Abstract: A method and a wireless device for exchanging messages with an access point (AP) while the wireless device is in a pre-associated state during which the wireless device is unauthenticated and is not associated with a network. The wireless device receives a beacon from the AP indicating that the AP will protect messages communicated with the wireless device. The wireless device then sends to the AP a message including a request for information from the AP. The wireless device obtains a public key of the AP, and receives an encrypted response to the request and an encrypted symmetric key. The wireless device decrypts the encrypted symmetric key using the public key of the AP to recover a symmetric key that is not encrypted, and decrypts the encrypted response to the request using the decrypted symmetric key to recover a response to the request that is not encrypted.

Abstract: A system for auditing event data includes an interface and a processor. The interface is configured to receive an audit query request and a client key. The processor is configured to determine whether the audit query request is valid; determine whether a chain of events is stored in an audit store, wherein the chain of events is associated with the audit query request; and in response to determining that the chain of events is stored in the audit store, provide data for the audit query request.

Abstract: A system for committing event data includes an interface and a hardware processor. The interface is configured to receive modified input data for desired events. The hardware processor is configured to retrieve the desired events from a desired aggregate; select requested event to modify from the desired aggregate; replace input data of the requested event with the modified input data to create a modified aggregate; replay events of the modified aggregate N to generate a new state of aggregate N; and provide the new state of aggregate N.

Abstract: The present invention relates to a method for verifying vulnerabilities of network device using Common Vulnerabilities and Exposures (“CVE)” entries comprising generating a CVE tree from each of the CVE entry and defining an indexed CVE entry, that identifies vulnerable configuration fields and extracts a set of vulnerable conditions comprising an operator attribute and nested CPE records. The CVE tree is provided with the operator attribute as node and with Common Platform Enumeration (“CPE”) records as leaves from the node, wherein the decoding comprises tokenizing of the decoded string in a sequence of plurality of n-grams having predefined sizes, and wherein the matching comprises a lookup of the sequence of plurality of n-grams into the CVE tree, that raises an alert when the operator attribute corresponds a match between CPE records.

Abstract: A method, implemented by at least one apparatus, for comparing a first dataset and a second dataset, in particular with a view for determining whether these two datasets are identical. The method not requiring the presence of these two datasets in the apparatus, and including the following steps of: a) mixing a number, called the mixer number, with the first dataset, using a mixing function, in order to obtain mixed data, b) hashing the mixed data using a hash function, and c) comparing the hash thus obtained in step b) with a third dataset assumed to be the hash of the second dataset mixed with the same mixer number as that used in step a) and with the same mixing function.

Abstract: In some examples, a computing device creates an event log when an event occurs. If the event log includes a path comprising one or more components, the computing device may determine a hash, using a hash function and a salt, for each of the components and substitute each component in the path with an index to the hash stored in a dictionary. In this way, the computing device replaces each component of the path with an index to a hash in the dictionary to create a modified path. The resulting modified path can be traversed and searched. For example, a search term may be hashed using the hash function and salt, and the dictionary associated with the logs searched for a match. In this way, a particular file name or a particular folder name can be identified in the modified path.

Abstract: In IaaS (Infrastructure as a Service), when it is desirable to delegate the authority to a user outside a system, a recipient of an access token is designated, thereby preventing illegal distribution of the access token. There is provided an access token system including a generator and a verifier. The generator generates, using secret information of a recipient, a recipient-designated access token for which the recipient is designated, and provides the recipient-designated access token to a user. The verifier verifies that the user who makes access using the recipient-designated access token is the designated recipient.

Abstract: An information processing device of one embodiment includes a first memory being volatile, a second memory being non-rewritable and nonvolatile, and a processor. A first program, a second program, and a digital signature for the second program are loaded into the first memory. A third program and a public key are stored in the second memory. Upon satisfaction of a certain condition during execution of the first program, the processor verifies the second program on the basis of the digital signature and the public key, in accordance with the third program. After finding a result of the verification as a pass, the processor analyzes the first program in accordance with the second program. The processor refrains from analyzing the first program after finding the result of the verification as a fail.

Abstract: A device configured to identify a first digital document in a digital document repository, to identify a first graphical code that represents the first digital document, and to send the first graphical code to an approved user device. The device is further configured to obtain a second graphical code that represents a public encryption key for the organization and to extract the public encryption key for an organization from the second graphical code. The device is further configured to obtain a third graphical code from the approved user device. The third graphical code represents a second digital document comprising data and a digital signature that was signed using a private encryption key for the organization. The device is further configured to determine the third graphical code passes validation using the public encryption key for the organization and to store the second digital document in a digital document repository.

Abstract: A node in a plurality of nodes can perform an identity set generation process. The node can then determine a leader node. The node may diffuse an identity set from each node of the plurality of nodes to the plurality of nodes. The node can then determine a majority set including identities occurring in at least one half of the identify sets, wherein the leader node diffuses the majority set of the leader node to the plurality of nodes. The node can verify the majority set of the leader node. The node may then update the identity set based on the majority set of the leader node.

