Abstract: A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. Each tenant of the software defined data center has a corresponding set of sections in the firewall configuration. The method allows each tenant to independently access and update/manage its own corresponding set of sections. Multiple tenants or users are allowed to make changes to the firewall configuration simultaneously.

Abstract: A video stream from a user device that is destined for a recipient device is received at a core network of a wireless carrier network. The video stream has a video quality that at least meets a quality threshold for behavioral biometric analysis. A determination of whether a video privacy policy for the user device permits transmission of the video stream of the video quality to the recipient device is made. In response to the video privacy policy not permitting the transmission of the video stream of the video quality, the video quality of the video stream is downgraded to generate a downgraded video stream that prevents behavioral biometric analysis for transmission to the recipient device. However, in response to the video privacy policy permitting the transmission of the video stream of the video quality, the video stream of the video quality is transmitted to the recipient device.

Abstract: A computer-implemented method includes retrieving, by a bridge device communicatively linked to a blockchain network node of a blockchain network, a first set of blockchain blocks from the blockchain network node using a first set of threads of the bridge device; storing, by the bridge device, the first set of blockchain blocks in the bridge device; and verifying, by the bridge device, a second set of blockchain blocks that are stored in the bridge device using a second set of threads of the bridge device; and wherein retrieving the first set of blockchain blocks and verifying the second set of blockchain blocks are performed asynchronously using the first set of threads and the second set of threads.

Abstract: Techniques are described for providing users with access to perform commands on network-accessible computing resources. In some situations, permissions are established for user(s) to execute command(s) on computing node(s) provided by an online service, such as by maintaining various permission information externally to those provided computing nodes for use in controlling users' ability to access, use, and/or modify the provided computing nodes. An interface component may use such external permissions information to determine if a particular user is authorized to execute one or more particular commands on one or more particular computing nodes, and to initiate simultaneous and independent execution of the command(s) on the computing node(s) when authorized. The interface component may further aggregate results from each computing node that executed the command(s), prior to providing the results to the user.

Abstract: This invention relates to an anti-tamper assembly for a circuit board comprising one or more electronic components, the assembly comprising: a container having side walls, a first, closed end and a second, opposing, open end, the container being configured to be mounted on said circuit board at said open end, over at least one of said electrical components, to form, in use, a sealed cavity around said at least one of said electrical components; a source of radioactive particles mounted within said container; an image sensor for capturing image frames within said sealed cavity, in use, wherein said image sensor comprises a detector region defining an array of pixels; and a processor for receiving said captured image frames, monitoring said image frames for changes in the statistical distribution of active pixels and, in the event that statistical distribution of active pixels indicates the presence of a feature in an image frame, generating a tamper alert.

Abstract: Certain aspects of the present disclosure provide techniques for performing computations on encrypted data. One example method generally includes obtaining, at a computing device, encrypted data, wherein the encrypted data is encrypted using fully homomorphic encryption and performing at least one computation on the encrypted data while the encrypted data remains encrypted. The method further includes identifying a clear data operation to perform on the encrypted data and transmitting, from the computing device to a server, a request to perform the clear data operation on the encrypted data, wherein the request includes the encrypted data. The method further includes receiving, at the computing device in response to the request, encrypted output from the server, wherein the encrypted output is of the same size and the same format for all encrypted data transmitted to the server.

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.

Abstract: A risk management system deploys an anomaly detection method for a target data instance without explicitly storing data processing architectures in memory. The anomaly detection method determines whether the target data instance is an anomaly with respect to a reference set of data instances. In one embodiment, the anomaly detection method mimics traversal through one or more trees in an isolation forest without explicitly constructing or storing the trees of the isolation forest in memory. This allows the risk management system to avoid unnecessary storage and retrieval of parts of each tree that would not be traversed if the tree were constructed. Moreover, the anomaly detection method allows anomaly detection to be efficiently performed within memory-constrained systems.

