Abstract: A method of rescinding access to a designated block within a blockchain, wherein the designated block contains data encrypted with a content encryption key and is associated with metadata, wherein the metadata for the designated block include an obsolescence lock public key. The method includes creating, at the time the designated block is created, an obsolescence lock for supporting a rescission request if the rescission request is agreed upon by a required number of authorized parties for the designated block; splitting the obsolescence lock private key into a number of secret shares; and upon receiving particular rescission instruction block, an agreement instruction block and a confirmation instruction block, removing all encrypted content encryption keys from the metadata of the designated block, thereby rescinding access to the original data within the designated block. An equivalent method is presented to rescind access to a blockchain.

Abstract: A system and method for authenticating a user device is disclosed. In one embodiment, the method comprises: transmitting a request for credentials from the user device, wherein the request comprises a user device identifier and the credentials comprise an asymmetric key pair having a public key and an associated private key, the private key being encrypted; receiving the credentials in the user device, the credentials comprising the encrypted private key and the public key; retrieving quick response (QR) code data associated with the user device identifier from a QR code data directory, the QR code data generated from the public key and stored in the QR code data directory according to the user device identifier by a secure online service; extracting the public key from the QR code data; and establishing an authenticated and encrypted communication session with the user device according to the extracted public key.

Abstract: A computer-implemented method of generating a respective signature share of a digital signature for signing a message, wherein the method is performed by a first participant of the group and comprises: obtaining at least the threshold number of respective participant indexes, wherein the obtained respective participant indexes comprises a first participant index associated with the first participant; generating a private key index, wherein the private key index is generated based on a hash of a combination of the obtained respective participant indexes; generating a second common private key of the first hierarchical key structure; and generating a first signature share of the digital signature.

Abstract: A system for implementing security measures to a data packet is disclosed. The system assigns each computing device with a respective encryption key. A first computing device encrypts the data packet with a first encryption key upon creation and/or before transmission. The first computing device encodes the data packet with a quantum encryption key and communicates the encoded data packet to a second computing device. The second computing device determines whether the data packet is received without being intercepted. In response to determining that the data packet is received without being intercepted, the second computing device decrypts the data packet.

Abstract: Systems, methods, and other embodiments described herein relate to remote attestation using a homomorphic hash. In one embodiment, a method includes identifying software components and associated metrics of the software components executing within a computing system of a vehicle according to a policy. The method includes constructing a tree according to the software components and partitions within the software components. The method includes storing, in leaf nodes of the tree, measurements of the metrics. The parent nodes define a hierarchical relationship between software components and the partitions. The method includes generating an incremental hash of the tree. The method includes providing the incremental hash as a secure representation of the software components.

Abstract: The present invention provides a mobile device management and control method and apparatus. The method includes the following steps: A web end operates a policy form, and sends policy form data obtained after the operation is completed to a server for processing and generating a policy form code; and a mobile terminal requests to obtain the policy form code from the server, and sends a unique identifier of the mobile terminal and the policy form code to the server for processing and generating a unique identifier. In the present invention, encoded data is exchanged between the mobile terminal and the server at intervals, which resolves a problem that when the mobile terminal is managed and controlled, when the network fluctuates or the mobile terminal stays in an always-on display state for a long time, a connection is broken.

Abstract: Combining allowlist and blocklist support in data queries includes performing operations including obtaining a runtime query and extracting a set of runtime tuples from the runtime query. The operations further include processing the set of runtime tuples by an allowlist semantic comparator comparing the set of runtime tuples with an allowlist to obtain a first comparison result and by a blocklist semantic comparator comparing the set of runtime tuples with a blocklist to obtain a second comparison result. The blocklist semantic comparator performs an inverse comparison of the allowlist semantic comparator. The operations further include combining the first comparison result with the second comparison to form an access determination and executing the runtime query according to the access determination.

Abstract: A device management method, system, and apparatus are disclosed. The method includes: A second device sends an identity file to a first access control node, to indicate the first access control node to store the identity file in a file system, where the identity file includes identity information of a first device and a public key of the second device. The second device receives a first identifier sent by the first access control node. The first identifier is used to read the identity file from the file system. After verification is performed on the second device and information about a device associated with the first device in association information and succeeds, the first access control node sends the identity file to the file system. The association information is stored in a database node and a blockchain.

Abstract: Disclosed herein are techniques for managing activity logs in a manner that promotes user privacy. One technique can by implemented by a centralized management hub, and include the steps of (1) receiving, from a peripheral device, information about activity detected by the peripheral device, where the information includes at least one activity tag, (2) identifying a hash function, (3) providing the at least one activity tag to the hash function to generate at least one hash value, (4) encrypting, using an encryption key that is accessible to the centralized management hub, at least a subset of the information to produce encrypted information, and (5) causing a server device to store, in an activity log associated with the centralized management hub, an activity log entry that includes: a timestamp corresponding to a time at which the activity log entry is stored, the at least one hash value, and the encrypted information.

