonce, and encapsulates a plaintext medium access control (MAC) protocol data unit (MPDU), the AAD, and the Nonce to generate an encapsulated MPDU. The AAD includes an Address 1 (A1) field, to which a recipient MLD's MAC address is set, and an AAD Address 2 (A2) field, to which the transmitting MLD's MAC address is set. The Nonce includes a Nonce Address 2 (A2) field, to which the transmitting MLD's MAC address is set. The transmitter, in operation, transmits the encapsulated MPDU to the recipient MLD on a first link.

Abstract: A computer-implemented method for distributing shares of a digitally signed message among a plurality of participants. The method comprising: inputting a digital message to an elliptic curve digital signature algorithm to provide a digital signature; mapping the digital signature to elliptic curve points of an elliptic curve cryptography system common to the participants. In a first encryption step, a knapsack algorithm is applied to the elliptic curve points to generate an encrypted version of the digital signature. In a second encryption step, an elliptic curve cryptography encryption is applied to the encrypted version of the digital signature to provide a doubly encrypted version of the digital signature; and applying a secret sharing step to the doubly encrypted version of the digital signature, wherein the digital signature is fragmented into a plurality of blocks before applying the knapsack algorithm.

Abstract: A data store to store and access digital records is provided, and a key object record is initialized in the data store to store data associated with a physical key object. A digital fingerprint of the physical key object is stored in the key object record. Another digital record is created in the data store that is not the key object record. The digital record is linked to the digital fingerprint of the physical key object. The linking is arranged to provide secure control access to the linked digital record. A tendered access key is received via a programmatic interface or user interface, and the data store is queried based on the tendered access key to identify a matching digital fingerprint of a key object. In a case that the querying identifies the matching digital fingerprint of the key object within a prescribed level of confidence, access to the linked digital record secured by the key object is granted.

Abstract: A method of validating the contents of an electronic file. The method comprises requesting an electronic file by an application executing on a computer system by providing a multi-segment filename, wherein the multi-segment filename comprises a unique delimiter between each of the segments of the multi-segment filename and one of the segments of the multi-segment filename is a hash of a content of the electronic file referenced by the multi-segment filename, receiving by the application the electronic file referenced by the multi-segment filename, determining a hash over the content of the electronic file by the application, comparing by the application the hash determined by the application to the hash of the content stored in the one of the segments of the multi-segment filename, and, based on the two hashes agreeing, opening by the application the contents of the electronic file for use.

Abstract: The present disclosure relates to the security of user devices connected to local networks, such as devices comprised in the Internet of Things' (IoT). An aspect relates to a computer-implemented method of securing functionality of a user device connected to a local network provided at a premises, the method comprising: determining a premises trust score indicative of a likelihood that an authorised user of the user device is present at the premises, the determining being in dependence on: (i) data received from one or more biometric-capable devices, distinct from the user device, connected to the local network, that data being indicative of continuous biometric authentication of a current user of the respective biometric-capable device; or (ii) a lack thereof; then causing the user device to respond to a request for functionality made through a local user interface it comprises in a manner which depends on the premises trust score.

Abstract: In various embodiments, one or more non-transitory computer-readable media storing program instructions that, when executed by one or more processors, cause the one or more processors to perform a method comprising receiving, from an API server, a request to access a service, the request including an API authorization identifier; validating the API authorization identifier to generate a validation result; determining a service tier of the service based on the request; and transmitting, to the API server, a response including the validation result and an indicator of the service tier based on the request.

Abstract: Systems and methods for automated historical risk assessment for risk mitigation in online access control are provided. An entity assessment server can receive a request to assess a risk indicator change from a first risk indicator to a second risk indicator. For each attribute used to generate the first risk indicator and second risk indicator, a first impact can be determined for changing from the first risk indicator to a third risk indicator between the first risk indicator and the second risk indicator. A second impact similarly can be determined for changing from the third risk indicator to the second risk indicator. Aggregating the first impact and the second impact can determine a total impact of each attribute. Assessment results can be generated to include a list of attributes ordered according to the respective total impact and transmitted to a remote computing device for use in improving the risk indicator.

Abstract: A method and apparatus for cryptographically linking separated authentication and authorization processes to support data transaction signing when group or corporate authority structures are required. The apparatus provides a secure, scalable model to represent authority in an entity context while conducting distributed ledger technology transactions. The method supports a range of cryptographic methods for separating the linked authentication and authorization processes including split key encryption, multi-party computation, multi-signature authorization, and execution of decentralized smart contract authorization logic. The method supports multiple models for authorization including organizational structures, consensus models including voting, and workflow processes.

Abstract: A system to generate a graphical user interface to display a presentation of a set of shared user groups between users of a social networking service is described. Embodiments of the present disclosure relate generally to systems for: receiving an identification of a second user from a user account of a first user; identifying a user group that includes the first user and the second user in response to the identification of the second user from the user account of the first user; retrieving user identifiers of the first user and the second user, wherein the user identifiers may include graphical avatars; generating a group identifier based on the user identifiers; and causing display of a presentation of the user group at a client device.

