Abstract: According to one example, a system includes a first computing device that determines data for transmittal to a second computing device, and determines transmittal mapping data. The first computing device also breaks the data into one or more portions, and, for each of the one or more portions of the data, the first computing device replaces the respective portion of the data with a transmittal token included in the transmittal mapping data. The first computing device also transmits the transmittal tokens for receipt by the second computing device.

Abstract: Computer-implemented systems and methods are disclosed herein for use within secure multi-party computation. A system and method are used for storing an operation preference and a cryptographic preference. A data set is stored based on the operation preference and the cryptographic preference. A determination is made that processing the query involves performing an allowable operation on the data set based on the operation preference.

Abstract: The described technology provides a single sign-on capability so that a user who is already signed on to a web application from a client application may not be required to sign-on again when he/she later needs access to the web application from the same or another client application. The technology also provides a multiple login prevention capability to detect multiple sign-on events using the same credentials and disable one or more of the associated multiple sessions.

Abstract: Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.

Abstract: A system and a method of obtaining a location of a document on a computer network based on a document property. The method may include: receiving at least one basic marker and an encoding function associated with the document property; generating a search term according to the encoding function, based on the at least one basic marker; providing the search term to at least one search engine and obtaining therefrom one or more search results corresponding, where each search result may include one or more references to locations of documents on the computer network; discovering at least one document having the document property from the one or more search results and obtaining a discovered location of the document on the computer network; and performing at least one rule-based action, according to at least one document property of the discovered document.

Abstract: A system includes processing circuitry; and a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations comprising: accessing input data, at an aggregator node, the input data including sensor data from a plurality of sensor nodes, each sensor data having a respective signature; validating the sensor data by using respective cryptographic hash functions on the sensor data and evaluating the respective result using the respective signature; performing an aggregation function on the sensor data to produce aggregate data; executing a hash function on the aggregate data to produce a hash value for the aggregate data; bundling the sensor data, respective signatures of the sensor data, aggregate data, and hash value for the aggregate data in a data structure; and exposing the data structure to subscriber nodes on the IoT network.

Abstract: A server includes one or more processors, programmed to responsive to receiving, from a mobile device of a user, a hailing request that identifies the user as requesting to schedule a ride, select a vehicle to respond to the hailing request based on a capacity to accept an encryption key of the vehicle, the hailing request including a user profile, generate an encryption key to authenticate the mobile device of the user with the vehicle, send the encryption key to both the vehicle and the mobile device to schedule the ride.

Abstract: A data processing apparatus includes a requester, a completer and a cache. Data is transferred between the requester and the cache and between the cache and the completer. The cache implements a cache eviction policy. The completer determines an eviction cost associated with evicting the data from the cache and notifies the cache of the eviction cost. The cache eviction policy implemented by the cache is based, at least in part, on the cost of evicting the data from the cache. The eviction cost may be determined, for example, based on properties or usage of a memory system of the completer.

Abstract: Techniques are provided for community threat intelligence for operational technology networks. For a plurality of OT networks, at least one monitoring device processes OT network traffic and collects telemetry data, and a telemetry sanitization system applies a sanitization process to the telemetry data to generate sanitized telemetry data that does not include sensitive data. A computer system receives sanitized telemetry data from the telemetry sanitization systems provided for the plurality of OT networks, maintains threat intelligence data generated based on the sanitized telemetry data, and provides access to at least one of the threat intelligence data and the sanitized telemetry data to a plurality of users.

Abstract: The disclosure includes a system and method for multiparty collaboration including creating a first data object associated with first collaboration data, the first collaboration data associated with a first collaborating entity; generating a first object ownership log entry to an object ownership log associated with a collaboration, the first object ownership log entry including first identification information identifying the first data object and a first object owner identifying an owner of the first data object, wherein the first object owner associated with the first data object is the first collaborating entity; generating a first object tracking index entry associated with the first data object; receiving a user request associated with the first data object; and responding to the user request based on one or more of a user whitelist, the object ownership log, and the ownership tracking index.

