Abstract: An anti-replay processing method. The method is utilized in a service function path (SFP) to monitor packet count in the SFP to identify replay attack event, and recognizes a segment of the SFP where the replay attack event occurs as an insecure path. The method further initiates a secure path bypassing the insecure path, labels normal SFC packets with an asserted secure flag, and blocks replayed packets without the asserted secure flag at the exit stage of the secure path.

Abstract: Delegating a scope of permission between pairwise DIDs. First, a computing system determines a relationship between the first DID and a second DID. The first DID and the second DID are pairwise DIDs. Based on the relationship, the computing system delegates a scope of permission owned by the first DID to the second DID. In particular, the computing system defines the scope of permission, grants a public key of the second DID the scope of the permission. The delegation of the defined scope of permission is signed by a private key of the first DID, such that the signature is a proof of the delegation. A portion of data related to the delegation is then propagated onto the distributed ledger.

Abstract: For multiuser information exchange management, a processor receives information permissions for a plurality of participants in an electronic forum. The information permissions include an audio permission, a video permission, a file share permission, a drawing permission, and/or a presentation permission for each participant. The processor provides forum information to each participant based on the information permissions. The audio permission is required to receive audio from the electronic forum. The video permission is required to receive video from the electronic forum. The file share permission is required to receive a file from the electronic forum. The drawing permission is required to receive a drawing from the electronic forum. The presentation permission is required to receive a presentation from the electronic forum.

Abstract: A system, method, and computer-readable storage medium is provided for creating first and second blockchain instances, each comprising representative blocks corresponding to steps in first and second multistep processes, respectively; performing a linking operation to link a block in the first blockchain instance to a block in the second blockchain instance; receiving change evidence data pertaining to steps in one of the first and second multi-step processes; and performing an update operation comprising updating one of the first and second blockchain instances based on said change evidence data.

Abstract: A method for secure storage and distribution of account tokens includes: storing blockchain data comprised of a plurality of blocks, each block including at least a block header and one or more data values, where each data value includes at least an identification value, an account token, and one or more usage rules; receiving a login request including at least a specific identification value and a set of credentials; identifying a specific data value included in the blockchain data where the included identification value corresponds to the received specific identification value; validating the set of credentials based on the identified specific data value and access to the account token included in the specific data value based on the included one or more usage rules; and transmitting the account token included in the identified specific data value in response to the login request upon successful validation.

Abstract: The present disclosure includes apparatuses, methods, and systems for using memory as a block in a block chain. An embodiment includes a memory, and circuitry configured to generate a block in a block chain for validating data stored in the memory, wherein the block includes a cryptographic hash of a previous block in the block chain and a cryptographic hash of the data stored in the memory, and the block has a digital signature associated therewith that indicates the block is included in the block chain.

Abstract: Disclosed herein are methods, systems, and processes for scanning unexposed web applications for security vulnerabilities. A web application executing on a client computing device is accessed and a determination is made that elements in a document object model (DOM) associated with the web application are completely loaded. A brute force operation is performed to identify unexposed actionable events associated with the elements in the DOM. The unexposed actionable events identified as part of performing the brute force operation are received from the client computing device, and the web application is scanned for security vulnerabilities based on the unexposed actionable events.

Abstract: Techniques are provided for client-driven shared secret updates for client authentication. One method comprises, in response to a first authentication of a client by a server using a given shared secret, updating, by the client, the given shared secret to generate an updated shared secret and storing the updated shared secret with the server; and submitting the updated shared secret to the server as part of a second authentication of the client. The updating is optionally performed by one or more of a password vault and a browser extension. The client may randomly select the updated shared secret or compute the updated shared secret in a predefined manner. The server may evaluate whether the client stores the updated shared secret with the server in connection with the first authentication and implement one or more predefined steps when the updated shared secret is not stored with the server.

Abstract: A computing entity accesses one or more blocks of a blockchain, encrypts the content of the one or more blocks using a first cryptographic technique to generate one or more first encrypted block values, and writes a first side chain block comprising the one or more first encrypted block values and a first signature to a first side chain. The computing entity accesses at least one of (a) at least one block of a particular second set of one or more second sets of the plurality of blocks or (b) one or more first side chain blocks corresponding to blocks of the second set, encrypts the content of the accessed block(s) using a second cryptographic technique to generate at least one second encrypted block value, and writes a second side chain block comprising the at least one second encrypted block value and a second signature to a second side chain.

Abstract: Systems and methods are provided for implementing swarm learning while using blockchain technology and election/voting mechanisms to ensure data privacy. Nodes may train local instances of a machine learning model using local data, from which parameters are derived or extracted. Those parameters may be encrypted and persisted until a merge leader is elected that can merge the parameters using a public key generated by an external key manager. A decryptor that is not the merge leader can be elected to decrypt the merged parameter using a corresponding private key, and the decrypted merged parameter can then be shared amongst the nodes, and applied to their local models. This process can be repeated until a desired level of learning has been achieved. The public and private keys are never revealed to the same node, and may be permanently discarded after use to further ensure privacy.

