Abstract: A distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. The computing network fabric or “core” supports a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole.

Abstract: Systems and methods leverage trust anchors to generate tokens which can then be used by network functions (NFs). A virtualization infrastructure manager (VIM) for a virtualized platform receives a NF software package and a certificate request token (CRT) from a management function. The NF is a virtual NF, a containerized NF, or another virtual entity (xNF) to be deployed. The CRT is digitally signed by the management function and includes a network address of a trust anchor platform and a NF profile. The VIM deploys the NF and provides the CRT to the NF. The NF obtains from the CRT the network address of the trust anchor platform, generates a certificate signing request (CSR) for a digital certificate, and submits the CSR and the CRT to the trust anchor platform. The NF receives a digital certificate from the trust anchor platform based on validation of both the CSR and CRT.

Abstract: Methods and systems are described for performing multifactor authentication. An authentication code may be encrypted in optical indica. Optionally, Advanced Encryption Standard (AES), Rivest-Shamir-Adleman (RSA), DES (Data Encryption Standard), and/or a hashing function may be utilized to encrypt the authentication code. An image of the authentication code may be captured from a device having a display using a digital camera. The image may be in a compressed format and transmitted over a network to an image analysis system. The image analysis system may decode the optical indicia to obtain the encoded authentication data and may perform decryption on the decoded data. If a hashing function is utilized to encrypt the authentication data, the encoded authentication data may be compared to a hash of stored authentication data. If needed, the image analysis system may perform image enhancement prior to performing decoding, including contrast enhancement, deblurring, and/or image rotation.

Abstract: A method for replacing an identity certificate in a blockchain network includes a service subnet, a consensus subnet, and a routing layer used for isolating the service subnet from the consensus subnet. The method includes: receiving a root certificate replacement notification transmitted by a certificate authentication center; obtaining a public key corresponding to the certificate authentication center; verifying the root certificate replacement notification by using the obtained public key; forwarding the root certificate replacement notification to a consensus node in the consensus subnet after the validation succeeds, so that the consensus node records the root certificate replacement notification into a latest data block after a consensus on the root certificate replacement notification is reached; and requesting, when the data block is received, the certificate authentication center to replace an identity certificate.

Abstract: Disclosed is a method of loading a signature rule and a network device thereof. According to an example of the method, the network device may first receive a signature rule library sent by a cloud server, wherein the signature rule library contains one or more signature rules, each of which is associated with corresponding device type configuration information. The network device may determine for each signature rule whether device type configuration information associated with the signature rule matches local device type configuration information of the network device. If the device type configuration information associated with the signature rule matches the local device type configuration information of the network device, the network device may load the signature rule.

Abstract: Embodiments of this specification provide a transaction processing method, apparatus, and electronic device for a blockchain. The method includes: executing, by a blockchain node in the blockchain, a consensus protocol for an N-th round of consensus, wherein the consensus protocol comprises reaching a consensus on a blockchain transaction of the N-th round of consensus and upon the consensus being reached, executing the blockchain transaction of the N-th round of consensus; writing, by the blockchain node after the execution of the blockchain transaction, a block comprising the blockchain transaction of the N-th round of consensus into the blockchain; and concurrently with the writing of the block, executing, by the blockchain node, the consensus protocol for an (N+1)-th round of consensus in the blockchain.

Abstract: A method for labeling object of operating system is adapted to a target object of a target operating system, wherein the target object has a target attribute. The method comprises: generating a default label by a labeling tool according to the target attribute; obtaining a reference object of a reference operating system, wherein the reference object has a reference attribute and a reference label; comparing whether the target attribute and the reference attribute are identical and generating a comparison result; and labeling the target object with the default label, the reference label, or one of a plurality of candidate labels according to the comparison result and a type of the target object.

Abstract: A method includes identifying a binary file to be executed on a client device. The method further includes comparing, by a processing device, the binary file to an authenticated version of the binary file stored on a blockchain, in response to identifying the binary file and before executing the binary file. The method further includes, in response to determining that the binary file and the authenticated version of the binary file match, executing the binary file. The method further includes, in response to determining that the binary file and the authenticated version of the binary file do not match, triggering a predefined remedial action.

Abstract: A method for selecting a consensus node in an apparatus for generating a blockchain includes reading a nonce from the nonce chain of a node, performing an operation on the read nonce and previous height information, and comparing the result of the operation with a reference value in order to select the node as a consensus node.

Abstract: The present invention provides a method, a system, and a device for a hash generation and network traffic detection. It uses a method of storing intermediate calculation results to perform hash calculation for streaming data, and uses a matrix multiplication operation as a strong hash algorithm to reduce memory occupation. The present invention can generate hash in real time in the case of streaming data comprising defects, unordered, and overlapping, which is suitable for detecting files from network traffic, and is applicable to virus detection, intrusion detection, data anti-leakage, network content review, digital forensics, digital rights protection, and other fields.

