Abstract: Disclosed herein are systems and method for sending user data in a client-server architecture with data anonymity and consistency. In an exemplary aspect, a client device may identify, a structure to send to the server, wherein the structure comprises the user data. The client device may divide the structure into two or more substructures and for each respective substructure of the two or more substructures, the client device may (1) assign a degree of confidentiality to the respective substructure and (2) send the respective substructure to a respective node of a plurality of nodes based on the assigned degree of confidentiality and a degree of security of the respective node. The respective node may be configured to apply a respective transformation to the respective substructure and transmit the transformed respective substructure to the server. The server may be configured to combine received transformed substructures into a transformed structure.

Abstract: Systems and methods for blockchain ledger growth management using separation of a blockchain ledger into multiple blockchain ledgers (each ledger having a state that can be tracked and used). The systems and methods also include linking the separated ledgers by utilizing a linking application and smart contracts added to the separated ledgers.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: An online service provisioning process is provided during which the service provider's knowledge about the user to whom the service is delivered does not increase. This is accomplished by presenting user attribute information to the service provider as obfuscated objects that can be independently verified and which are privacy preserving.

Abstract: Examples disclosed herein describe authenticating a first electronic device based on a push message to a second electronic device. In one implementation, a processor receives a user identifier from a first electronic device. The processor may select a message communication type based on the user identifier and transmit an authentication information request to a second electronic device using a push message communication of the selected message communication type. The processor may authenticate the user based on the received response to the request and transmit information related to the user authentication to the first electronic device.

Abstract: To resolve a conflict between CMIS secondary types and certain ECM features such as content server categories, and allow the underlying ECM system to be fully CMIS-compliant, an ECM-independent ETL tool comprising a CMIS-compliant, repository-specific connector is provided. Operating on an integration services server at an integration tier between an application tier and a storage tier where the repository resides, the connector is particular configured to support CMIS secondary types and specific to the repository. On startup, the connector can import any category definition from the repository. The category definition contains properties associated with a category in the repository. When the category is attached to a document, the properties are viewable via a special category object type and a category identifier for the category. Any application can be adapted to leverage the ECM-independent ETL tool disclosed herein.

Abstract: A system and method are disclosed for bottom-up modeling and prediction of asset anomalies. In one embodiment, the system receives first sensor data from a first sensor, the first sensor associated with a first asset; smooths the first sensor data; determines a first stage within sensor data, the sensor data including the first sensor data; determines a first set of anomalies within the first stage; generates a first asset state space associated with the first asset; trains a base model describing a first group of one or more assets, the first group of one or more assets including the first asset; and trains, using the base model, a final model particular to the first asset.

Abstract: Secured automated or semi-automated systems are provided herein. In one embodiment, a sensor system includes a sensor, a legacy computing environment that is configured to communicate with the sensor and process sensor raw data output, and transmit the processed sensor output to a first network node over the network, and a trusted computing environment configured to receive raw sensor output directly from the sensor and transmit the raw sensor output to an additional network node or the first network node over the network.

Abstract: Aspects of the disclosure relate to an automated monitoring of proximate devices. A computing platform may cause a reporting device to detect a target device in a local network, retrieve network data associated with the target device, and send, to an intermediate server, the network data. The computing platform may send, to the intermediate server, a query. The intermediate server may send the network data in response to the query. Based on the network data, the computing platform may determine an amount of time that has elapsed since network activity was previously detected for the target device, and based on a determination that the amount of time exceeds a predetermined time threshold, the computing platform may generate an alert notification indicating that the target device may need to be traced. Subsequently, the alert notification may be sent to the reporting device.

Abstract: The invention relates to distributed ledger technologies such as consensus-based blockchains. Computer-implemented N methods for reducing arithmetic circuits derived from smart contracts are described. The invention is implemented using a blockchain network, which may be, for example, a Bitcoin blockchain. A set of conditions encoded in a first programming language is obtained. The set of conditions is converted into a programmatic set of conditions encoded in a second programming language. The programmatic set of conditions is precompiled into precompiled program code. The precompiled program code is transformed into an arithmetic circuit. The arithmetic circuit is reduced to form a reduced arithmetic circuit, and the reduced arithmetic circuit is stored.

Abstract: A memory device includes a memory cell array comprising a plurality of memory cells wherein each of the plurality of memory cells is configured to be in a data state, and a physically unclonable function (PUF) generator. The PUF generator further includes a first sense amplifier, coupled to the plurality of memory cells, wherein while the plurality of memory cells are being accessed, the first sense amplifier is configured to compare accessing speeds of first and second memory cells of the plurality of memory cells, and based on the comparison, provide a first output signal for generating a first PUF signature.

