Abstract: Methods of sensory input integrity attestation are provided. Artifacts included within devices under test inject a known noise signal into the output signal of one or more output devices that are detectable by one or more input devices (i.e., sensors) of an embedded device, and monitor the received input data. By comparing the received signal against the expected noise signal, attestation of the validity of sensory input data is possible. Such sensory input data attestation is capable either locally or using a remote attestation device with knowledge of the expected data stream.

Abstract: There is disclosed a silicon integrated circuit comprising a Physically Unclonable Function and an online or embedded test circuit, said online test circuit comprising one or more circuit parts being physically adjacent to said PUF and said one or more circuits embodying one or more tests which can be performed to determine one or more quality properties of said PUF or otherwise characterize it. Different tests with specific associated method steps are described.

Abstract: A method of cyber protection of a machine based on acquiring acoustic signals from a vicinity of the machine, while the machine is operative. The method includes analyzing the acquired acoustic signals to determine whether the machine or a controller of the machine is operating suspiciously and initiating a cyber measure on the controller of the machine, responsive to a determination based on the acquired acoustic signals that the machine or the controller is operating suspiciously.

Abstract: The present disclosure relates to a sensor network and Internet of Things (IoT) as applied to intelligent services based technologies such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. An apparatus and method for controlling an electronic device through a mesh network of such electronic devices are provided. In a method for controlling an electronic device, a terminal transmits to the electronic device, a terminal identifier for authenticating the terminal and information for authenticating a user of the terminal. If authentication of the terminal is successfully completed, the terminal transmits control information containing at least one service identifier classified according to service types to the electronic device. The control information is transmitted to another electronic device, based on the service identifier, through a network in which the electronic device is connected to another electronic device.

Abstract: An example operation may include one or more of receiving, by gaming peers of a gaming network, a number of transactions from a blockchain network, electing a subset of gaming peers to verify the transactions and a leader from the subset of gaming peers, generating, by the leader, a block comprising the number of transactions, validating the block, by the subset of gaming peers, and broadcasting the block to the blockchain network.

Abstract: A method, apparatus and computer program product for managing a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment is described. In a first virtual private network (VPN) manager a request is received from a first cloud application resident in the first cloud. The request includes a first set of requirements for a first VPN tunnel in the plurality of VPN tunnels. The VPN manager sends a first VPN manager request to a first system in a first cloud, wherein the first system creates the first VPN tunnel according to the first set of requirements. The VPN manager receives a request from a second cloud application resident in the first cloud. The request includes a second set of requirements for a VPN tunnel in the plurality of VPN tunnels. The VPN manager sends a second VPN manager request to the system in a first cloud, wherein the second VPN manager request contains the second set of requirements.

Abstract: Various embodiments are generally directed to techniques for generating updating, and/or validating one or more aspects of an access policy for a data bucket, such as based on usage data corresponding to the data bucket, for instance. Some embodiments are particularly directed to automatically generating, updating, and/or validating an access policy for a data bucket based on analysis of log data corresponding to the data bucket. In some embodiments, log data comprising access records to a data bucket may be analyzed to determine access requirements for a set of entities. In some such embodiments, the access requirements for the set of entities may then be used to generate an access policy for the data bucket.

Abstract: Systems and methods for dynamic filtering of content posted to a social network are disclosed. In aspects, a method of the system includes generating, by a computing device, a user profile list for a user of a social network, the user profile list including data regarding the user's preferences with respect to undesirable content; monitoring, by the computing device, a content post on the social network to determine if the content post includes the undesirable content, the content post being displayed to the user through a social network interface; determining, by the computing device, that the content post includes the undesirable content; and effecting a change in the display of the content post in accordance with one or more predetermined display rules based on the determining that the content post includes the undesirable content.

Abstract: An example operation may include one or more of receiving, by a full storage peer of a blockchain network, a blockchain transaction, executing chaincode to create a new world state for a blockchain, transferring, in response to the blockchain transaction, partial Merkle tree hashes to one or more partial storage peers, the partial Merkle tree hashes corresponding to the blockchain transaction, verifying a current world state hash with the partial Merkle tree hashes, receiving, by the one or more partial storage peers, chaincode arguments, executing chaincode on the chaincode arguments to generate a new world state, calculating a new world state hash, and performing consensus, by the full storage peer and the one or more partial storage peers, on the new world state hash.

Abstract: Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.

