Abstract: An example operation may include one or more of receiving a data file submitted by a node, the data file comprising information about an event-driven process for a chain of nodes, retrieving an entitlement mode of the data file from a data block that is stored among a hash-linked chain of data blocks on a distributed ledger, determining access rights of the data file with respect to another node in the chain of nodes based on the retrieved entitlement mode of the data file, and transmitting information about the event-driven process to the other node based on the determined access rights of the other node.

Abstract: A system and method for securing an application through an application-aware runtime agent can include: acquiring a code profile, instrumenting the application with a runtime agent according to the code profile, enforcing the runtime agent on the execution of the application, and responding to the runtime agent. Enforcing the runtime agent on the execution of the application can include monitoring the execution flow, which comprises of monitoring the utilization of the controls through the execution of the application; detecting a threat, which comprises identifying a section of the execution flow as a potential security threat; and regulating the execution flow to prevent or ameliorate the security threat. Responding to the runtime agent can include responding to the security threat and providing a user interface that may output runtime agent diagnostics and trigger alerts.

Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.

Abstract: A method for data filtering that identifies a topic of interest for a user and individual sub-topics within the topic the user could be, or is, interested in. A three-dimensional map depicting a topic of interest containing markers for the sub-topics is created and used to specify a level of detail about the user's interest in the sub-topics that can be shared to or used by an external source.

Abstract: A method for controlling an electronic device that is in communication with the server includes: in response to a lost mode activation signal from the server, controlling the electronic device to switch to a lost mode in which the electronic device is controlled to output a message that includes contact information of an owner of the electronic device, and an offer of a monetary compensation associated with recovery of the electronic device by the owner; and in response to determination that an unlock condition has been met, controlling the electronic device to switch to a normal mode.

Abstract: A compliance check system to provide compliance validation for a user system is described. The compliance check system includes a compliance checker plug-in on a device used to access a secured resource. The compliance checker plug-in receives a request for compliance validation prior to providing access to a secured resource, and triggers one or more compliance checkers. In one embodiment, the compliance checker is a device encryption compliance checker configured to determine whether a device drive is encrypted. In one embodiment, the compliance checker is a password compliance checker configured to determine whether passwords in the user system comply with password compliance requirements. The compliance checker plug-in further to verify the compliance status of the device, based on data from the compliance checkers.

Abstract: The present disclosure provides a PUF circuit including a first array including at least one physically unclonable function (PUF) cell, a second array including at least one PUF cell, and a controller which selects a first PUF cell from the first array and selects a second PUF cell from the second array and generates unique information represented by the first PUF cell and the second PUF cell based on a first output voltage output by the first PUF cell and a second output voltage output by the second PUF cell.

Abstract: A system for blockchain-based authentication comprises an interface and a processor configured to (i) receive, by a first device, a command from a second device, where the first device is associated with a first trust certificate, (ii) receive a second trust certificate from the second device, (iii) communicate a cryptographic challenge using a public key of the second device to the second device, (iv) receive a response to the cryptographic challenge from the second device, (v) check whether the response matches with a predetermined correct response or not, and (vi) authenticate the second device and execute the commend received from the second device only if the response matches with the predetermined correct response.

Abstract: Mobile devices executing applications may be tested for networking issues by utilizing a test network having proxy access devices placed at different physical locations. Devices may be stored in a secure enclosure that includes a host device. The enclosure includes access controls to prevent unauthorized removal of devices or access to stored data. If an unauthorized access, disconnection from the host device, or disconnection of a device from a power source is detected, devices may be placed into a locked state or data on the devices may be deleted. The enclosure may also include a control device for testing the exchange of Bluetooth data by the devices. The enclosure may also include conductive members placed on the touch sensors of devices for providing simulated touch input to the touch sensors by changing the capacitance of adjacent regions of the touch sensors.

Abstract: A global prediction manager for generating predictions using data from data zones includes storage for storing a model repository comprising a global model set and a prediction manager. The prediction manager obtains a local model set from a data zone of the data zones indicating that the global model set is unacceptable; makes a determination that the local model set is acceptable; in response to the determination: distributes the local model set to at least one second data zone of the data zones; obtains compressed telemetry data, that was compressed using the local model set, from the data zone and the at least one second data zone; and generates a global prediction regarding a future operating condition of the data zones using: the compressed local telemetry data and the local model set.

Abstract: A hardware device, inserted in a universal serial bus port of a computing device, is detected. A counter is set to an initial value of one. In response to determining that one or more device descriptors associated with the hardware device are not received by the computing device within a predetermined time period, the hardware device is prevented from discharging a high-voltage charge into the computing device by inhibiting the hardware device from storing the high-voltage charge in a capacitor of the hardware device.

