Abstract: In an embodiment, a computer implemented method comprises accessing, from a first data repository, identity information associated with one or more protected computing devices; creating mapped identity information by encrypting and mapping the identity information according to a different identity data format that is compatible with the one or more protected computing devices; updating stored blockchain data using the mapped identity information; storing the mapped identity information from the blockchain data in a second data repository; generating decrypted identity information from the mapped identity information stored in the second data repository; and performing one or more authentication services for a client device on behalf of the one or more protected computing devices by using the mapped identity information in the second data repository; wherein the method is performed by one or more computing devices.

Abstract: Methods and apparatus for a Secure Time Communication System (10) are disclosed. One embodiment of the invention provides secure and non-interactive communication of clock information over an unsecured communications channel. This communication provides perfect forward secrecy, while detecting and blocking message spoofing, message replay, denial of service and cryptographic performance attacks. This mechanism also bounds the effect of message delay manipulation. The mechanism consists of two components, a filtered time encryptor (16) and a filtered time decryptor (28). The filtered time encryptor (16) produces a message in two parts; a time token followed by an encrypted message body. The time token is used as a filter to detect most attacks and to determine the message key.

Abstract: A computer-implemented method includes: receiving, by a platform including one or more computing devices, a blockchain authorization information generation request from a client, in which the blockchain authorization information generation request includes a target blockchain identifier and user information; determining, based on the target blockchain identifier, a target blockchain; determining a blockchain parameter of the target blockchain, in which the blockchain parameter indicates one or more requirements for authorization information used to join the target blockchain; generating blockchain authorization information based on the blockchain parameter and the user information, in which the blockchain authorization information conforms to the one or more requirements; and sending the blockchain authorization information to the client.

Abstract: A processing system includes a processing core and a hardware accelerator communicatively coupled to the processing core. The hardware accelerator includes a random number generator to generate a byte order indicator. The hardware accelerator also includes a first switching module communicatively coupled to the random value indicator generator. The switching module receives an byte sequence in an encryption round of the cryptographic operation and feeds a portion of the input byte sequence to one of a first substitute box (S-box) module or a second S-box module in view of a byte order indicator value generated by the random number generator.

Abstract: A processor of a remote crypto cluster (RCC) may obtain an encrypted specific key from at least one data source through at least one network. The processor of the RCC may derive intermediate data in blind based on the encrypted specific key. The intermediate data may include information from which a derived key is derived. The processor of the RCC may send the intermediate data in blind to a client device.

Abstract: Provided are a computer program product, system, and method for generating public/private key pairs to deploy public keys at computing devices to verify digital signatures. A plurality of public-private key pairs are generated to store in a key store. A set of public keys of the public-private key pairs is distributed to the computing systems to use to verify purported digitally signed challenges. One of the public-private key pairs is selected to use a private key of the selected one of the public-private key pairs as a current private key to use to digitally sign challenges from the computing systems. A determination is made to retire the current private key. Another one of the public-private key pairs is selected and the current private key is set to a private key of the selected another one of the public-private key pairs to use to digitally sign challenges from the computing systems.

Abstract: A service control system controls access to secured online testing services, such as accredited or standardized tests, examinations in educational courses, tutoring services, and continuing professional development courses or seminars. The secured services may be published by an educational publishing platform and made available to users through online configured browser applications executing on the users' devices. Based on access conditions associated with a secured testing service and the capturing and processing of one or more images, the service control system determines how users are authorized to access the services. When users have been authorized to access a service or a subset of the service, the service may be distributed through the browser applications executing on the users' devices.

Abstract: Implementations efficiently verify an identity claim for an entity. An example method includes receiving a query key and a property identifying an entity and identifying a possible match for the property from graph access records, the possible match being a node in an identity chain. The method also includes verifying a complete chain from the possible match to a genesis node in the chain. The query key is used to find a next node in the chain. Failure to identify the genesis node results in an unsuccessful verification. The method also includes generating a response that indicates a successful verification request responsive to locating the genesis node and generating a response that indicates an unsuccessful verification request otherwise.

Abstract: An apparatus, system, and method for maintaining a programming lineup of adaptive-bitrate content streaming is provided. The apparatus includes a timeline module configured to maintain a programming lineup of media content available over a network. The media content may comprise a plurality of streamlets. The apparatus also includes at least one data module configured to maintain multi-bitrate streamlet information. The system includes the apparatus and a client module configured to acquire content based upon the programming lineup provided by the timeline module. The method includes maintaining a programming lineup of media content available over a network, and maintaining multi-bitrate streamlet information.

