Abstract: A client computer may split a process into sub-processes, send each sub-processes to a different group of peers in a blockchain network, wherein each group has at least one peer from each essential organization in the blockchain network, receive processed sub-transactions from the peers in the blockchain network, validate each sub-transaction, and validate the transaction based on the validation of all sub-transactions, wherein all sub-transaction must be valid for the transaction to be valid.

Abstract: An apparatus and method for joining an Internet of Things (IoT) network are provided, the apparatus including a communicator configured to receive, from an electronic device, an encrypted auto-onboard configuration data associated with the IoT network, a sensor configured to detect a user command, and at least one processor configured to generate a decryption key based on features extracted from the user command, decrypt the encrypted auto-onboard configuration data using the decryption key, and join the IoT network.

Abstract: Methods, systems, and devices for communications are described. A device or a group of devices may generate data. The group of devices may receive a group profile from a node that identifies the devices to be included, and the group profile may include a function to be evaluated at each of the devices. The node may also provision evaluation parameters which may allow the device to provide authenticated aggregate data to a requesting third party, without sharing the data between the devices, thus concurrently maintaining individual data privacy and data provenance.

Abstract: A computing system may generate and/or use a behavior photographic identification (“behavior photo ID”) that is based, at least in part, on anonymized parameters related to the behavior of a person. The behavior can include a history of phone calls, texts, or internet browsing. The behavior photo ID, which may be used to uniquely identify the person, may digitally modify a digital photo to encode behaviors or activities of the person. In some implementations, the behavior photo ID may be modified periodically, or from time to time, to produce an updated behavior photo ID that reflects new external events as well as relatively recent behaviors or activities of the person.

Abstract: The claimed group of technical solutions relates to the field of controlling electronic devices with the aid of a graphical user interface, in particular to a method and a system for activating an interface with the aid of a specified type of user input. The technical result of the claimed solution consists in providing the option of activating a graphical user interface with the aid of a user input path from two different corner areas of a display. The claimed method is implemented by creating a pattern of gesture activation of an application, comprising an input path using corner regions of a screen.

Abstract: A set of distance measurable encrypted feature vectors can be derived from any biometric data and/or physical or logical user behavioral data, and then using an associated deep neural network (“DNN”) on the output (i.e., biometric feature vector and/or behavioral feature vectors, etc.) an authentication system can determine matches or execute searches on encrypted data. Behavioral or biometric encrypted feature vectors can be stored and/or used in conjunction with respective classifications, or in subsequent comparisons without fear of compromising the original data. In various embodiments, the original behavioral and/or biometric data is discarded responsive to generating the encrypted vectors. In another embodiment, distance measurable or homomorphic encryption enables computations and comparisons on cypher-text without decryption of the encrypted feature vectors. Security of such privacy enabled embeddings can be increased by implementing an assurance factor (e.g.

Abstract: An example operation may include one or more of generating, by a first blockchain client, a transaction to a blockchain network to transfer a document, transferring over a private channel, by a second blockchain client, a first key to the first blockchain client, the private channel providing a point-to-point connection between the first and second blockchain clients, encrypting the document using a shared key, transferring, by the first blockchain client, the encrypted document over the private channel, generating, by the second blockchain client, a transaction to acknowledge receipt of the encrypted document, and transferring the shared key encrypted with the first key.

Abstract: Described embodiments provide systems and methods for establishing an end-to-end cryptographic context. A service node may be located intermediary between a client and server which provides a service to the client. At least one network device may be located intermediary between the service node and the server. The service node may obtain information for validating the service. The service node may establish an end-to-end cryptographic context between the service node and server through the network device(s). A first network device of the network device(s) may share a cryptographic context with the service node, which existed prior to establishment of the end-to-end cryptographic context. The service node may transmit a message to the network device encrypted using the first cryptographic context. The encrypted message may inform the first network device to pass through traffic that is encrypted using the end-to-end cryptographic context.