Abstract: To achieve no code or low code parity in decentralized computing systems, disclosed implementations provide a data structure and trusted control plane that enables the creation and operation of composable objects, that is objects whose functions and properties are derived from configurable and upgradable templates. The templates are data structures that define the behavior of a collection of objects, the behaviors being the interfaces, functions, properties, events, triggers, error messages, and dependencies that define and object and its interaction with other objects and entities. Templates are configured by mapping the desired object behaviors to registered smart contract logic that affects the behaviors. Thus, complex objects can be composed without the need for new computer code. Additional logic to enable new behaviors can be added by authorized smart contract developers and, once certified, added to one or more templates to provide the objects access to the new capabilities.

Abstract: A method of controlling access to a document file includes creating the document file, which is an executable file that presents content having at least one media type and is presentable to a user on an electronic device having a processor. A first unique global identifier is associated with the document file. A content storage device associated with a second unique global identifier is provided. The content storage device is coupled for communication with the processor of the electronic device. The document file is then provided to the user providing by storing the document file on the content storage device, but only if the first unique global identifier corresponds to the second unique global identifier in a predetermined manner.

Abstract: Presented herein are techniques for establishing data provenance by generating one-time signatures. In examples, systems may include one or more hardware processors that receive, via an application programming interface (API), a request for a one-time signature and data associated with the request, provide a seed identifier and the data associated with the request to an HSM in a set of HSMs, and receive a response message from the HSM, the response message including a one-time signature. In examples, the response message and the one-time signature are provided to the device that transmitted the request for the one-time signature and the data associated with the request.

Abstract: A method comprises receiving in a governor device, from a plurality of data owner devices, metadata for one or more datasets maintained by the plurality of data owner devices, registering the metadata for the one or more datasets with the governor device, in response to a request from an aggregator, providing at least a portion of the metadata for the one or more datasets to the aggregator, receiving, from the aggregator, a compute plan to be implemented by the plurality of data owner devices, distributing at least a portion of the compute plan to the plurality of data owner devices, in response to receiving, from the plurality of data owner devices, a verification report and a certification for an enclave, binding the enclave to a host device, and providing the compute plan to the plurality of data owner devices.

Abstract: An information processing apparatus includes: a processor configured to: execute an authentication process of authenticating a user by a first authentication process, which is any one of plural authentication processes having different security levels; and execute, in a case where execution of a job is instructed by the authenticated user authenticated by the first authentication process, and a security level of the first authentication process is lower than a security level of the job, another authentication process of authenticating the authenticated user by a second authentication process having a security level higher than the security level of the first authentication process among the plural authentication processes as an additional authentication process.

Abstract: The invention relates to distributed ledger technologies such as consensus-based blockchains. A blockchain transaction may include digital resources that are encumbered by a locking script that encodes a set of conditions that must be fulfilled before the encumbered resources may be used (e.g., transferring ownership/control of encumbered resources). A worker (e.g., a computer system) performs one or more computations to generate a proof, which is encoded as part of an unlocking script. A verification algorithm may utilize the proof, a verification key, and additional data such as a cryptographic material associated with the worker (e.g., a digital signature) to verify that digital assets of the transaction should be transferred. As a result of the validation of this transaction, any third party is able to check the contract was executed corrected rather than re-executing the contract, thus saving computational power.

Abstract: The present disclosure describes providing an attestation level to a received communication. The attestation level may be used to communicate a level of security to a network or a called party that receives the communication. The attestation level associated with the communication may indicate to a destination network and/or recipient that the phone number associated with the communication is secure and/or the telephone number has not been spoofed. Determining the attestation level comprises comparing information associated with the communication with stored information and assigning a code based on the comparison. The code may be translated to a tag value that is used to direct the communication to a signing server for attesting the communication at the determined attestation level.

Abstract: An online system determines security specification for cloud computing assets of a cloud computing platform. The system initializes a security specification and monitors execution of an application over a time interval to receive information describing application programming interface (API) invocations performed by the application. For each action performed by the API invocation, the system determines whether the security specification allows the actions performed by the API invocation with the cloud computing asset. The system modifies the security specification if necessary to allow the application to perform the particular action with the particular cloud computing asset. The system enforces security permissions for applications running on cloud computing platform based on the generated security specification.

Abstract: The present disclosure relates to a privacy preserving data storing method, in particular for analyzing a travel behavior of one or more users of mobility-as-a-service (MaaS) transportation services. The method comprises storing at least one user identification, user ID, identifying the one or more users on a trip together with a trip identification, trip ID, identifying the trip in a database entry of a first database and storing trip information on the trip with the trip ID in a database entry of a separate second database. The method further provides for associating the database entries of the first and second databases associated with the same trip ID for an analysis of the travel behavior of the users based on the associated database entries of the first and the second database.