Abstract: Systems, methods, and computer-readable storage media of wrapping digital assets. One method includes receiving, from a central provider system, a digital asset signed by a central private key associated with a digital asset on a central ledger, and verifying the digital asset based on a central public key. The method further includes updating the digital asset including an assignee field, and receiving an attribute for a second assignee of the digital asset. The method further includes wrapping utilizing the private key of the public and private key pair, the digital asset with the attribute and receiving environmental data. The method further includes determining the at least one condition of the attribute is satisfied, and updating the assignee field.

Abstract: One of the main obstacles of securing industrial control systems is the lack of an appropriate security model that is both implementable by vendors and addresses the inherent security and usability issues needed by organizations. Current solutions such as device passwords and IPSec lack scalable key management infrastructure and fine granularity access control mechanisms. A security model for industrial control systems that supports organizational level authorizations and authentication requirements, while hiding the low-level details (e.g., keys and passwords) from the users is disclosed. It also enables easy addition and removal of PLCs, engineering station, HMI devices and users, and assigning permission to them. A major advantage is its support for hybrid ICS systems, characterized by co-existence of legacy devices and new devices, while using the same protocol. Devices may communicate therein either natively, or by a connected converter.

Abstract: Disclosed is a system and method for processing data using blockchain technology. The system includes a memory having programmable instructions stored thereon that, when executed by a processor, cause the system to: authenticate one or more sensors in anticipation of receiving component data; receive component data, upon successful authentication; store the component data locally or to a cloud-based server and/or calculate a root value for the component data; store or embed the root value with the stored component data; condense the component data and link the condensed component data to the stored component data via the root value. The system further includes instructions to log the condensed data, including the root value, to a ledger, and to identify a tag or transaction id corresponding to the logging event for subsequent retrieval of the condensed data using the tag or transaction id.

Abstract: An authentication server enrolls a user's mobile device as a trusted device with a vendor software after verifying the network ID of the user's mobile device. The authentication server associates the network ID in an authentication entry with authentication information such as a push notification token and cryptographic key. Later, when the user attempts to log in to the vendor software, the authentication server may attempt to cryptographically authenticate the user. Otherwise, the authentication server may use the push notification token to transmit an OTP to the user's mobile device as a push notification.

Abstract: A method for connecting an application to a resource by a command, the application being provided for configuring the resource by connecting to the resource by means of a program and configuration parameters, the program implementing a client side of a communication protocol, the method comprising the steps of executing the command when the program is called by the application, the command being interposed between the application and the program; receiving authentication data for accessing the resource, by querying a vault, on the basis of configuration parameters; establishing a connection between the command and the resource by executing the program, into which the authentication data for accessing the resource are input and the configuration parameters retrieved; and establishing a direct connection between the application and the resource.

Abstract: A method and system uses a test cloud system for monitoring cloud to cloud performance. The method includes initiating a first trust relationship by the test cloud system with a first target cloud system, receiving a success indicator for the trust relationship, in response to the first target cloud verifying the test cloud system is whitelisted, generating a security token using a private key of the test cloud system, and invoking a function of an application programming interface of the first target cloud using the security token to validate functionality of the function of the application programming interface of the first target cloud.

Abstract: A method and scalable security service is implemented by a service provider in association with a set of cloud computing services. The method begins by the service provider provisioning a plurality of data lakes across one or more cloud computing services. A data lake is provisioned within a private data cloud of the one or more cloud computing services. To provide scalable security, the service provider configures a virtual firewall in each of two or more regions of the one or more cloud computing services. In particular, the firewall in a given region is associated with a subset of the plurality of data lakes, and wherein the subset comprises at least first and second data lakes associated to at least first and second distinct external enterprise networks. Using the virtual firewall, the service provider then enforces security requirements associated with the subset of the plurality of data lakes via the virtual firewall.

Abstract: A server system to customize firmware of an endpoint via an online firmware store in connection with validating authenticity of the endpoint. For example, a customized version of firmware can be ordered for the endpoint prior to the use of the endpoint. After receiving a request having identity data generated by a memory device configured in the endpoint, the server system can determine, based on a secret of the memory device, the authenticity of the endpoint having the current firmware. An update to firmware stored in the memory device and executed in the endpoint to generate the request is identified. The server system generates a verification code for a command executable in the memory device to perform the update. After receiving the command and the verification code, the memory device validates the verification code to determine whether to execute the command for firmware update.

Abstract: A method for protecting a client domain, for example against a computing attack, implemented in a client node of the client domain. The method includes: discovering at least one other client node of the client domain, called a discovered node; detecting a conflict between at least two management rules for the traffic associated with the client domain; and resolving the detected conflict, including: if one of the rules was installed by a the discovered node, modifying the rule or a state associated with the discovered node; and otherwise, obtaining, from a the discovered node, an item of information for identifying at least one node of the client domain that installed one of the rules; and detecting and/or resolving the conflict using information obtained during the discovery of the at least one other node of the client domain.