Abstract: A cross-measurement system gathers data from a set of publishers to determine cross-publisher statistics about content provided on multiple online platforms associated with different publishers. The cross-measurement system receives a set of publisher-specific Bloom filters associated with content exposure of a content set by each of the multiple publishers. using the received publisher-specific Bloom filters, the cross-measurement system generates a cross-publisher Bloom filter, for example, by combining the publisher-specific Bloom filters. Then, the cross-measurement system analyzes the cross-publisher Bloom filter to determine cross-publisher statistics reflecting the content exposure of the content set across the set of publishers, such as a cross-publisher reach of the content set.

Abstract: A network function service invocation method includes sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network function service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element; generating, by the authorization network element, a token when determining that the identity authentication succeeds, wherein the token is used to indicate that the first network function network element has the permission to invoke the first network function service of the second network function network element, and sending, by the authorization network element, a token to the first network function network element.

Abstract: A method for pairing a first terminal, called a communications terminal, seeking to transmit and receive data with a second terminal, called an acceptor terminal. The method includes: a first non-secured pairing phase for pairing the transactional terminal with the communications terminal, delivering at least one pairing parameter for pairing with the communications terminal, by using a first radio-type bidirectional wireless communications channel; a second phase of secured pairing of the transactional terminal with the communications terminal, the second pairing phase implementing a second unidirectional communications channel used by the transactional terminal to transmit a piece of securing data from the first communications channel to the communications terminal, as a function of the at least one parameter for pairing with the communications terminal.

Abstract: Techniques for a firewall to determine access to a portion of memory are provided. In one aspect, an access request to access a portion of memory within a pool of shared memory may be received at a firewall. The firewall may determine whether the access request to access the portion of memory is allowed. The access request may be allowed to proceed based on the determination. The operation of the firewall may not utilize address translation.

Abstract: A streaming one time Pad cipher using a One Time Pad (OTP) provides secure data storage and retrieval. The data that is encrypted using the one time pad is stored in a repository that is separate from the generation and/or storage for the one time pad.

Abstract: Implementations of the disclosure are directed to using a distributed ledger network and a location beacon device that transmits a secured representations of a location distributed ledger addresses to prove the presence of a user at a particular location and time. In implementations, a method includes: receiving, at a first time, a first beacon, the first beacon including a first secured representation of a distributed ledger address associated with a location; transmitting the first secured representation of the blockchain address to a server system operating as a node on a distributed ledger network; receiving a request from the server system to obtain, at a second time after the first time, a second secured representation of a distributed ledger address; in response to the request, obtaining a second secured representation of a blockchain address associated with a location; and transmitting to the server system, the second secured representation of the blockchain address associated with the location.

Abstract: The present disclosure provides a new and innovative system, method, and non-transitory computer-readable medium for securely recovering access to an online service account. Secret splitting is utilized to require multiple recovery mechanisms in order to recover access to an online service account, thus decreasing the likelihood that a malicious attacker will compromise all of the recovery mechanisms to gain access to the online service account. The secret is split into a quantity of tokens via a secret sharing function that can reconstruct the secret with a predetermined threshold quantity of the tokens. The level of security provided by the system is flexible by adjusting the quantity of recovery mechanisms and the predetermined threshold quantity of tokens required to reconstruct the secret.

Abstract: A proxy is modified, to form an enhanced proxy, wherein the proxy is configured to inspect a header portion of a Hypertext Transfer Protocol (http) message, the modifying enabling the enhanced proxy to identify, at the enhanced proxy, a set of http header types in the http message received from a system. An external licensing authority (LA) is modified, to form an enhanced LA, wherein the enhanced LA is configured to verify a header parameter corresponding to a header type in the set of header types and return a license information corresponding to the system. The http message is modified by modifying the header portion in the http message according to the header type and a threshold corresponding to the header type, the header type and the threshold being identified in the license information. The modified http message is transmitted.

Abstract: A system and method for reducing risk of smart contracts in blockchains in a computer environment are presented. One or more smart contracts may be accepted or rejected from a secondary blockchain to a primary blockchain according to a risk assessment to recursive call attack vulnerabilities.

Abstract: Disclosed embodiments provide techniques for data communication to mobile electronic devices utilizing nodes equipped with directional transmitters. The mobile electronic devices are classified as registered or unregistered. A current location for each mobile electronic device in an area is determined. A registered mobile electronic device is identified from a group of mobile electronic devices. Based on the determined location, a distance to a registered mobile electronic device from a transmitter is determined. The transmitter is a directional transmitter, capable of transmitting along a sector. A sector corresponding to the registered mobile electronic device based on an angle range and distance from a transmitter to the registered mobile electronic device is determined.