Abstract: Implementations of the present specification provide a computer-implemented method, computer-implemented system, and non-transitory, computer-readable medium. The computer-implemented method includes sending a token acquisition request by a blockchain client to a blockchain node. A commit token fed back from the blockchain node is received by the blockchain client, where the commit token indicates that the blockchain client has permission to submit transaction data to a specific data block in a blockchain. Transaction data is sent by the blockchain client to the blockchain node.

Abstract: A cryptographic system includes a host device and a cryptographic device. For encryption, the host includes an application that is configured to enable a user to compose an unencrypted message on a user interface and transmit the unencrypted message. The cryptographic device is configured to receive the unencrypted message, encrypt the unencrypted message with RCPs on a non-volatile storage to create an encrypted message, and send the encrypted message to the host, which then transmits the encrypted message through a communication channel. For decryption, the host receives an encrypted message through the communication channel and sends it to the cryptographic device. The cryptographic device decrypts the encrypted message with the RCPs and sends the decrypted message back to the host, which presents the decrypted message on a display. The cryptographic device may be configured to destroy RCPs that have been used up.

Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

Abstract: One embodiment can provide a system for authenticating an object. During operation, the system configures an environment surrounding the object according to one or more target environmental factors, captures at least a first image of the object while the object is exposed to the target environmental factors, and determines Fan authenticity of the object based on the captured first image and the target environmental factors.

Abstract: In one embodiment, a method includes receiving, by an authentication server, first credentials from a mobile application installed on a device. The first credentials include information associated with the device and information associated with a user of the device. The method also includes automatically receiving, by the authentication server and from the device, a request to connect the device to a network of a third party. The request is automatically generated by the device without interaction from the user of the device and the request comprises second credentials. The method further includes determining, by the authentication server, whether to authenticate the device using the first credentials and the second credentials and communicating, by the authentication server, a packet to the device that allows the device to connect to the network of the third party if the authentication server determines to authenticate the device.

Abstract: An apparatus includes at least one linear feedback shift register and at least one processing device comprising a processor coupled to a memory. The at least one processing device is configured to obtain a given value from the at least one linear feedback shift register, the given value comprising a set of bits representing a current state of the linear feedback shift register. The at least one processing device is also configured to generate authentication information by applying the given value obtained from the at least one linear feedback shift register as input to a pseudorandom function, and to provide the generated authentication information to a validating application.

Abstract: Technologies for a distributed Internet of Things (IoT) system including a plurality of IoT devices are disclosed. An example IoT device includes an input device to receive an input from a user and a processor to determine if a pattern is recognized in the input. The example IoT device also includes a communication circuit to: in response to a determination that a pattern is not recognized in the input, communicate a first message indicative of the input over a universal bus; and in response to a determination that a pattern is recognized in the input, communicate a second message indicative of the input directly to another IoT device without using the universal bus.

Abstract: In general, embodiments relate to methods and systems for signing a software image (SWI), distributing the signed SWI to one or more network devices, and verifying, on a per-network device basis, the signed SWI.

Abstract: A request to perform an operation with a cryptographic item may be received. A request for approval to perform the requested operation with the cryptographic item may be transmitted to a set of entities based on a policy associated with the cryptographic item. Indications of approval to perform the requested operation may be received from corresponding entities of the set of entities. A determination as to whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number may be made. In response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, the requested operation may be performed with the cryptographic item.

Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

Abstract: A technique allows a smart meter to receive a mask. The smart meter may receive the mask from a utility company or an escrow service. The smart meter may apply the mask to original metered data on a continuous schedule, on a periodic schedule, or on a determined schedule, or on a randomized schedule to conceal the original metered data. The smart meter may apply different masks at different times. The smart meter transmits the concealed metered data as augmented metered data remotely to an electric utility via a communication network.

Abstract: A document anonymization system transforms structured documents, such as security policies, that contain user-specific and other sensitive data, producing encoded logic problems in the format or language of one or more constraint solvers; the logic problems do not contain any of the sensitive data. The system may perform a one- or two-stage anonymization process: in a first stage, the electronic document is analyzed according to its document type to identify parameters likely to contain sensitive data, and the associated values are replaced with arbitrary values; in a second stage, after the anonymized electronic document is converted into logic formulae representing the data, the system performs replacements of string constants in the logic formulae with arbitrary strings to further anonymize the sensitive data.

Abstract: Approaches presented herein enable challenge-response authentication of a user based on information captured by devices associated with the user. Specifically, in one approach, a plurality of devices associated with the user that each dynamically track and store on-device data points over a period of time are identified. A request initiated by a party claiming to be the user is received to authenticate the party as the user. An authentication question is generated in a natural language, the answer to which is a data point selected from data points on at least one device of the plurality, wherein the selected data point is discoverable by viewing data points on the at least one device. The requesting party is prompted to find the data point by presenting the authentication question to the requesting party. In the case that the requesting party returns the answer, the requesting party is authenticated as the user.

Abstract: For securing a blockchain access through a gateway (GAT) on behalf of a communication device (CD) in a wireless telecommunication network (TN), an apparatus (AM) operating with the gateway: receives a request (Req) sent from a communication device (CD) through the gateway (GAT), the request containing an identifier (IdCD) of the communication device, an identifier (IdR) of the request and a key (K), checks a distributed blockchain that includes information regarding the communication device and that is stored in a first blockchain network (BN1) and retrieving a value (V) corresponding to the key (K), creates a smart contract based on the key (K), the value (V), a timestamp (T), the identifier (IdCD) of the communication device, and the identifier (IdR) of the request, the smart contract being defined to confirm the validity of value (V) corresponding to the key (K) in the first blockchain network (BN1), appends the smart contract to a second blockchain network (BN2), the smart contract having to be execute

Abstract: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.

Abstract: A computer program is evaluated for security vulnerabilities by formulating a query in a query language and receiving into a memory of a computer source code of the computer program to be analyzed, preparing a data flow graph from the source code, and determining that the query is satisfied by an analysis of the data flow graph. Alternatively, the computer program is evaluated by collecting runtime events during an execution of binary code and determining that the query is satisfied by an analysis of the runtime events. In either case a security vulnerability is reported.

Abstract: A system and method for crowd-sourced refinement of natural phenomenon for risk management and contract validation, comprising at least a heterogeneous mixture of sensors and data-gathering techniques, a sensor fusion suite, and a business operating system, which ingests, transforms if necessary, and analyzes received data and develops and applies models of prediction of consequences of the sensor data and future events based on such data for purposes such as insurance liability and risk assessment, emergency services planning, and financial market predictions, and comparing historical models and data with current data and models to attempt to refine and utilize a more precise predictive model for these purposes.

Abstract: The present invention extends to methods, systems, for malware end-point prevention to refrain malware components from being executed, by detecting execution of sequence of programmed instructions within a computer-based environment; subsequently, automatically suspending all execution of the sequence of the programmed instructions within the computer-based environment; injecting a new remote thread into the sequence of the programmed instructions; and executing the injected remote thread as an isolated particle while the execution of the sequence of the programmed instructions within the computer-based environment is still suspended, wherein the injected remote thread is configured to intercept function calls of application program interface (API) within the programmed instructions and dynamically modify the executable.

Abstract: A computing anomaly detection technique includes identifying a plurality of compute resources that are susceptible to compute resource anomalies. A group of similar compute resources from the plurality of compute resources may be determined. A difference in one or more of a plurality of attributes of the compute resources of the group may be determined. An anomaly detection notification, containing a compute resource anomaly, may be output.