Abstract: In an embodiment, a method of blockchain-enhanced proof of identity (POI) includes receiving identity information of a user in connection with a POI request. The method also includes generating a first cryptographic hash using at least a portion of the identity information and storing the first cryptographic hash on a public blockchain in a first blockchain transaction. The method also includes establishing a request identifier based on the first blockchain transaction. The method also includes receiving a digital image that depicts the user together with a POI document, the digital image including the request identifier. The method also includes creating a POI digital document comprising at least a portion of the digital image. The method also includes generating a second cryptographic hash using at least a portion of the POI digital document and storing the second cryptographic hash on the public blockchain in a second blockchain transaction.

Abstract: Systems and methods are disclosed for data protection in a cluster of data processing accelerators (DPAs). The cluster of accelerators may include DPAs of a third party accelerator that may not be trusted. To ensure data protection in the cluster, a first DPA that receives a request from a second DPA to access a resource of the first DPA authenticates the second DPA. If the second DPA passes authentication, the second DPA is permitted to access non-sensitive resources of the first DPA, otherwise the second DPA is not permitted access to any resources of the first DPA and the first DPA breaks a communication link with the second DPA. Authentication is premised on a shared secret function between DPAs and a random number generated by the first DPA. The shared secret function is updateable by, e.g., a patch from a manufacturer of the DPA.

Abstract: A method for detecting potential information fabrication attempt on a webpage, the method comprising: providing the webpage to a client device, by processing circuitry, the webpage comprising instructions executable by a web browser of the client device for detecting the potential information fabrication attempt; wherein execution of the instructions by the web browser results in: detecting the potential information fabrication attempt upon detecting a change in a Document Object Module (DOM) object of the webpage that is not based on execution of code by the webpage causing the change in the DOM object.

Abstract: Systems and methods are disclosed with respect to using a blockchain for managing the subrogation claim process related to a vehicle collision, in particular, utilizing evidence oracles as part of the subrogation process. An exemplary embodiment includes receiving recorded data from one or more connected devices at a geographic location; analyzing the recorded data, wherein analyzing the recorded data includes determining that an collision has occurred involving one or more vehicles; generating a transaction including the data indicative of the collision based upon the analysis; and transmitting the transaction to at least one other participant in the distributed ledger network.

Abstract: A device, system, and method, according to various embodiments, can include, for example, a hybrid cloud network, one or more personal cloud virtual LANs, and a home area network. The hybrid cloud network can be configured to provide public access and private access. The one or more personal cloud virtual LANs are provided at an overlapping segment of the hybrid cloud network to provide privacy within the hybrid cloud network. The home area network can include a single purpose computer configured as a gateway for the hybrid cloud network and configured to establish a site-to-site secure connection with the one or more personal cloud virtual LANs.

Abstract: Embodiments of the present invention are directed to an improved system and method of producing, recording and reporting boot integrity measurements of an Internet of Things (“IoT”) computing device to resource (such as an on-chip software module, an external software module, a printer, a network router, or a server), so the resource can confirm that the IoT computing device can be trusted before access to the resource is granted. Embodiments provide a new and less expensive architecture for reliably collecting and relaying device state information to support trust-sensitive applications. Embodiments leverage crypto-acceleration modules found on many existing microprocessors and microcontroller-based IoT devices, while introducing little additional overhead or additional circuitry.

Abstract: An apparatus verifies hosted information associated with a user. The apparatus establishes, by the online host serving as a relying party system (RPS), a secure connection between the RPS and a user mobile-identification-credential device (UMD). The RPS sends a mobile identification credential (MIC) user information request to the UMD, via the secure connection, seeking release of MIC user information (official information). The RPS obtains from authorizing party system (APS) verification of the MIC user information received in response to the MIC user information request. The RPS stores the MIC user information as hosted information pertaining to the user. The RPS designates the hosted information as base truth information representing the user.

Abstract: Techniques for validating digital certificate information before signing are described. A method of validating digital certificate information before signing may include generating a to-be-signed (TBS) certificate, providing the TBS certificate to a certificate pre-issuance validation service to perform one or more validations on the TBS certificate, and receiving a request to issue a signed certificate based on the TBS certificate following validation of the TBS certificate by the certificate pre-issuance validation service.

Abstract: A gateway performs silent authentication refreshes with an identity management platform in order to extend the expiration of a cookie provided to an endpoint that accesses network applications through the gateway.

Abstract: An access device is provided for use in an access control system. The access device includes a processor having control of a door lock, and a communication module connected to the processor. The processor is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when the current reservation certificate has been presented and disables an alarm system when the current reservation certificate has been presented.

Abstract: In a dataset exchange environment in which datasets are available for exchange or transformation, a dataset validation platform may be configured to update a cryptographically signed record based on each dataset that is available via the data exchange environment. The dataset validation platform may be further configured to control access to the datasets based on whether a request to access a particular dataset is compliant with an availability requirement of the particular dataset. The dataset validation platform may be further configured to update the cryptographically signed record based on requests to access the datasets, transformations that are based on the datasets, or modifications to the availability requirement of the datasets, such as a modification to a privacy limitation or other availability requirement indicating a criteria for usage of the requested dataset.

