Abstract: The disclosure extends to methods, systems, and devices for crowdsourcing an outcome to an issue through a platform. The method includes receiving voting data comprising a vote for an election from a user associated with an account facilitated by a voting server. The method includes generating a record for storing the voting data, wherein the record includes: a hashed identifier assigned to the user of the account, a public key assigned to the user of the account, and the voting data. The method includes broadcasting the record to a distributed network and storing the record on a blockchain database.

Abstract: An authentication system includes: a reading unit that (i) reads ID information as a response to a first read command being a command to which only a first type of contactless communication terminal responds, and outputs the ID information and type information indicating that a contactless communication terminal is of the first type, and (ii) reads ID information as a response to a second read command being a command to which both the first and second types of contactless communication terminals respond, and causes additional issuance of the first read command, and when succeeding in reading ID information as a response to the additionally issued first read command, outputs the ID information and type information indicating the first type; an authentication unit that, when a user list includes an output pair of ID information and type information of the communicating contactless communication terminal, authenticates a user associated with output pair.

Abstract: Case management systems and techniques are disclosed. In various embodiments, a hierarchical document permission model is received, the model describing a document hierarchy comprising a plurality of hierarchically related document nodes and defining for each of at least a subset of said document nodes one or more document roles and for each such role one or more document permissions with respect to that document node. The hierarchical document permission model is used to determine and enforce permissions with respect to case management instances to which the hierarchical document permission model applies.

Abstract: The disclosed invention is a new method and apparatus for the management of application/container process identity for authentication and enforcing group-based security policies. Identities and security policies are managed in the cloud. Strong cryptographic identities or digital certificates are provided to each application/container or group of applications/containers. Applications/containers use these digital certificates to mutually authenticate each other before providing access to their resources.

Abstract: A method includes receiving a data capture event affecting personal data of a user stored in at least one storage device of a computing system and mapped in a privacy graph database. Personal data of the user may be identified in the data capture event and classified into the data categories. In response to the data capture event, a mapping of user-centric nodes associated with the at least one user associated with other users in the privacy graph database is automatically updated using the classified personal data in the data capture event. A request by a requester for personal data of at least one specific user stored in the at least one storage device is received. The privacy graph database is queried to provide the requested personal data and locations of the requested personal data of the at least one specific user in the request stored in the computing system.

Abstract: In some embodiments, a system model construction platform may receive, from a system node data store, system node data associated with an industrial asset. The system model construction platform may automatically construct a data-driven, dynamic system model for the industrial asset based on the received system node data. A synthetic attack platform may then inject at least one synthetic attack into the data-driven, dynamic system model to create, for each of a plurality of monitoring nodes, a series of synthetic attack monitoring node values over time that represent simulated attacked operation of the industrial asset. The synthetic attack platform may store, in a synthetic attack space data source, the series of synthetic attack monitoring node values over time that represent simulated attacked operation of the industrial asset. This information may then be used, for example, along with normal operational data to construct a threat detection model for the industrial asset.

Abstract: A host system-on-chip (SoC) includes a network on chip (NoC) for transmitting local traffic between internal blocks of the SoC, an external processor link for receiving messages at the host SoC from an untrusted device. A traffic controller in the host SoC that is coupled with the external processor link monitors an amount of external traffic from the untrusted device over a set of one or more time intervals, detects a violation of a traffic policy based on the amount of external traffic, and in response to detecting the violation, reduces traffic in the NoC resulting from the messages from the untrusted device.

