Abstract: The present embodiments relate to systems and methods for using a blockchain to record information related to the lifecycle of a vehicle associated with a Vehicle Identification Number (VIN). For example, the VIN lifecycle process may be used to develop safety-feature based insurance models. The systems and methods may include calculating a safety rating for a safety feature based upon data accessed at a blockchain. The safety rating may be used to generate a product associated with a new vehicle type, such as an insurance product covering the new vehicle type. The systems and methods described herein may allow for using a blockchain which gives the option for private information, and permissioned participants in the blockchain. In particular, the systems and methods may allow for a distributed consensus amongst businesses, consumers, and authorities, as to the validity of information and transactions stored on the blockchain.

Abstract: A method for providing improved personalized security mechanisms for transferring electronic data is disclosed. In an embodiment, the method comprises generating, at a client computer, a user key pair, wherein the user key pair comprises a user private key and a user public key; transmitting the user public key from the client computer to a server computer; receiving, at the client computer, from the server computer, a user account public key; generating a virtual memory stick (“VMS”) file and including, in the VMS file, one or more keys and one or more passphrases; encrypting the VMS file with a protection passphrase to generate an encrypted VMS file; and transmitting the encrypted VMS file to the server computer.

Abstract: Aspects of the disclosure relate to dynamically controlling access to linked content in electronic communications. A computing platform may receive, from a user computing device, a request for a uniform resource locator associated with an email message and may evaluate the request using one or more isolation criteria. Based on evaluating the request, the computing platform may identify that the request meets at least one isolation condition associated with the one or more isolation criteria. In response to identifying that the request meets the at least one isolation condition associated with the one or more isolation criteria, the computing platform may initiate a browser mirroring session with the user computing device to provide the user computing device with limited access to a resource corresponding to the uniform resource locator associated with the email message.

Abstract: An apparatus includes one or more functional circuits, a debug circuit configured to implement one or more debug features for the one or more functional circuits, and a validation circuit. The validation circuit is configured to receive a request to access debug features, and to send an identification value corresponding to the apparatus. The validation circuit is further configured to receive a certificate generated by a server computer system, the certificate including encoded debug permissions, and to decode the debug permissions using the identification value. Using the decoded debug permissions, the validation circuit is further configured to enable one or more of the debug features.

Abstract: A method and system for reducing triggering of throughput penalties imposed on a group of users by a software-as-a-service (SaaS) server due to Application Programming Interface (API) calls exceeding limits of the SaaS server is disclosed. The approaches include actions of intercepting requests to the SaaS server from a user group and monitoring both a rate of API calls for the requests and a rate of API events generated by forwarding the API calls to the SaaS server, intercepting the SaaS server's responses, where some of the responses indicate a throughput penalty imposed by the server, inferring load conditions of the SaaS server by analyzing the varying rate of API events against the responses with imposition of throughput penalty and setting an API call throttle limit dynamically adaptive to the inferred load conditions, then throttling the rate of the API calls for the group's requests according to the throttle limit.

Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.

Abstract: Using various embodiments, methods and systems for verification of a digital asset owner in a digital environment are described. In one embodiment, a system can be configured to receive a digital asset where the digital asset is configured to be displayed in a multi-dimensional environment. Thereafter, the system retrieves a secret pattern within the digital asset and computes a first identification hash value using a hash function. In one embodiment, the hash function receives a parameter value derived from the secret pattern. The system then compares the first identification hash value to a second identification hash value, where the second identification hash value is provided by the owner of the digital asset. The system then determines the digital asset as authentic when the first and second identification hash values are identical.

Abstract: The disclosed technology is generally directed to firewalls. In one example of the technology, a first firewall is used such that communication is blocked from a first subsystem of a device upon boot of the device. The first firewall is enabled to be configured by secure code subsequent to boot such that code that is not secure code is prevented from configuring the first firewall. After configuration of the first firewall, based on the configuration, the first firewall is used to selectively allow the first subsystem access to the first memory based on ranges of addresses of the first memory configured as accessible to the first subsystem.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: Various systems facilitate encrypted file storage. A client device may generate an encrypted version of a file. The client device may obtain at least one reference to at least one storage location for the encrypted version of the file. The client device may cause the encrypted version of the file to be store at the at least one storage location using the at least one reference to the at least one storage location.