Abstract: A system of method of detecting bots are presented. The method includes receiving access patterns of a visitor accessing a protected web property, encoding each of the access patterns into a fixed length feature vector, determining an offline-trained model based on past data, generating an anomaly score based on the fixed length feature vector and an offline-trained model, and determining the visitor to be a bot, when the generated anomaly score associated with the visitor reaches a predetermined threshold.

Abstract: A secured exploration agent for reinforcement learning (RL) is provided. Securitizing an exploration agent includes training the exploration agent to avoid dead-end states and dead-end trajectories. During training, the exploration agent “learns” to identify and avoid dead-end states of a Markov Decision Process (MDP). The secured exploration agent is utilized to safely and efficiently explore the environment, while significantly reducing the training time, as well as the cost and safety concerns associated with conventional RL. The secured exploration agent is employed to guide the behavior of a corresponding exploitation agent. During training, a policy of the exploration agent is iteratively updated to reflect an estimated probability that a state is a dead-end state. The probability, via the exploration policy, that the exploration agent chooses an action that results in a transition to a dead-end state is reduced to reflect the estimated probability that the state is a dead-end state.

Abstract: Various computers will communicate messages back and forth over a communication network. These communications may exchange various information. In one aspect, an apparatus for communicating data over a communication network may comprise a computer processor, a receiver, and a memory. The computer processor may generate a request for transmission to a first server via the communication network. The request may include a data inquiry for data about an authorized user of a communication device. The computer processor may also generate a communication message for transmission to the authorized user with a prompt to provide user data via the communication device. The receiver may receive a response from the first server and user data from the communication device. The computer processor may further format the user data and generate a dynamic value based on the formatted response for display.

Abstract: Embodiments disclosed herein provide a method and system for management and resolution of a blockchain-based top-level domain. The method comprises: a master node receiving request information for operations on top-level domain resource record from a requesting node, and encapsulating master node information and authenticated request information into a pre-preparation message; each normal node verifying the pre-preparation message, and after successful verification, generating a preparation message comprising request information, a request information verification identifier, and current node information; each node verifying the preparation message, when the number of authenticated preparation message sending nodes reaches a consensus threshold, adding an operation result corresponding to the request information to a new block in a local blockchain.

Abstract: Systems and methods are disclosed with respect to using a blockchain for managing the subrogation claim process related to a vehicle collision, in particular, utilizing evidence oracles as part of the subrogation process. An exemplary embodiment includes receiving recorded data from one or more connected devices at a geographic location; analyzing the recorded data, wherein analyzing the recorded data includes determining that an collision has occurred involving one or more vehicles; generating a transaction including the data indicative of the collision based upon the analysis; and transmitting the transaction to at least one other participant in the distributed ledger network.

Abstract: A system and method for establishing application identities including application runtime properties. A method includes signing at least one artifact of a first application communicating with a second application, wherein each of the at least one artifact includes data used for executing the first application, wherein a signing result of each artifact is a signed cryptographic hash of the artifact; monitoring events related to communications between the first application and the second application to identify a file event; generating at least one runtime hash for the file event, wherein the at least one runtime hash represents runtime properties of the first application; and generating an application identity for the first application, the application identity for the first application including the signed cryptographic hash of each of the at least one artifact and the at least one runtime hash of the file event.

Abstract: Methods, apparatus, systems and articles of manufacture (e.g., physical storage media) for software defined silicon security are disclosed. Example apparatus include a trusted agent determiner to (i) determine respective reputation scores associated with a plurality of agents in a mesh network, the plurality of agents associated with a plurality of semiconductor devices, respective ones of the semiconductor devices including circuitry configurable to provide one or more features, and (ii) select, based on the respective reputation scores, a first agent from the plurality of the agents to transmit a request to activate or deactivate at least one of the one or more features. Example apparatus also include an agent interface to, in response to the request, broadcast an activation or deactivation of the least one of the one or more features to the mesh network to cause the trusted agent determiner to update the reputation score of the first agent.

Abstract: A method for maintaining a material data blockchain (MDC) is disclosed. The method includes receiving a material data block (MDB), wherein the MDB includes a metadata portion and a payload portion. The method further includes extracting a first sequence from the metadata portion and generating a genomic engagement factor (GEF) based on the sequence, a genomic differentiation object assigned to the creator VDAX, and genomic regulation instructions (GRI) that are maintained by the creator VDAX. The method further includes generating a creator value corresponding to the MDB based on the first GEF and the MDB and digitally signing the MDB with the creator value. The method includes providing the unnotarized MDB to one or more notary cohorts; and receiving a respective notary value from each of the notary cohorts, wherein each notary value is generated using respective GRI and genomic differentiation object maintained by a respective notary.

Abstract: A method includes receiving a consensus agreement rule (“CAR”) comprising identities of a first party and second party; receiving a first SignedData message comprising first content and a first digital signature; creating a second SignedData message comprising a second digital signature of the second party on a hash of the second content and an acceptance indication; verifying, based on the acceptance indication and based on the identities on the CAR matching the identities on the signatures, that the second party accepted the terms of the agreement; and transmitting the second SignedData message to a trusted party for posting to a distributed ledger, wherein the terms of the agreement are kept private while the second SignedData message is posted to the distributed ledger, and wherein the terms of the agreement are formatted as a smart contract whose execution causes a transfer of value in response to a fulfillment of a condition.