Abstract: According to one embodiment, a broadcast request is received from a host that hosts an application that initiated a broadcast message to be broadcast to one or more DP accelerators of a plurality of DP accelerators coupled to the host, where the broadcast request includes one or more DP accelerator identifiers (IDs) identifying the one or more DP accelerators. A broadcast session key for a broadcast communication session to broadcast the broadcast message is received from the host. For each of the one or more DP accelerator IDs, a public key of a security key pair corresponding to the DP accelerator ID is identified. The broadcast message is encrypted using the broadcast session key. The broadcast session key is encrypted using the public key. The encrypted broadcast message and the encrypted broadcast session key are transmitted to a DP accelerator identified by the DP accelerator ID.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: An operation method of a security device which includes a plurality of physical unclonable function (PUF) cells includes selecting a target PUF cell of the plurality of PUF cells, selecting at least two reference PUF cells of the plurality of PUF cells based on a sorted list, reading a plurality of sensing data from the target PUF cell and the at least two reference PUF cells, and determining a target bit corresponding to the target PUF cell based on the plurality of sensing data to output the determined target bit.

Abstract: A set of distance measurable encrypted feature vectors can be derived from any biometric data and/or physical or logical user behavioral data, and then using an associated deep neural network (“DNN”) on the output (i.e., biometric feature vector and/or behavioral feature vectors, etc.) an authentication system can determine matches or execute searches on encrypted data. Behavioral or biometric encrypted feature vectors can be stored and/or used in conjunction with respective classifications, or in subsequent comparisons without fear of compromising the original data. In various embodiments, the original behavioral and/or biometric data is discarded responsive to generating the encrypted vectors. In another embodiment, distance measurable or homomorphic encryption enables computations and comparisons on cypher-text without decryption of the encrypted feature vectors. Security of such privacy enabled embeddings can be increased by implementing an assurance factor (e.g.

Abstract: A system for anonymizing motor vehicle position information includes a global positioning system (GPS) module disposed within a host vehicle, a control module disposed within the host vehicle and in electronic communication with the GPS module. The control module executes a control logic for collecting real-time host vehicle telemetry data packets from the GPS module, and a control logic for continuously wirelessly communicating the real-time host vehicle telemetry data packets.

Abstract: Methods, systems, and computer-readable media for processing policy variance requests in an enterprise computing environment are presented. A computing platform may receive, from a first endpoint computing device, a request for a first policy variance. In response to receiving the request, the computing platform may authenticate the first endpoint computing device based on enrollment information and may validate contents of the request. Subsequently, the computing platform may generate a policy variance result message based on approval or rejection of the request for the first policy variance. Then, the computing platform may send, to the first endpoint computing device, the policy variance result message. By sending the policy variance result message to the first endpoint computing device, the computing platform may cause the first endpoint computing device to execute a policy action corresponding to the approval or rejection of the request for the first policy variance.

Abstract: Executing an application within a scope of user-granted permission in a decentralized network that implements a distributed edger. First, receiving a request from an entity for using data stored in a data storage that is associated with a DID owner as one or more inputs of an application associated with the entity to generate one or more results. Next, one or more characteristics of the application associated with the entity is identified. Based on identified one or more characteristics, a scope of permission to access the requested data that is to be granted to the entity is determined. Then, the scope of permission is granted to the entity to use the data as the one or more inputs of the application associated with the entity. Finally, the one or more results from the application is received.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: Disclosed are embodiments for information barriers that are conditional on the type of information being communicated. Information barrier polices provided by the disclosed embodiments selectively allow communication between accounts or groups based on characteristics of the content of the communication. For example, communication between a marketing department and an engineering department may be conditional on the communication not including any sensitive information. The determination of whether the communication includes sensitive information is further designed to provide good performance even in environments that maintain substantial portions of data in an offsite or cloud environment, where latencies associated with searching large datastores can be prohibitive.

Abstract: There is provided a method and system for an advanced endpoint protection. With this methodology, when a file is requested to be executed on any endpoint, all intelligence sources would be checked to decide if that file has any known or potential vulnerability associated with it. If there is any information about any known or potential vulnerability, it would be launched inside the secure container to isolate the all resource usage of that application from the rest of the known good and secure applications in order to achieve the secure computing environment on an endpoint.

Abstract: A method for accessing a web-based repository service from a cloud platform is provided. The method may include receiving, at a gateway controller, a first request from an endpoint to access the web-based repository service. Upon successfully verifying the first request, a redirect request to a reverse proxy at the gateway controller may be returned to the endpoint. The redirect request may include a cryptographic signature and the first request. The reverse proxy may respond to the redirect request from the endpoint by accessing, on behalf of the endpoint, the web-based repository service to store and/or retrieve data. The web-based repository service may be accessed by sending, to the web-based repository service, an encrypted second request corresponding to the first request. Related systems and articles of manufacture, including computer program products, are also provided.