Abstract: A client-side virtual private network (VPN) chaining architecture can provision multiple sessions for multiple VPN clients that are configured to communicate packet traffic in parallel between an end-user device and one or more destinations. The client-side chaining architecture can capture packet traffic per specific users/apps and process (e.g., drop) or reroute the captured packet traffic for different VPN clients. For example, packet traffic can be rerouted from a main VPN client to a secondary VPN client. As such, there can be multiple VPN clients that are simultaneously chained in various ways to the same end-user device.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with multiple hardware devices of the IHS. The BMC includes executable instructions for transmitting a broadcast message to the hardware devices in which the broadcast message has a block of data including a digital signature of the BMC. Each of the hardware devices that receive the broadcast message are configured to transmit a broadcast acknowledgment message to the BMC. Using the block of data, the BMC and hardware devices may perform a mutual consensus procedure with other using a cryptographic hash function of the block of data.

Abstract: A method for securely terminating a distributed trusted execution environment spanning a plurality of work accelerators. Each accelerator is configured to self-isolate upon determining that the distributed TEE is to be terminated across the system of accelerators. The data is also wiped from the processor memory of each accelerator, such that the data cannot be read out from the processor memory once the accelerator's links are re-enabled. The self-isolation is performed on each accelerator prior to the step of terminating the TEE on that accelerator. An accelerator only re-enables its links to other accelerators once the data is wiped from its processor memory such that the secret data is removed from the accelerator memory.

Abstract: A method for securely terminating a distributed trusted execution environment (TEE) spanning a plurality of work accelerators. After wiping sensitive data from the memory of its accelerator, a root of trust for each accelerator is configured to receive confirmation that the data has been wiped from the processor memory in relevant other accelerators prior to moving on to the next stage at which the TEE on its associated accelerator is terminated. Since the data has been wiped from the other accelerators, even if a third party were to inject malicious code into the accelerator, they would be unable to read out the secret data from the other accelerators since the data has been wiped from those other accelerators. In this way, a mechanism is provided for ensuring that when the distributed TEE is terminated, malicious third parties are unable to read out confidential data from the accelerators.

Abstract: A Secure Fetch feature can be included with any file sharing or transfer service that allows access to files, folders and digital content where the party that is to gain access or possession of the materials (the requestor) desires to utilize an application that facilitates access or transfer of the materials and the party in possession of the materials (the requestee) is not required to log in to an application or even to download or open it.

Abstract: The present disclosure describes secured interprocess communication (IPC). The operating system traps application-level IPC calls to an IPC agent, which handles the IPC call. The IPC agent executes in a trusted execution environment so that communications between the applications involved in the IPC are secure. Since processing of IPC by the IPC agent bypasses the operating system, IPC remains secure despite any attacks against the operating system code.

Abstract: A method including assigning, based establishing a VPN connection with the user device, a first exit IP address to be utilized for retrieving information requested by the user device; determining, during the established VPN connection, a host device that is likely to block communication from the first exit IP address; modifying, based on determining the host device, associated DNS settings to return communication information associated with the VPN server itself when the information is to be retrieved from the host device; receiving, during the established VPN connection, the information retrieved from the host device based on utilizing a second exit IP address associated with a secondary server; and transmitting, during the established VPN connection, the information to the user device in accordance with the modified DNS settings is disclosed. Various other aspects are contemplated.

Abstract: Systems, methods, and computer-readable media for providing a computer associated with a blockchain to utilize DNS-stored blockchain address information concerning associations of domain names to blockchain addresses are presented. Some embodiments include: receiving a domain name; retrieving over the internet a Domain Name System (DNS) resource record for the domain name; extracting blockchain address information associated with the domain name from the DNS resource record, where the blockchain address information is signed by a private key of an asymmetric cryptographic scheme; and initiating a blockchain action based on the blockchain address information.

Abstract: In some implementations, a method includes receiving, by a malware detection system, a request for a certification user interface element for a file to be served in an Internet resource, wherein the file is a file that has previously been classified as not containing malware by the malware detection system, and wherein the certification user interface element certifies that the file has been classified by the malware detection system as not containing malware, determining, based on the request, that the file is available for download from an Internet resource, and storing data that identifies the Internet resource as a location where a malware-free file is available for download.

Abstract: The present disclosure describes a computer-implemented platform for managing electronic instruments and electronic endorser verification information in order to validate endorser identity. A generated link and a verification information request are sent in one or more messages targeted a phone number of a computing device associated with a target party. The verification information request includes a request for imagery of the target party captured by the computing device. An endorsed electronic instrument and electronic verification information is received from the computing device, including received imagery data and a time stamp indicating when the received imagery data was captured. The received imagery data is validated at least according to whether the time stamp is sufficiently recent, and whether the received imagery data sufficiently matches expected imagery data of the requesting party based on performing a facial recognition on the received imagery data and the expected imagery data.