Abstract: This invention relates generally to blockchain implementations and is suited for, but not limited to, use with the Bitcoin blockchain. The invention relates to a technical solution for managing a voting, counting, selection and/or decision making process. It can be used for the implementation of automated processes such as device/system control, process control, distributed computing and storage and others. The invention provides an event detecting, monitoring and/or counting mechanism. The event may be, for example, a vote, decision or selection which is made by a given entity. The invention provides a counting solution in which a computing resource, running simultaneously and in parallel to the blockchain, manages a loop-based operation. The computing resource continuously monitors the state of the blockchain as well as any other off-blockchain input data or source. The execution of the loop is influenced by the state of the blockchain.

Abstract: Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record.

Abstract: A first apparatus comprises an error correction coding part that receives a message M to be transmitted to a second apparatus, performs coding using a predetermined error correction code, and outputs a codeword C; a message authentication tag generation part that receives the message M and outputs a predetermined message authentication tag T; and a transmission part that transmits the codeword C and the tag T as transmission information S to the second apparatus. The second apparatus receives a message M* to be verified and a tag T?, which are obtained from the transmission information S, and determines that the message M* to be verified has not been tampered with when a tag T* obtained from the message M* to be verified and the tag T? satisfy a predetermined identity criterion.

Abstract: Disclosed herein is a data storage device comprising a data path, an access controller, and a data store. The data path comprises a data port configured to transmit data between a host computer system and the data storage device; a non-volatile storage medium configured to store encrypted user content data; and a cryptography engine connected between the data port and the storage medium and configured to use a cryptographic key to decrypt the encrypted user content data stored on the storage medium in response to a request from the host computer system. The access controller is configured to store on the data store multiple entries associated with multiple respective registered devices. The multiple entries comprise authorization data indicative of cryptographic keys that selectively provide user access or manager access for each of the multiple registered devices.

Abstract: A method of detecting patterns for automated filtering of data is provided. The method includes receiving network traffic including bad traffic and good traffic, wherein an attack is known to be applied to the bad traffic, and the good traffic is known to be free of an applied attack. Processing the good and bad traffic includes generating, for each unique packet, each potential unique combination of the packet's fields, storing each combination with associated bad match and good match counters, and incrementing a combination's respective good and bad match counters for each occurrence it matches one of the packets of the respective good and bad traffic. The combinations are sorted based on the good match counter associated with each combination, a number of fields in each combination, and the bad match counter associated with each combination. One or more combination is selected based on results of the sorting for provision to a network traffic filtering component.

Abstract: When a third party wants to redeem a user's personally identifiable information (PII), the third party presents to the system a token representing the PII, which indicates a request for the PII. The system seeks consent from the user for sending the PII to the third party. If the user grants consent, then the system prepares the PII for the third party. In some embodiments, the third party can initiate a telephone call with a dispatch to receive the PII. In some embodiments, the third party can receive the PII directly from the system.

Abstract: A solution is proposed for sharing secret information for accessing a wireless computing network. A corresponding method for distributing the secret information by a source (computing) device comprises receiving a public key of the a target (computing) device, transmitting a verification token to the target device, receiving an utterance of the verification token and transmitting the secret information encrypted with the public key in response to the utterance of the verification token. A corresponding method for obtaining the secret information by a target (computing) device comprises transmitting a public key of the target device, receiving a verification token, outputting the verification token and receiving the secret information encrypted with the public key in response to an utterance of the verification token. Corresponding computer programs and computer program products are also proposed. Moreover, a source computing device and a target computing device for implementing the methods are proposed.

Abstract: A unique identifier id(f) is generated for file f and is stored on a content address server. A symmetric encryption key KF is generated for file f. File f is divided into n segments. A unique identifier id(si) is generated for each segment si of the n segments. Each segment si of the n segments is encrypted using the symmetric key KF using a symmetric encryption algorithm, producing n encrypted segments esi=ESKF(si). Each encrypted segment esi is stored with its identifier id(si) on at least one peer device. For each encrypted segment esi, the identifier id(si) is stored on the content address server with the identifier id(f). A public key KU2 of a second user is retrieved, the symmetric key KF is encrypted with key KU2, producing wrapped key KW2=EAKU2(KF), and key KW2 is stored on the content address server with identifier id(f).