Abstract: A biometrics hub may establish a session with a first biometric device, receive first biometric data of a user from the first biometric device, establish a session with a second biometric device, receive second biometric data of the user from the second biometric device, and store the first biometric data and the second biometric data at the biometrics hub. The biometrics hub may further detect a power event associated with at least one of the first biometric device or the second biometric device, and change, in response to detecting the power event, a schedule for processing at least one of the first biometric data or the second biometric data.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: The present disclosure relates to methods, devices, systems and computer program products for transferring data between a first electronic device (110) and a second electronic device (115). A session token is formed, the session token identifying a data transfer session between the first electronic device (110) and the second electronic device (115). First, a local data transfer connection is established in the data transfer session between the first electronic device (110) and the second electronic device (115). A first set of data is transferred from the second electronic device (115) to the first electronic device (110) over the local communication connection, and the connection is ended. Then, in the data transfer session a second set of data is transferred from the second electronic device (115) to a network server system (120).

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract: Methods and systems are provided for concealing identifying data that may be used to identify a beacon or device in broadcasts unless an observer device is able to directly or indirectly, via an authorized resolver device, translate an encrypted broadcast into the identifiable information. The wireless security scheme disclosed herein also pertains to resolving the concealed data messages to obtain the identifiable information.

Abstract: Implementations of the present specification include a computer-implemented method for achieving a consensus among a number of network nodes of a blockchain network. The blockchain network includes a primary node and one or more backup nodes. The method includes receiving a transaction request by the primary node, sending a number of first messages to the backup nodes by the primary node, receiving second messages from the backup nodes by the primary node, reconstructing the transaction request based on data in the second messages by the primary node, sending a third message to the backup nodes by the primary node, and executing the transaction request in response to receiving a predetermined number of third messages.

Abstract: A request from a computing device for accessing a resource is received by an edge server, where the request includes a cookie containing a first token value and a second token value. The edge server validates the first token value and a second token value using a third token value generated using hashing algorithm with a secret key and one or more other values. The edge server then compares the received token values with the third token value. When the request is validated, the edge server retrieves the request resource.

Abstract: Techniques for security scanning of containers executing within VMs. A virtualization system maintains container disk files that store data for containers. The container disk files are stored separate from, and not included within, virtual machine disk files that store data for the virtual machines. To scan data for any particular container, a scanning module scans the container disk file associated with the container. If a threat is found, a container scan catalog is updated to indicate this fact. A container may be disconnected from the network if identified security threats cannot be removed from the container. An entire VM may be disconnected from the network if all containers within the VM have threats that cannot be cleaned. The use of container disk files for security threat scanning allows for data for individual containers to be scanned.

Abstract: Systems, devices, and techniques for service authorization are described. A described device includes a transceiver to communicate with an authorization server, a memory to store a shared secret key established between the device and the authorization server, and a processor. The processor can set an authorization timer for a first time period based on obtaining an authorization from the authorization server, and activate device features for a duration of the first time period. The processor can receive from the authorization server an authorization message that includes an authorization key hash based on the shared secret key and a server timestamp, determine a local key hash based on the shared secret key and a local timestamp, set the authorization timer for a second time period based on the authorization key hash matching the local key hash, and maintain an activation of the features for a duration of the second time period.

Abstract: A computing device running a local enforcement agent is configured to instantiate at least one application container at the computing device, where the at least one application container is part of a containerized application. The computing device is also configured to associate the local enforcement agent with the least one application container so that the local enforcement agent operates as an intra-application communication proxy for the least one application container. The local enforcement agent receives an intra-application Application Programming Interface (API) call that is sent to the at least one application container from a second application container that is part of the containerized application. The local enforcement agent is configured to analyze the intra-application API call for compliance with one or more security policies associated with the at least one container.

Abstract: Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.

Abstract: A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. The physical card may include disposed thereon a single address operable to receive digital bearer assets in one or more transactions on a decentralized computing platform, like a blockchain-based decentralized computing platform. Other decentralized computing platforms utilize different address generation protocols, thus preventing use of a single address on those other platforms. A set of addresses is generated, each address corresponding to a given decentralized computing platform. Each address is based on a same underlying key-pair, and a primary address is selected from the set for a given card. The remaining addresses in the set are stored, without storage of the public key or private key, and returned in a response to a request for additional addresses of the currency card.

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.