Abstract: Systems and methods leverage trust anchors to generate tokens which can then be used by network functions (NFs). A virtualization infrastructure manager (VIM) for a virtualized platform receives a NF software package and a certificate request token (CRT) from a management function. The NF is a virtual NF, a containerized NF, or another virtual entity (xNF) to be deployed. The CRT is digitally signed by the management function and includes a network address of a trust anchor platform and a NF profile. The VIM deploys the NF and provides the CRT to the NF. The NF obtains from the CRT the network address of the trust anchor platform, generates a certificate signing request (CSR) for a digital certificate, and submits the CSR and the CRT to the trust anchor platform. The NF receives a digital certificate from the trust anchor platform based on validation of both the CSR and CRT.

Abstract: A bin syncing technique ensures continuous data protection, such as replication and erasure coding, for content driven distribution of data served by storage nodes of a cluster in the event of failure to one or more block services configured to process the data. The cluster maintains information about the block services assigned to host a bin with a copy of the data in a bin assignment table associated with a state. The copies of the data are named, e.g., replica 0 (R0), replica 1 (R1) or replica 2 (R2). In response to failure of one or more block services assigned to host a bin with a replica of the data, an alternate or replacement block service may access the assignments maintained in the bin assignment table, which specify names of the replicas associated with the state.

Abstract: An improved blockchain implementation that reduces application transaction processing bottlenecks for applications that operate on a decentralized network. For example, if an application operating on a decentralized network becomes sufficiently popular, an existing blockchain can be split into the original blockchain and an application-specific chain (or app chain) that includes blocks that only store transactions for the sufficiently popular application. A peer that is not interested in tracking transactions for the sufficiently popular application, however, does not need to track the application-specific chain. Thus, the peer can reduce the number of computational operations that are performed by simply storing block data for blocks in the original blockchain and not for blocks in the application-specific chain.

Abstract: A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data, and may be used to provide authentication in addition to, or in lieu of, passwords or cryptographic tokens. Various use cases are disclosed, including: enrollment, authentication, establishing and using a secure communications channel, and cryptographically signing a message.

Abstract: A system for providing secure access to digital resources is provided that utilizes a blockchain platform. Using this blockchain platform, digital resource vendors create new digital tracking ledgers for their digital resource products such that updates to the digital resource products are accessible directly from a blockchain. Accordingly, these updates are deliverable in a protected and secure manner to consumers of the digital resources.

Abstract: Methods, systems, and devices for validation at an application server are described. The application server may validate a user device utilizing a public-private key pair, and may refrain from establishing a database connection until the user device is validated. For example, the application server may transmit a private key and a public key identifier to the user device. When the application server receives a session establishment message that is based on a private key and that contains the public key identifier, the application server may determine the public key of the public-private key pair based on the identifier. The application server may validate that the session establishment message is received from the user device based on the private key and the determined public key. Based on this validation procedure, the application server may establish a database connection with a database, granting the validated user device access to requested data.

Abstract: A method for communicating data from a sensor device to an Electronic Control Unit using a single-wire bi-directional communication protocol includes providing a first key of the Electronic Control Unit to the sensor device, encrypting sensor data of the sensor device using the first key to determine encrypted data, and transmitting the encrypted data from the sensor device to the Electronic Control Unit.

Abstract: A computer-implemented method for secure de-centralized domain name system, the method comprising: recording a domain registration transaction to a blockchain, the domain registration transaction comprising a domain name, a domain primary key corresponding to a domain public key and domain certificate information for a server node; recording a domain security transaction, comprising the domain public key, to the blockchain to generate a domain name record comprising the domain name, an associated IP address, the domain public key and the domain certificate information, wherein the domain security transaction being signed using the domain primary key; transmitting, by a client node, a domain name request to a domain name node; receiving, by the client node, a domain name response from the domain name node, the domain name response comprising the domain public key, the domain certificate information and the associated IP address retrieved from the domain name record of the blockchain; and initiating a secure co

Abstract: A collaborative operating system includes: a secure command generating device, for performing a digital signature operation on a first-station command to generate a first-station command request, for performing a digital signature operation on a second-station command to generate a second-station command request, and for performing a digital signature operation on a third-station command to generate a third-station command request; a first device group instructs a first target device to execute a first target command only if the first-station command request passed authentication processes conducted by the first device group; a second device group instructs a second target device to execute a second target command only if the second-station command request passed authentication processes conducted by the second device group; and a third device group instructs a third target device to execute a third target command only if the third-station command request passed authentication processes conducted by the third

Abstract: A system and method is provided for changing parameter values of a computer system without changing security properties. An exemplary method includes receiving a request to change a system configuration of the computer system and identifying a parameter relating to system configurations based on the received request. Furthermore, based on the identified parameter, the method includes receiving instructions to change the identified at least one parameter and initiating a transaction to change the identified at least one parameter based on the received instructions. The initiated transaction is then analyzed to determine whether the change to the parameter will lower a security level of the computer system. If not, the method will execute the change of the identified parameter related to the system configuration.