Abstract: An example operation may include one or more of identifying partitions associated with a blockchain, identifying a new transaction to be committed to the blockchain, determining a partition code assigned to the new transaction, and committing the new transaction to one of the partitions associated with the partition code.

Abstract: In an embodiment, an electronic data security system improves the security and usability of encrypted electronic data using a symmetric key approach implemented by security engines embedded on operably coupled integrated circuits. Engines paired to integrated circuits in combinations of hardware and software engines implementing security tasks can also be utilized. A first security engine is configured to interface to a second security engine and, using the components of the respective security engines, securely exchange electronic data using symmetric key encryption. The key change instruction configures the second security engine private key for a subsequent transmission.

Abstract: According to certain embodiments, an authentication system comprises memory operable to store instructions and processing circuitry operable to execute the instructions, whereby the authentication system is operable to provide a stimulus that causes an involuntary facial movement of a user. The authentication system is further operable to receive user data in response to the stimulus. The user data depicts the involuntary facial movement of the user. The authentication system is further operable to perform authentication based on comparing the user data to validation data associated with the user. The validation data comprises a previously validated depiction of the involuntary facial movement caused by exposing the user to the stimulus.

Abstract: An example embodiment may involve receiving, by a server device that stores a plurality of access credentials for computing devices that are disposed within a managed network, a request containing a label and an indication of an application service. The server device may be disposed within a remote network management platform that remotely manages the managed network. The example embodiment may further involve mapping, by the server device, the label and the application service to an endpoint identifier of a target computing device that is disposed within the managed network. The endpoint identifier may be associated with particular access credentials that are usable to access the application service executing on the target computing device. The example embodiment may further involve transmitting, by the server device, the endpoint identifier and the particular access credentials.

Abstract: Apparatus and methods are presented for using configurable additive data scrambling or descrambling circuitry for multichannel link aggregators in which a scrambler or descrambler polynomial is specified by binary data in a programmable register, and the polynomial data is used to compute a polynomial matrix. A scrambler or descrambler pattern is computed according to the polynomial matrix, and input data is bitwise exclusive-ORed with the computed scrambler or descrambler pattern to generate scrambled or descrambled output data. The scrambling or descrambling circuitry can be reconfigured for different polynomials by reprogramming the register, with the scrambler or descrambler automatically computing an updated polynomial matrix.

Abstract: Disclosed are various approaches for implementing certificate pinning in a tunnel client on a client device. A tunnel client receives a connection request from an application executed by the client device to connect to a remote server. The tunnel client determines that the remote server corresponds to a known pinned host and then determines whether the remote server presents a certificate matching a pinned certificate for the known pinned host. If the presented certificate matches the pinned certificate, the tunnel client allows a connection to be established between the application and the remote server through a network tunnel between the tunnel client and a tunnel server.

Abstract: Online activity may be monitored to determine risks to children. For example, Internet postings may reveal an actual and/or a potential contact with a child. A report may be generated and sent to a parent that details to contact.

Abstract: Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.

Abstract: The present disclosure provides a program integrity monitoring and contingency management system and method. The system includes a monitoring-notifying module and a contingency management module. The monitoring-notifying module includes a management unit configuring an exclusion profile and a program integrity monitoring profile, a setup unit establishing a file integrity baseline list according to the program integrity monitoring profile, a notifying unit, and an integrity comparison unit comparing the exclusion profile and the file integrity baseline list with the program integrity file, and generating an abnormality warning when the comparison result is abnormal and instructing the notifying unit to report the same.

Abstract: A per-resource user authority management unit that manages user authorities per resource, a user authority refinement unit that refines authorities linked to a user by the per-resource user authorities, and an authority verification unit that determines whether execution of processing with respect to a resource is permitted by using an authority that has been refined by the user authority refinement unit are provided.

Abstract: Methods for classifying computer objects as malware and the associated apparatus are disclosed. An exemplary method includes, at a base computer, receiving data about a computer object from each of plural remote computers on which the object or similar objects are stored and or processed and counting the number of times in a given time period objects having one or more common attributes or behaviors that have been seen by the remote computers. The counted number is then compared with the expected number based on past observations, and if the comparison exceeds a predetermined threshold, the objects are flagged as unsafe or as suspicious.