Abstract: A device, system and method for securely executing recursive computations over encrypted data in a homomorphically encrypted (HE) space. For a recursive algorithm with sequentially dependent recursive iterations, executing the recursive algorithm in parallel by computing multiple recursive iterations simultaneously over multiple parallel execution iterations and not in sequential order. Each parallel execution iteration may compute a partial HE solution of multiple sequential recursive iterations comprising a known HE part and leaves empty a placeholder call slot for an unknown HE part. Placeholder call slots remain empty and are filled at delayed times at a later parallel execution iteration from when the known part of the same HE computation is computed. A final HE solution is computed in fewer multiple parallel execution iterations than the number of sequential recursive iterations, thereby accelerating the recursive algorithm in HE space.

Abstract: A device for authenticating a user is described. This device comprises transceiver circuitry configured to receive motion information from a plurality of wearable devices located on a user's body indicative of the motion of the user's body at the location of the respective wearable device at a particular time; and 5 controller circuitry configured to: compare the received motion information and the location of the respective wearable device and authenticate the user in the event of a positive comparison between the received motion information and the location of the respective wearable device with stored motion information and the location of the respective wearable device.

Abstract: Systems and methods for authenticating presumptively incompatible elements in a digital network are provided. A method may include receiving an access request from a client node in the network. The access request may be requesting access to an application in the network. The access request may be associated with a uniform resource identifier (“authURI”). The method may include extracting a target application from the URI. The method may include determining an authentication protocol that is supported by the target application. The method may include generating, based on the authentication protocol, a series of one or more authentication tests that, in combination, satisfy the authentication protocol. The authentication tests may satisfy the authentication protocol even when the client node natively supports a different authentication protocol. The method may include executing the series of authentication tests to authenticate the client node vis-à-vis the target application.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer-storage media, for enforcing policies for computing devices. In some implementations, content for presentation by an electronic device is received. Context data indicating a current context of the electronic device is obtained. Policy data indicating a policy corresponding to at least one of the electronic device, a user of the electronic device, the content for presentation, or data associated with the content is accessed. The policy indicates one or more context-dependent limitations on presentation of the content by the electronic device. Presentation of the content by the electronic device is managed based on a set of actions the policy permits for the current context.

Abstract: A method for encrypting database files includes generating a mapping for a plurality of encrypted files. A first encrypted file of the plurality of encrypted files is encrypted with a first encryption key. The method includes generating a second encrypted file by re-encrypting, for a period of time, data in the first encrypted file using a second encryption key. The first encrypted file remains accessible to one or more queries during the period of time. The method includes updating the mapping to associate the second encrypted file with the first encrypted file. The mapping is updated after the second encrypted file has been generated. The method includes preventing a query from accessing the first encrypted file after the second encrypted file has been generated.

Abstract: Disclosed herein an artificial intelligence (AI) apparatus for controlling authority to use an external device based on user identification using image recognition including a memory configured to store information on a user registered in the AI apparatus and authority information indicating whether a user is capable of use at least one external device under a predetermined condition, a communicator configured to receive a first image file obtained by photographing an environment including the at least one external device, a learning processor configured to provide the first image file to an image recognition model for specifying a face of a person included in an image file and an external device to be used by the person to specify first face information of a person included in the first image file and information on a first external device to be used by the person in the first image file, and a processor configured to control use of the first external device by the first user based on the authority, by acqui

Abstract: A system and a method of emulating a second cloud computing environment on a first cloud computing environment are disclosed herein. The first cloud computing environment includes an innovation platform having a private domain name system. The private domain name system is split between a customer subnet and a private subnet. The customer subnet is limited to communications with only the private subnet. The customer subnet executes an application thereon. The application is targeted for use on the second cloud computing environment.

Abstract: Method and Systems for configuring, monitoring, updating and validating Internet of Things (IoT) software code and configuration using blockchain smart contract technology. The use of smart contracts for delivering software code and or configuration scripts to IoT devices is an enhanced cybersecurity solution meant to ensure the security and integrity of IoT devices. The use of smart contracts is also shown how it can be used for verifying the integrity of the IoT devices software code and or configuration is a proactive method of cybersecurity. The proactive cybersecurity method will prevent man in the middle attacks as well as preventing rogue devices from impacting other IoT devices or networks.

Abstract: Processing circuitry may support a secure domain and a less secure domain, where secure information associated with a secure software process is prevented from being accessed by a less secure software process in the less secure domain. Shared resource is accessible to both secure and less secure software processes. In response to detection of an anomaly condition, allocation policy for the shared resource is switched from a shared allocation policy to a secure-biased allocation policy. The secure-biased allocation policy has a stronger bias of resource allocation to secure software processes than the shared allocation policy.