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.

Abstract: A data processing device includes primary resources, an out-of-band manager operably connected to the primary resources via an always-on in-band connection, and an authentication engine. The authentication engine obtains, via the always-on in-band connection, an operation request and an authentication token corresponding to the operation request; in response to obtaining the authentication token: obtains a list of authorized operations using the authentication token; makes a determination that an operation indicated by the operation request is allowable based on the list of authorized operations; and performs the operation based on the determination.

Abstract: A method of performing a blockchain transaction includes partitioning a private key of an account into a first part, a second part, and a third part, using a processor. The method further includes delivering the first part to a user of the account via a network. The method further includes storing the second part on a first server in association with information about the end-user. The method further includes receiving the first part from the user via the network. The method further includes reconstructing the private key of the account using the first part and the second part. The method further includes performing the blockchain transaction using the account and the reconstructed private key.

Abstract: The technology described herein detects a first device associated with a user that is within a detectable range of a second device. The system requests authentication information. In response to receiving the authentication information, a token generator associated with the user can generate a secure token. The secure token can be sent to the server. Once the secure token is verified, the user is granted access to one or more services.

Abstract: Methods and systems for receiving a detection of a physical presence of a user and, in response, initiating a start-up process on an enterprise device according to a profile associated with the user are described. Thereafter, the system receives authentication credentials at the enterprise device and the user is granted access to the enterprise device after the authentication credentials are verified.

Abstract: Techniques for providing a digital certificate management for blockchain technologies are described. One example method includes a transaction request including a digital certificate is received from a certificate authority at a node in a blockchain network, and the transaction request is a request to write the digital certificate into a blockchain associated with the blockchain network, and the digital certificate is issued to a node in the blockchain network. A consensus verification result is determined for the transaction request, and the consensus verification result is produced by nodes in the blockchain network. The consensus verification result is compared to a predetermined threshold value. In response to determining the consensus verification result is greater than or equal to the predetermined threshold value, the digital certificate is stored in the blockchain associated with the blockchain network.

Abstract: A secured device has a secure storage area and is configured to communicate with an authentication manager of a key server. A salt and a key identifier of a key are received to the secured device from the key server. Information corresponding to the key identifier is embedded into the salt to create a combined identifier-salt value. The combined identifier-salt value is stored in the secure storage area. The combined identifier-salt value is utilized as additional input to a hash function along with a password. The key is identified using the information corresponding to the key identifier embedded into the salt.

Abstract: Provided with a calculation device for performing a calculation for an encryption data in a virtual execution environment protected from a standard execution environment, the calculation device has a virtual execution environment construction unit for constructing the virtual execution environment, and the virtual execution environment includes: an encryption data acquisition unit for acquiring the encryption data; a source code acquisition unit for acquiring a source code for the calculation; a key acquisition unit for acquiring the system key; a decryption unit for decrypting the encryption data by the acquired system key; a source code execution unit for executing the source code; an encryption unit for encrypting a calculation result to which the source code is executed by the system key; and a calculation result providing unit for providing the encrypted calculation result to the standard execution environment.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: A computer-implemented platform has a cloud-based offset engine that determines data stored on a local storage device of an external device exceeds a predetermined local data storage threshold, whereby the external device is remotely situated from the computer-implemented platform. Further, the computer-implemented platform has a receiver that receives, via a network, first level encrypted offset data. The encrypted offset data is the data that is encrypted by the external device according to a first encryption key, and that is timestamped by the external device according to a first timestamp. Moreover, the computer-implemented platform has a compression assessment engine that determines that the external device is incapable of performing compression according to one or more predefined compression criteria and that performs compression of the first level encrypted offset data according to the one or more predefined compression criteria to generate compressed and encrypted offset data.

Abstract: Implementations of the present specification disclose an information verification method, apparatus, and device.

Abstract: The present invention generally relates to detecting malicious network activity coming from network devices such as routers and firewalls. Specifically, embodiments of the present invention provide for detecting stealth malware on a network device by comparing inbound and outbound network traffic to discover packets originating from the network device and packets that violate configuration rules. When combined with a network traffic monitor server configured to monitor actual network traffic reports and to receive known network traffic reports from host computers, the system can detect stealth network traffic originating from both network devices and host computer systems.