Abstract: The present invention may be a method, a system, and a computer program product. An embodiment of the present invention provides a method for ensuring anonymity of data. The method comprises the following: determining the number of members of each cluster, based on one or more features of leaving of the members of the data; and anonymizing the data in the database, using the determined number.

Abstract: A computing device includes a first component, a second component and a monitoring component. The monitoring component, receives, from the first component, a command to issue one or more transactions or data to the second component, and determines whether the first component is authorized to issue the one or more transactions, according to one or more policies or rules, which are received through an out-of-band mechanism to which the first component does not have access. If the monitoring component determines that the first component is authorized to issue the one or more transactions or data to the second component, it forwards the one or more transactions data to the second component. Otherwise, the monitoring component blocks the one or more transactions or data from being issued to the second component.

Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.

Abstract: This disclosure relates to a method for securely transmitting secret information to a user, including receiving by the user terminal, from a secure processor, a software component protected against tampering and reverse-engineering and configured to generate sets of adjacent pixels having a probability lower than 100% to be in a visible or invisible state, executing the software component by the user terminal, at a frame display refresh rate, to generate the pixel sets at the display refresh rate, inserting the pixel sets generated by each execution of the software component into one respective image frame, and activating display of the image frames at the frame display refresh rate, the image frames including information which is machine unintelligible as being formed of the pixel sets, the information becoming intelligible to a user at the display refresh rate based on a human visual system.

Abstract: In one aspect of the present description, operations are described for detecting whether programming code of a first computer program has been modified by a second computer program. In one embodiment, the modification detecting includes registering a first section of programming code of the first computer program in a first registry data structure. To detect a modification, the registered first section of programming code may be validated. In one embodiment, the validating includes comparing the section of programming code actually located at the first memory address to the registered first section of programming code. In another aspect, various selectable remedial actions may be taken upon detecting modification of programming code of the first computer program. Other features and aspects may be realized, depending upon the particular application.

Abstract: Aspects of the subject disclosure may include, for example, a server, comprising a processing system including a processor and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations including receiving a request from a mobile device of a user having an account to access a first mobile application of a plurality of mobile applications, wherein each of the plurality of mobile applications is embedded into a single bundled application, and wherein the single bundled application is downloaded onto the mobile device, determining whether the mobile device has permissions for access to the first mobile application and whether the mobile device is executing the single bundled application, and sending permissions data to the mobile device that enables the mobile device via the account to access the first mobile application. Other embodiments are disclosed.

Abstract: Disclosed is a boot system and boot method for an intelligent robot. The intelligent robot includes a central processing unit, an activating module, a memory and a wireless communication module. The central processing unit is electrically connected to the activating module, the memory and the wireless communication module. When the username and password stored in the memory is not compliant with the username and password of a wireless network, the intelligent robot enters a hotspot mode as a hotspot. A mobile device connects to the intelligent robot through the hotspot. The wireless communication module receives a login username and a login password from the mobile device. The intelligent robot connects to the wireless network for establishing the wireless network connection by the login username and the login password for entering a login mode.

Abstract: An example operation may include one or more of storing a broadcast encryption tree comprising a set of cryptographic keys disposed in a hierarchical tree format, distributing a partial set of keys from the broadcast encryption tree to each respective peer from among a group of peers included in a blockchain network, receiving, from a user device, an identification of at least one peer included in the group of peers for processing a blockchain transaction, selecting a subset of keys from among the set of cryptographic keys in the broadcast encryption tree which enables at least one peer to decrypt transactions and doesn't enable the remaining peers included in the group of peers to decrypt transactions, and transmitting broadcast encryption information about the selected subset of keys to the user device for performing encryption of the transactions.

Abstract: Embodiments presented herein provide systems and methods for creating and modifying a hash chain. A hash chain is created to track resource-privilege transfers between entities. A root node of the hash chain identifies the resource and specifies a digest of a possession token held by a first entity that initially possesses the privilege. A transfer of the privilege to a second entity can be recorded by adding an expansion node to the hash chain. If the second entity successfully reveals a possession token that a hashing function associated with the hash chain maps to the digest, an expansion node is linked to the root node. The expansion node indicates the possession token and a successor digest that is based on a successor possession token.