Abstract: A system and method for managing a plurality of network-enabled client devices such as networking equipment and Internet of Things (IoT) devices which employs a distributed ledger, or blockchain, to store network configuration information for each client device. Access to the distributed ledger may be provided through a proxy computing system that is configured to exchange control messages with the client devices. Network configuration information is defined in smart contracts stored in the distributed ledger which are executed on registration of the network-enabled client device in the distributed ledger.

Abstract: Disclosed are various approaches for automating the detection and identification of security issues. A plurality of signals received from a plurality of security devices are analyzed to identify a predicted security incident, each of the plurality of signals indicating a potential security issue. A confidence score is then calculated for the predicted security incident. At least one compliance policy is then evaluated to determine whether to perform a remedial action specified in the compliance policy, wherein a determination to perform the remedial action is based at least in part on the confidence score. Finally, the remedial action is performed in response to an evaluation of the at least one compliance policy.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing user management associated with blockchain-based services. One of the methods includes receiving: at a service platform, receiving a first request to authorize a first member to access information related to a first order; invoking a smart contract executing on a blockchain to request that the first member be added to a list of authorized members who are authorized to access the information related to the first order, in which the smart contract is configured to maintain a data structure that stores information about the authorized members; receiving a confirmation from the smart contract that the first member has been added to the list of authorized members; and sending a confirmation to the administrator that the first member has been added to the list of authorized members.

Abstract: A method to transform the function of a programmable circuit (e.g. FPGA) for removing functional bugs or Hardware Trojans is provided.

Abstract: An authorization credential migration method includes: sending, by a first terminal device, an authorization credential immigration request for a trusted application to a service server; receiving an entered second authorization verification code of the trusted application; sending, by the first terminal device, the second authorization verification code to the service server, to instruct the service server to perform authorization authentication; and receiving, by the first terminal device, an authorization credential of the trusted application that is sent by the service server.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that securely track, manage, and provision elements of interaction data within a computing environment in accordance with encrypted permissioning data recorded onto a permissioned distributed ledger. For example, an apparatus may obtain query data that includes an identifier of a computing system and a query term, and access one or more ledger blocks of a permissioned distributed ledger that include encrypted permissioning data and interaction data. The apparatus may decrypt the encrypted permissioning data using a master cryptographic key of a centralized authority.

Abstract: A system of averting phishing and ransomware attacks is disclosed wherein system comprises of a network of computers that exchange information to collaborate in sharing knowledge about the attack so that the other computers on the network are alerted and can successfully thwart similar attacks. This collaborative system relies on the end-point intelligence. That is, the computer that is the recipient entity of a malicious electronic mail message allows a review of the content of the message in a safe and sand-boxed environment, referred to as Safe View, and makes a determination regarding the maliciousness of the message. If indeed this message is determined to be malicious, the message is forwarded to an enterprise system on network that analyzes the message and gleans key metadata from it and distributes this information over the network to all the computer nodes on the network.

Abstract: Systems and methods for artificial intelligence systems for identity management systems are disclosed. Embodiments may perform outlier detection and risk assessment based on identity management data, including one or more property graphs or peer groups determined from those property graphs, to determine identity management artifacts with ‘abnormal’ patterns when compared to other related identity management artifacts.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing user management associated with blockchain-based services. One of the methods includes receiving: at a service platform, receiving a first request to authorize a first member to access information related to a first order; invoking a smart contract executing on a blockchain to request that the first member be added to a list of authorized members who are authorized to access the information related to the first order, in which the smart contract is configured to maintain a data structure that stores information about the authorized members; receiving a confirmation from the smart contract that the first member has been added to the list of authorized members; and sending a confirmation to the administrator that the first member has been added to the list of authorized members.

Abstract: Cybersecurity enhancements help avoid malicious Uniform Resource Locators (URLs). Embodiments may reduce or eliminate reliance on subjective analysis or detonation virtual machines. URL substrings are automatically analyzed for maliciousness using malice patterns. Patterns may test counts, lengths, rarity, encodings, and other inherent aspects of URLs. URLs may be analyzed individually, or in groups to detect shared portions, or both. URL analysis may use or avoid machine learning, and may use or avoid lookups. Malice patterns may be used individually or in combinations to detect malicious URLs. Analysis results may enhance security through blocking use of suspect URLs, flagging them for further analysis, or allowing their validated use, for instance. Analysis results may also be fed back to further train a machine learning model or a statistical model.