Abstract: A process for linking a key to a component is disclosed herein along with apparatus that implements the process and related compositions of matter. In various aspects, the key may be a password, hash, key, encryption key, decryption key, seed value, unlock code, or other alphanumeric identifier, and the component includes a computer in networked communication, and may further include a specific user of the computer. The process may include the process step of identifying the component using environmental variables associated with the component, and the process step of forming a representation of the key unique to said component. The representation is tested to determine that the identified component is the source of the representation, in various aspects.

Abstract: In some embodiments, a message and a digital signature related to the message may be obtained, where the message may include a source identifier of a data source and values associated with parameters for an executable. The message may be transformed into a network-specific data structure having a specific format associated with a network. A verification of the network-specific data structure may be performed based on the digital signature. The values may be provided to the executable based on the verification indicating a match between the network-specific data structure and the digital signature.

Abstract: Techniques are provided to generate a secure communication for use in a transaction. In some embodiments, a user device is provided a first set of encryption keys associated with one or more authorizing entities. The user device may, prior to or during a transaction, receive one or more second encryption keys related to a second party to the transaction. In some embodiments, the one or more second encryption keys may be provided to the user device via a local communication means. Once the user device has been provided with transaction details, it may generate a transaction request using the multiple encryption keys that it has been provided, such that portions of the message are encrypted using different encryption keys.

Abstract: A computer-implemented technique for determining whether a first computing device has the correct version of a software program may be used to provide a secure approach to verifying that a client computing device has a secure and approved version of content player software implemented for consuming downloaded copyright media content. With this technique, copyright media content providers are able to ensure that only secure and approved content players are implemented to access the content.

Abstract: A system that includes a first network device in a first network configured to send a file from a plurality of files to a compliance controller in the first network. The compliance controller is configured to determine whether the file satisfies a set of compliance rules and to send the file to the virtual machine in the first network in response to determining that the file satisfies the set of compliance rules. The virtual machine is configured to send the file to a second network device in a second network via a network interface. The network interface is configured to block the first network device from sending the file from the first memory to the second network device in the second network. The network interface is also configured to send the file from the virtual machine to the second network device in the second network.

Abstract: A differentiated identification system facilitates dynamically differentially morphed access for one or more requesters. The system receives an access request including at least one differentiable voucher from a requester and assesses the type of the received access request by considering the access request, the differentiable voucher and one or more semblances. The system then dynamically differentially morphs an access to one or more service or data based on the assessment of the access request type, enabling the system to provide the requester with dynamically differentially morphed access to the one or more service or data.

Abstract: A component of an environment having available bandwidth for performing a task is located. Authorization to connect a device associated with the task to the component is granted. In response to determining that a set of one or more conditions are met, the device is connected to the component. The connection provides network connectivity to the device via the component.

Abstract: Embodiments for deploying services to multiple Hadoop clusters and providing user access to these services in a secure manner. A process allows authorized users to select a service, validate its entitlement to the organization and then install distributed components of the service onto multiple hosts on different Hadoop clusters. In order to enable this deployment and secure access of this service, an identity federation mechanism is used to ensure the user identity of the system is propagated to distributed clusters in a secure fashion thereby ensuring authorized access to clusters or services is provided in a seamless fashion.

Abstract: Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.

Abstract: A computer-implemented method for information protection comprises: determining one or more data inputs and one or more data outputs for a transaction, wherein the data inputs are associated with input data types respectively, and the data outputs are associated with output data types respectively; encrypting the input data types and the output data types; committing each of the encrypted input data types and the encrypted output data types with a commitment scheme to obtain corresponding commitment values; obtaining at least a parameter R based at least on the commitment values; and submitting the transaction to one or more nodes in a blockchain network with disclosure of the parameter R and without disclosure of the input data types and output data types for the nodes to verify consistency between the input data types and the output data types.

Abstract: A communication system is provided, including a plurality of terminal devices and a root certification authority. Each of the plurality of terminal devices includes a certification authority key generation unit, a certification authority public key certificate acquisition unit that acquires a certification authority public key certificate, a certification authority key storage unit, a transmission unit, and a verification unit that verifies the certification authority public key certificate with a root certification authority public key certificate, and verifies a user in a case where the verification succeeds. The root certification authority includes a root certification authority key storage unit, a communication unit, and a certification authority public key certificate generation unit that generates the certification authority public key certificate by encrypting the certification authority public key with the root certification authority secret key.