Abstract: Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunnel based VPNs have over their proxy based VPN counterparts.

Abstract: Computer systems and associated methods are disclosed to implement a decision model auditing system that allows clients of a machine learning decision system to audit the decision-making process the decision system. In embodiments, the decision system is instrumented with reporting code to collect internal decision data of the decision system and send the data to a decision auditing service. In embodiments, the auditing service provides the client with an obfuscated token, which may be used to anonymize the client requests to the decision system. As client requests are handled by the decision system, the reporting code generates audit messages to the auditing service. The auditing service stores the audit information, which may later be provided to the client or used generate an audit report. In embodiments, the audit report may indicate whether the decision system contains any undesired bias.

Abstract: The present disclosure discloses a method, device and node apparatus for blockchain permission control. The method comprises: receiving target information sent by a node apparatus; acquiring an account address of a configured account of the node apparatus; acquiring, according to the account address, from a predetermined block stored with the account address and an account permission corresponding to the account address, the account permission corresponding to the account address; and processing the target information according to the account permission accordingly. In the present disclosure, node apparatuses are configured with corresponding accounts, and performing permission control on the accounts can restrict permissions of different node apparatuses so as to ensure security and privacy of blockchain data.

Abstract: Embodiments of a smart card and systems and methods for secure data access using a smart card are described. The smart card may be formed a substrate and may include a microprocessor, a memory containing an applet, a counter, and a unique identifier. The smart card may dynamically generate a unique uniform resource location (URL) and transmit the URL to via a contactless communication interface to securely facilitate data access from other devices.

Abstract: A storage architecture and associated usage techniques are described for providing efficient modification and use of access rights for stored data. The access rights may be associated with data stored on blockchain storage, and a separate ledger storage system may be used to provide improvements for modifying access rights for such stored data. For example, groups of data may be created and stored on blockchain storage before access to the stored data groups is made available to end users, and additional information related to those stored data groups (e.g., about their access rights) may be stored in a separate ledger storage system. When a particular user later requests access rights for one of those previously stored data groups, corresponding modifications may be quickly made to the separate ledger storage system to provide the user with substantially immediate access to that stored data group.

Abstract: A computer-implemented method may include (1) providing, on a display screen of a computing device, a display that obscures an item of information in a secure field without obscuring an entirety of the display; (2) detecting, using at least a camera of the computing device, a change in orientation of a user of the computing device relative to the computing device; (3) in response to the change in orientation, causing the display to show the item of information in the secure field; and (4) after causing the display to show the item in the secure field, (i) detecting, using the camera, a subsequent change in the orientation of the user relative to the computing device, and (ii) in response to detecting the subsequent change in the orientation of the user, causing the display to again obscure the item of information in the secure field without obscuring the entire display.

Abstract: A blockchain data recording method includes determining a recording type as one of an on-chain type and an off-chain type according to a target data to be recorded in a blockchain, transmitting a first transaction proposal for recording the target data in a blockchain node configured to store an on-chain data on a blockchain to the blockchain node when the recording type is an on-chain type, and recording the target data in a storage node provided to store an off-chain data, and transmitting a second transaction proposal for storing recording information of the target data in the blockchain to the blockchain node when the recording type is an off-chain type.

Abstract: A system for authorizing secured access using cryptographic hash value validations is provided. In particular, the system may receive requests from users and/or computing systems to obtain secured access a particular resource or to execute a certain process. In response, the system may require that the user and/or computing system complete additional required steps (e.g., a computation) before being granted access to the resources or processes. In this way, the system may prevent unauthorized or unintended access to the system's resources or processes.

Abstract: A system is provided for the storage of data, the system having: an encrypted host platform upon which regulatory controlled data is stored; a controller configured to allow a primary user to set permission settings and identify authorized end users and degrees of access granted to each the authorized end user, the authorized end user being pre-cleared for compliance with regulatory controls pertaining to the regulatory controlled data; the controller configured to permit access to the encrypted host platform only if the hosting platform is in compliance with predefined data security protocols the controller configured to allow the authorized end user access to the regulatory controlled data, and the controller configured to exclude access to both a provider of the system for storage and a system host platform provider; at least one individual computing device accessible by at least one the authorized end user, the individual computing device configured to provide authorized end user identification data to th