Abstract: A system and method of validating an upgrade of authentication credentials includes authenticating a first user being associated with a first entity, receiving input identifying a customer name for the online account, receiving input indicating a type of identification to be presented at the validation event, receiving input indicating a transaction code associated with the validation event, and receiving input indicating a location of the validation event, and further includes authenticating a second user being associated with a second entity, providing to the second user a list of validation events for a location, receiving input selecting a validation event in the list of validation events, presenting one or more of the customer name, transaction code, and type of identification associated with the selected validation event, and receiving input indicating a result of the validation event, where a credential or token is created and assigned based on the validation event.

Abstract: An anti-replay processing method. The method is utilized in a service function path (SFP) to monitor packet count in the SFP to identify replay attack event, and recognizes a segment of the SFP where the replay attack event occurs as an insecure path. The method further initiates a secure path bypassing the insecure path, labels normal SFC packets with an asserted secure flag, and blocks replayed packets without the asserted secure flag at the exit stage of the secure path.

Abstract: Example embodiments relate to authenticating a user operating a user computing entity. An input ordered sequence of biometric inputs is received and stored as profile templates. The templates are concatenated and a function is applied to generate a profile token. To authenticate a user, the same ordered sequence of biometric inputs are received to generate an authentication token with the profile token and the authentication token being compared for a match.

Abstract: In general, techniques are described for provided result reporting via authentication, authorization and accounting (AAA) protocols. An authorization server comprising a control unit may be configured to perform the techniques. The control unit may authorize a network access server to allow an endpoint device to access one or more services in accordance with a network access protocol. The control unit may also request, in accordance with the network access protocol, a result from the network access server as to whether the one or more authorized services are presently provided for use by the endpoint device.

Abstract: Implementations of the present specification provide method for determining a new model parameter for a data processing model. The method includes determining and receiving, from one or more other data parties, one or more other shares of a new model parameter. The one or more other shares of the new model parameter can be combined with a first share of the new model parameter determined by a first data party to produce a new model parameter. The new model parameter is used to train the data processing model.

Abstract: Described herein is a system transmits and combines local models, that individually include a set of local parameters computed via stochastic gradient descent (SGD), into a global model that includes a set of global model parameters. The local models are computed in parallel at different geographic locations (e.g., different instances of computing infrastructure) along with symbolic representations. Network transmission of the local models and the symbolic representations, rather than transmission of the large training data subsets processed to compute the local models and symbolic representations, conserves resources and decreases latency. The global model can then be used as a model to determine a likelihood that at least a portion of current and/or recently received data traffic is illegitimate data traffic that is associated with a cyber attack. In some instances, the system can implement a remedial action to mitigate the effects of the cyber attack on computing infrastructure.

Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines, each host computer in these embodiments executes a context engine and one or more attribute-based service engines. Through the GI agents of a host's machines, the context engine of that host in some embodiments collects contextual attributes associated with network and/or process events on the machines, and provides the contextual attributes to the service engines to use to identify service rules for processing.

Abstract: Identifying and protecting against computer security threats while preserving privacy of individual client devices using condensed local differential privacy (CLDP). In one embodiment, a method may include accessing an actual data value, generating a perturbed data value by adding noise to the actual data value, aggregating the perturbed data values to at least partially cancel out aggregate noise of the aggregated perturbed data values at a population level, analyzing, using CLDP, the aggregated perturbed data values to identify a computer security threat, and in response, protecting against the computer security threat by performing a remedial action. The amount of noise added to each actual data value may be probabilistically computed such that a probability of noise being added decreases as an amount of added noise increases. The perturbed data values may preserve privacy of the actual data values.

Abstract: Identifying and protecting against computer security threats while preserving privacy of individual client devices using condensed local differential privacy (CLDP). In one embodiment, a method may include mapping non-ordinal data values to ordinal data values, generating a first ordering scheme for the ordinal data values, accessing actual non-ordinal data values, converting the actual non-ordinal data values to actual ordinal data values according to the mapping, generating first perturbed ordinal data values by adding noise, and aggregating the first perturbed ordinal data values.

Abstract: The present solution discloses example methods and systems for verifying block data. One example method includes identifying newly added data to be stored in a blockchain, and selecting a data node in a block to store the newly added data. A string is generated based on the newly added data, and then a verification value for the newly added data is developed from the string using a predetermined algorithm. A new verification value for the block is calculated based on the verification value of the newly added data and the original verification values of the unchanged data nodes in the block. The new verification value for the block can then be used to verify the data stored in the block is consistent with data stored in the rest of the blockchain.