Abstract: In a method for software attestation, an enclave including an operating system (OS) library is initialized in a trusted execution environment, wherein software attestation is performed to verify an identity of the enclave, wherein an application is executed inside the enclave using the OS library, and wherein performing the software attestation includes attestation of a content of a disk image associated with the application.

Abstract: This invention relates generally to blockchain implementations and is suited for, but not limited to, use with the Bitcoin blockchain. A method of using a blockchain to control a process executing on a computing resource, the method comprising: executing a loop on the computing resource, and using a state of the blockchain to influence the execution of the loop, wherein the process: is an automated voting process; or comprises a distribution or an allocation of one or more tokens to a voter, wherein each token is associated with an amount of cryptocurrency.

Abstract: A network access system for detecting intrusions over a network. The network access system includes a computer having non-transitory memory for storing machine instructions that are to be executed by the computer. The machine instructions when executed by the computer implement the following functions: receive network traffic from one or more discrete virtual private network connections, store the network traffic in a repository, and monitor the network traffic for a malicious action.

Abstract: Method for registering and updating an electronically stored and versioned alpha digital document (A) in a digital document register by storing, for each version, not the document but a public ownership key; a digital document hash value; and a digital document signature. The invention is characterised by the steps a) providing a first document version, defined in a document description language to have a defined rendered graphic representation; b) registering said first version; c) providing a second document version by adding a reversibly added part to said first document version, said second version comprising a second set of metadata; and d) registering said second version, in that said second metadata is embedded in the second version without affecting said graphic representation, in that at least a part of the reversibly added part can be unambiguously generated based on the second metadata, and in that the registering in step d comprises storing a hash of the second metadata.

Abstract: A method and device for zero-trust fusion computation of multi-party data is provided, which adopts a chip-level based trusted execution environment (TEE) technique, and by improving a development preparation phase of a fusion computation background and improving a calculation phase, enable fusion computation of multi-party data to be performed in a zero-trust secure running environment, guaranteeing that the data is in a secure state without trusting any party during an entire process of transmission, storage and fusion computation, and allowing for enhanced data privacy protection. The solution brings many advantages in terms of data storage security, data transmission security and data use security as well as universality and performance superiority.

Abstract: Examples of the present disclosure relate to a system, method, and computer-readable medium for link anomaly detection across an inter-processor link in an infotainment system of a vehicle. In an example, the system includes a first processor, a second processor, and an inter-processor link to connect the second processor to the first processor. The system may include an anomalous detector and corrector module (ADCM) located on at least one of the first processor and the second processor, the ADCM to monitor a data exchange over the inter-processor link and initiate a correction action in response to an identification that the data exchange over the inter-processor link is anomalous.

Abstract: A system is provided for encoding genomics data for secure storage and processing. In particular, the system may comprise a client and server operating environment that uses a unique encoding algorithm to transform genomics data and/or metadata to produce encoded genomics data and/or metadata. In some embodiments, the encoded genomics data and/or metadata may be encrypted using one or more encryption algorithms. The encoded and/or encrypted genomics data may be stored on a secure server (e.g., a cloud environment) that may perform subsequent processing steps on the encoded and/or encrypted genomics data. Once the processing steps have been completed, the server may transmit one or more outputs associated with the genomics data and/or metadata to a client device. In this way, the system provides an efficient and secure way to store and process genomics data.

Abstract: In an example, a non-transitory machine-readable storage medium includes stored instructions. The store instructions, when executed by one or more processors, cause the one or more processors to: receive a unique identifier of a tagged physical good; receive a public key stored in a Non-Fungible Token (NFT) corresponding to the unique identifier; encrypt a first passphrase using the public key to obtain an encrypted passphrase; compare a second passphrase to the first passphrase; and generate an output indication in response to comparing the second passphrase to the first passphrase. The second passphrase is generated by decrypting the encrypted passphrase using a private key stored on an electronic tag device embedded in the tagged physical good.

Abstract: An encryption method applied to an encryption system is disclosed. The encryption system includes a transmission module, an encryption module and a memory. The memory contains n data, where n is an integer and n?0, and the n data are encrypted by the encryption module. The multiple encryption method includes: via the transmission module, receiving an encryption request and an n+1th data; storing the n+1th data in the memory; via the encryption module, according to the encryption request, encrypting the n data and the n+1th data to form an encrypted data.

Abstract: Embodiments of the present disclosure are directed to systems and methods for artificial intelligence-based filtering of user devices on a wireless network. Upon a request from a user device to access a requested network service, a trustlet executed in a trusted execution environment of the user device is activated. The trustlet provides data associated with the user device. The data is used to distinguish normal from anomalous device behavior. Analysis of the data can be facilitated by an artificial intelligence module. Based on the analysis, the requested network service may be selectively authorized or prohibited. Additionally, the trustlet can be activated while a network service is being utilized by a user device to detect anomalous and potentially deceptive activity.

Abstract: Methods are provided for minting and distributing quantities of cryptographically generated data based on the quality of received biological datasets. Computer readable media, computing apparatuses, and systems are also provided.