Abstract: A system includes a security device, configured for cryptographic processing, coupled to receive incoming data from a plurality of data sources (e.g., data from different customers), wherein the incoming data includes first data from a first data source; a controller (e.g., an external key manager) configured to select a first set of keys from a plurality of key sets, each of the key sets corresponding to one of the plurality of data sources, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device.

Abstract: An example print supply includes a non-transitory computer-readable medium. The non-transitory computer-readable medium includes data. The data includes an indication of a schema for the data. The data also includes an indication of an identifier. The data includes an indication of a digital signature. The digital signature is usable to authenticate a type of the data, the schema, and the identifier. The print supply also includes a communication interface. The communication interface is to output the data from the non-transitory computer-readable medium.

Abstract: A method in a virtual private network (VPN) environment, the method including receiving, by a processor, a connection request from a user device for obtaining VPN services; determining, by the processor based at least in part on receiving the connection request, custom headers including a timing header, an authorization header, a digest header, and a signature header; transmitting, by the processor to the user device, a response including the custom headers and a payload indicating a VPN server associated with obtaining the VPN services; and configuring, by the processor, the VPN server to provide the VPN services to the user device. Various other aspects are contemplated.

Abstract: In one example an apparatus comprises a computer readable memory, hash logic to generate a message hash value based on an input message, signature logic to generate a signature to be transmitted in association with the message, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and accelerator logic to pre-compute at least one set of inputs to the signature logic. Other examples may be described.

Abstract: The invention is directed to systems, methods and apparatus for securing documents. The system comprises a server having a processor and a data storage device for storing documents, at least one document provider connected to the server, the at least one document provider operable to provide user documents to the server for storage in the data storage device, the user documents containing at least one object of security concern, and at least one document consumer connected to the server, the at least one document consumer operable to receive the user documents containing the at least one object of security concern from the server.

Abstract: Provided are a blockchain-based data verification method and apparatus, a device, and a storage medium, relating to the field of computer technology, for example, a blockchain technology, and applicable to cloud computing and cloud services. The solution includes acquiring a data verification transaction request initiated by a data owner; generating a response signature value in the current verification round according to the data verification transaction request; and sending the response signature value to a blockchain network. The response signature value is configured to instruct the blockchain network to verify whether the to-be-verified data block is stored in a data storer.

Abstract: A method that includes providing a database for storing meta-data that describes steps in a workflow and an order of the steps in the workflow. The meta-data includes, for each of the steps: a reference to an input data file for the step; a description of a transaction performed at the step; and a reference to an output data file generated by the step based at least in part on applying the transaction to the input data file. Data that includes meta-data for a step in the workflow is received and the data is stored in the database. A trace of the workflow is generated based at least in part on contents of the database. The generating is based on receiving a request from a requestor for the trace of the workflow. At least a subset of the trace is output to the requestor.

Abstract: In one example an apparatus comprises a computer readable memory, a signature logic to generate a signature to be transmitted in association with a message, the signature logic to apply a hash-based signature scheme to the message using a private key to generate the signature comprising a public key, or a verification logic to verify a signature received in association with the message, the verification logic to apply the hash-based signature scheme to verify the signature using the public key, and an accelerator logic to apply a structured order to at least one set of inputs to the hash-based signature scheme. Other examples may be described.

Abstract: A method in a virtual private network (VPN) environment, the method including transmitting, by a processor, a connection request to a VPN service provider for obtaining VPN services; receiving, by the processor, a response including custom headers and a payload indicating a VPN server for receiving the VPN services, the custom headers including a timing header, an authorization header, a digest header, and a signature header; authenticating, by the processor, the custom headers to determine whether the response was transmitted by the VPN service provider; and transmitting, by the processor to the VPN server, a request for obtaining the VPN services based at least in part on determining that the response was transmitted by the VPN service provider. Various other aspects are contemplated.

Abstract: Systems, methods, and computer products for associating a top level network identifier with a blockchain address on a blockchain enable operations that may include: obtaining, from a root network segment file, an identification of a server that stores network infrastructure records associating network identifiers under the top level network identifier with network addresses and a signature on the identification of the server; obtaining, based on a first network infrastructure record, an association of the top level network identifier with the blockchain address; obtaining information sufficient to validate a trust chain, wherein the trust chain extends from a trusted authority to the association; and sending the association and the information sufficient to validate the trust chain to an executable program on the blockchain. The trust chain may be validatable by the executable program, and the association may be storable on the blockchain by the executable program.

Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Abstract: The present invention realizes an electronic signature system with high security level in which abuse of a signature key by a system administrator is prevented. A user sets an authentication information conceived by the user himself to his/her own signature key stored in the tamper resistant device (5) via the terminal device (2). When digitally signing an electronic document, the user transmits his/her own encrypted authentication information to the tamper resistant device (5) through the terminal device (2) and asks for permission to use his/her signature key. The tamper resistant device (5) decodes the inputted authentication information, verifies the decoded authentication information, and allows the digital signing only if the correct authentication information is entered. As a result, the electronic signature system in which only a user having valid use authority for the signature key can digitally sign is built.

Abstract: An indication is received to initiate a resource discovery process of a client system. The client system includes resources to be discovered and the resource discovery process is associated with a script. A connection is made from a management server to the client system with a first level of security privileges of the client system. The client system is provided with an encapsulation program for an execution of the script. The encapsulation program is configured to determine ownership information of the script. The encapsulation program is also configured to cause the execution of the script on the client system with modified security privileges corresponding to the ownership information of the script rather than the first level of security privileges of the client system.

Abstract: A monitoring apparatus includes: an acquisition unit sequentially receiving messages on a network; a first calculation unit calculating a difference between data values of two continuous messages; a second calculation unit calculating a difference between reception time points of two continuous messages; a first determination unit determining whether a received message is an abnormal message based on the difference calculated by the first calculation unit or the second calculation unit; a second determination unit determining whether a received message is a suspicious message based on the difference calculated by the first calculation unit or the second calculation unit; and a recording unit recording, when the second determination unit determines that the received message is the suspicious message, as a history, data values and reception time points of the suspicious message and a predetermined number of messages received before and after reception of the suspicious message.

Abstract: Methods and systems for introducing self-contained intent functionality into decentralized computer networks is described. Specifically, the methods and systems for encoding user intent (e.g., what functions a value may be used for) into data structures for computer programs and/or transaction protocols intended to automatically execute, control, or record events and actions according to predetermined terms or criteria are described herein. For example, the methods and systems may include using a permission structure native to one or more cryptocurrencies to provide additional functionality that allows for an intent to be introduced into the computer program and/or transaction protocol. This intent may be introduced using a routing data structure indicating exchange eligibility of resource sources.

Abstract: A method of forming unique, private, personal, virtual social networks on a social network system that includes a database storing data relating to corresponding user entities. The method includes: a first user entity sending an invitation to a second user entity, recording in the database the second user entity as a direct contact of the first user entity and determining that third user entities, directly connected to the second user entity, are indirect contacts. A unique, personal, social network formed from direct and indirect contacts is thereby created for each user entity. Each user entity is able to control privacy of its data with respect to other user entities depending on the connection factor to that other entity and/or that other entity's attributes. Each user entity is able to take the role of provider or participant in applications where the provider provides an item or service to the participant.

Abstract: A method for login, including making a login request to an entity through a federation server that generates a session identifier. A QR code is sent to the federation server to receive the session identifier. A secure envelope including user personal information is sent to the federation server to verify user registration with the federation server. A login token generated by the federation server is received and is associated with a smart contract generated by the federation server and stored on a blockchain. The login token is signed using user private key and sent to the blockchain for inclusion in the smart contract. A transaction identifier is received from the blockchain, and is sent to the federation server that generates a session record based on the login token. The federation server sends user verification to the entity to authorize a communication session between the user device and the entity.

Abstract: A system, device and method to securely notify a user of a compromise of a device are provided. The system, device and method may include a detection device adapted for determining a compromise of the device communicatively coupled to the first path, a user database including at least information regarding the device and other devices associated with the user, and the secure signal path to at least one of the other devices.

Abstract: Disclosed in various examples are methods, systems, and machine-readable media for exposing a Representational State Transfer (RESTful) interface to users whereby management commands on a datacenter may be issued remotely from the users' workstations for secure, remote management of the datacenter. An application task automation command (e.g., a POWERSHELL® command) is executed remotely by creating a proxy command (e.g., based on a POWERSHELL® cmdlet code) to cause the application task automation command to be executed when the proxy command is remotely invoked and deploying the proxy command to a remote computer, such as the user's workstation. The remote computer issues a request including a user identifier and any parameters for the application task automation command when the corresponding proxy command has been invoked by the remote computer.

Abstract: A security agent executing in kernel mode may receive a request from the anti-malware component executing with low privileges in user mode, and, in response, the security agent may perform a security action with respect to a malicious file detected on the computing device. The security agent may then assist the anti-malware component in providing a user notification about the security action by obtaining, on behalf of the anti-malware component, a user token associated with the user session in which the malicious file was detected. The anti-malware component can use the obtained user token to request a pointer to a Component Object Model (COM) interface for outputting the notification in context of the appropriate user session, which allows for securely and efficiently providing the user notification.