Abstract: A method of determining a confidence level associated with a device using heuristics of trust includes receiving, by an evaluating device, at least a communication from a first remote device, determining, by the evaluating device, an identity of the first remote device as a function of the at least a communication, calculating, by the evaluating device, at least a heuristic of trust as a function of the at least a communication and the identity, assigning, by the evaluating device, a first confidence level to the first remote device as a function of the at least a heuristic of trust, and assigning, by the evaluating device, an access right as a function of the first confidence level.

Abstract: A system and method for sending end-to-end encrypted messages comprising a sender's web browser, a recipient's web browser, and a server. The system and method avoid both the sender and the recipient having to download encryption programs themselves onto their respective computers. In addition, the system and method ensure that unencrypted messages are never disclosed to the server. The system and method operate by first downloading the web browser files, verifying them and then preventing the web browser page from refreshing, thereby preventing malicious code from entering the web browser each time the web browser page would normally be refreshed. The system and method also provide for securely implementing cryptography using client-side scripting in a web browser.

Abstract: The method comprises a client device receiving a verification request comprising an interaction identifier. The client device can compare samplings of block headers received from two or more full nodes. The client device can then, based on the comparing, verify at least one block header of the samplings of block headers. The client device can determine that a blockchain maintained by at least one of the two or more full nodes is valid in response to verifying the at least one block header of the samplings of block headers.

Abstract: Provided is a system for blockchain-based multi-factor security authentication between a mobile terminal and an IoT device, the system including: the IoT device; a user terminal remotely controlling operation of the IoT device; and an authentication server approving control of the IoT device by the user terminal, wherein the authentication server has: a first function of recording information related to a registration hash value in a blockchain; a second function of receiving an authentication hash value generated by the user terminal when approval for control of the IoT device is requested, and determining validity of the authentication hash value by using the information related to the registration hash value recorded in the blockchain; and a third function of approving control of the IoT device by the user terminal when the authentication hash value has validity as a result of the determination.

Abstract: A method comprises receiving a session identifier from a streaming system that identifies a user session with the streaming system. The method further includes receiving a first message from a streaming system that is based on a token that is generated based on a combination of the session identifier and a timestamp at which an insertable content item was presented to the user in a content stream by the streaming system. The first message is decrypted using a plurality of timestamps that are within a range of a current time. An identifier is determined for the insertable content item based on the decrypted message. A second message is transmitted to an enabling system, the message including instructions for execution by the enabling system to execute one or more operations with the identified insertable content item.

Abstract: A method of determining a confidence level associated with a device using heuristics of trust includes receiving, by an evaluating device, at least a communication from a first remote device, determining, by the evaluating device, an identity of the first remote device as a function of the at least a communication, calculating, by the evaluating device, at least a heuristic of trust as a function of the at least a communication and the identity, assigning, by the evaluating device, a first confidence level to the first remote device as a function of the at least a heuristic of trust, and assigning, by the evaluating device, an access right as a function of the first confidence level.

Abstract: An example operation may include one or more of releasing, by a subscription service node, at least one blockchain transaction to a plurality of subscribing blockchain nodes requiring direct entitlement access, executing, by the subscription service node, a smart contract to calculate secondary entitlements triggered by the at least one blockchain transaction, determining, by the subscription service node, portions of second entitlement data sets allowed to be accessed by a subset of the plurality of the subscribing blockchain nodes, and sending verification data to the plurality of the subscribing blockchain nodes for verification of the second entitlement data sets.

Abstract: Systems and methods for data security using a blockchain ledger. The system receives request associated with a product from a user. The system further obtains data associated with the product upon receiving the request. Further, the system analyses the data to using predefined parameters identify valid data and invalid data. Upon identification, the system uploads the valid data in the blockchain ledger. Further, the valid data may be displayed to the user through a channel, associated with the user, in the blockchain ledger, thereby providing the data security.

Abstract: A methodology for requesting at least one signed security measurement from at least one module is provided. The methodology includes receiving the at least one signed security measurement from the at least one module; validating the at least one signed security measurement; generating a signed dossier including all validated signed security measurements in a secure enclave, the signed dossier being used by an external network device for remote attestation of the device.

Abstract: Aspects of the invention include providing a clear key with an attribute that controls usage of the clear key. The clear key includes key data in at least a first 8-byte section and second and third 8-byte sections and a wrapping key for wrapping the clear key. The computer-implemented method further includes chaining the first, second and third 8-byte sections together with zeroes for those 8-byte sections that are unpopulated into chained key data, deriving encryption and authentication keys from the wrapping key, calculating an authentication code over the clear key and the attribute using the authentication key, executing encryption over the chained key data using the encryption key to generated encrypted chained key data and adding the authentication code, the attribute and the encrypted chained key data to form a key block.