Abstract: A machine-implemented method for controlling a configuration data item in a storage-equipped device having at least two security domains, comprising receiving, by one of the security domains, a configuration data item; storing the configuration data item; providing a security indication for the configuration data item; and when an event indicates untrustworthiness of the data item, invalidating a configuration effect of the stored configuration data item. Further provided is a machine-implemented method for controlling a storage-equipped device as a node in a network of devices, comprising receiving information that a data source or type of a configuration data item is untrusted; analysing metadata for the data source and the configuration data item; populating a knowledge base with analysed metadata; and responsive to the analysed metadata, transmitting security information to the network of devices. A corresponding device and computer program product are also described.

Abstract: The present disclosure involves systems, software, and computer implemented methods for a verifiable communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations, different blinding values, and use of random secret-shares. A protocol step includes homomorphic operations to shuffle encrypted secret input values so that resulting encrypted secret input values are rerandomized and in a shuffled sequence that is unmapped to an order of receipt by the service provider of the encrypted secret input values.

Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.

Abstract: Novel tools and techniques are provided for implementing signal encryption or signal authentication. In various embodiments, a second computing system might pack, using a packing function, two or more elements of a second vector associated with a third entity to generate a packed second vector; might individually encrypt, using a generated public key received from a first computing system, each element of the packed second vector to generate an encrypted packed second vector; might pack two or more elements of an encrypted first vector from the first computing system to generate a packed encrypted first vector; might combine the encrypted packed second vector with the packed encrypted first vector to generate a combined packed encrypted vector; and might send the combined packed encrypted vector to the first computing system for generating a similarity score that is indicative of differences between the second vector and the first vector.

Abstract: A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices for use in a tap and walk store are provided. In an example embodiment, the transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key. Disclosed systems allow a user to purchase items utilizing the disclosed transmitting device.

Abstract: Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

Abstract: A system for blockchain-based authentication comprises an interface and a processor configured to (i) receive, by a first device, a command from a second device, where the first device is associated with a first trust certificate, (ii) receive a second trust certificate from the second device, (iii) communicate a cryptographic challenge using a public key of the second device to the second device, (iv) receive a response to the cryptographic challenge from the second device, (v) check whether the response matches with a predetermined correct response or not, and (vi) authenticate the second device and execute the commend received from the second device only if the response matches with the predetermined correct response.

Abstract: Disclosed are a method and system for constructing a virtual space. The method of constructing a virtual space may include obtaining world information for generating a space of a virtual world, determining a location of an agent in the space of the virtual world, selecting a digital object capable of being displayed to the agent in the space of the virtual world based on the world information and the location of the agent, determining whether a display area of the selected digital object is present, and determining whether to display content through the display area based on a contract preset with respect to the display area.

Abstract: Systems and methods for active state synchronization between distributed ledger technology (DLT) platforms are provided. A system may store an origin blockchain compliant with an origin DLT. The system may further store a target blockchain compliant with a target DLT. The target DLT may be different from the origin DLT. The system may include a DLT object synchronizer with access to the origin blockchain and the target blockchain. The DLT object synchronizer may receive, from an exchange node, a request to synchronize an origin instance of a DLT object between the origin blockchain and the target blockchain. The DLT object synchronizer may select a target instance of the DLT object on the target blockchain. The DLT object synchronizer may format origin data from the origin instance for compliance with the target DLT. The DLT object synchronizer may synchronize the origin instance and the target instance.

Abstract: A method for controlling access to a chip includes obtaining first values of a first physically unclonable function of the chip, obtaining second values that correspond to at least one challenge word, performing a simulation based on the first values and the second values, and generating an authentication result for the chip based on results of the simulation. The simulation may generate responses to logical operations corresponding to combinatorial logic in the chip, and the logical operations may be performed based on a predetermined sequence of the first values and the second values. The chip may be authenticated based on a match between the responses generated by the simulation and a second physically unclonable function of the chip.

Abstract: Systems and methods for providing a remote access to a service in a client-server remote access system. The method includes selecting, by a scheduler, an application server hosting the service, the selecting being performed in accordance with a utilization of resources in the client-server remote access system. A session Uniform Resource Locator (URL) is created that includes a URL payload that uniquely identifies the service and being used to establish the remote access to the service by a client. The system may include a proxy server accessible at a resource URL. The proxy server receives a request from a client to connect to the service. An authentication component authenticates the request in accordance with a payload of the resource URL. A service manager establishes the session between the client and the service connected at the session URL.