Abstract: Methods and systems for managing endpoint devices are disclosed. The endpoint devices may be managed by verifying blueprints prior to use. To verify the blueprints, the blueprints may be normalized to reduce variability in blueprint content. Once normalized, static content may be identified. Signatures from the blueprints may be used to attempt to verify the integrity of the static content. If successfully verified, then both the static and dynamic content from the blueprints may be used to update the operation of the endpoint devices.

Abstract: There is provided a framework to record to a blockchain unique identification (signatures) of physical items which have unique, random properties. Physical items are analysed using spectral imaging to determine the unique identifications. Hardware is shown to perform the analysis and various nodes of a peer-to-peer network are shown and described, which nodes may be configured to provide proof of location, privacy, trust and authentication. The solution can work even if the item is modified in some way if a subset of the unique properties remain.

Abstract: There is provided a method and a system implementing a two-tier blockchain ledger. The blockchain system includes a plurality of connected validator computer nodes maintaining the two-tier blockchain ledger, and a producer node connected to the system and being associated with a physical asset producing entity. The two-tier blockchain ledger includes a first-tier token, which is minted based on physical asset production data from the producer, and a second-tier token, the second-tier token quantity in the ledger depending on a total quantity of first-tier tokens. The producer node may receive newly generated first-tier tokens upon minting. Active validator nodes selected from the validator nodes based on staking of second-tier tokens and/or bidding of first-tier tokens form a consensus to validate blocks in the two-tier blockchain ledger. The active validator nodes may obtain newly generated second-tier tokens based on the total quantity of first-tier tokens.

Abstract: An example operation may include one or more of obtaining data of a simulation, identifying checkpoints within the simulation data, generating a plurality of sequential data structures based on the identified checkpoints, where each data structure identifies an evolving state of the simulation with respect to a previous data structure among the sequential data structures, and transmitting the generated sequential data structures to nodes of a blockchain network for inclusion in one or more data blocks within a hash-linked chain of data blocks.

Abstract: A monitoring system including a requesting device, a monitoring apparatus and a signing device, wherein the monitoring apparatus is configured to receive a signature request data structure, store the data, receive a hash-based digital signature generated for the data by a stateful hash-based cryptographic function of the signing device, extract a one-time signature from the received hash-based digital signature, determine a one-time public key based on the stored data to be signed and the one-time signature, compare the one-time public key with previous one-time public keys determined from hash-based digital signatures previously received from the signing device, and if the one-time public key is different to any of previous one-time public keys, store the one-time public key in a data storage unit, if the one-time public key is equal to at least one of the previous one-time public keys, output a first warning signal to the requesting device.

Abstract: The embodiments of the disclosure disclose a method and a system for blockchain access authority control, an apparatus, a program and a medium. The system comprises a plurality of blockchain nodes. For each blockchain node, a corresponding distributed node is further deployed in a node apparatus where the blockchain node is located, and the distributed nodes form a distributed storage system. A first blockchain node receives an access request sent by a first client, determines a possession of a first authority to access the blockchain system by the first client according to role confirmation information, and then determines a distributed node where access content is located from the distributed storage system. After determining a possession of a second authority to access the distributed node where the access content is located by the first client according to authority authentication information, the access content is obtained and returned to the first client.

Abstract: A memory subsystem includes link encryption for the system memory data bus. The memory controller can provide encryption for data at rest and link protection. The memory controller can optionally provide link encryption. Thus, the system can provide link protection for the data in transit. The memory module can include a link decryption engine that can decrypt link encryption if it is used, and performs a link integrity check with a link integrity tag associated with the link protection. The memory devices can then store the encrypted protected data and ECC data from the link decryption engine after link protection verification.

Abstract: Disclosed herein are systems, methods, and computer-readable media for enabling more secure multi-party computations (MPCs) using a trusted execution environment (TEE). In one aspect, a method includes executing, by a first MPC computer, a secure MPC protocol in a first TEE of the first MPC computer. The first MPC computer generates a request to a second MPC computer executing the secure MPC protocol in a second TEE of the second MPC computer. The first TEE determines that one or more attestation conditions are met by the first MPC computer executing the secure MPC protocol in the first TEE. In response to determining that the one or more attestation conditions are met, the first TEE generates an attestation token including one or more digital signatures for the secure MPC protocol executing in the first TEE. The first MPC computer sends the attestation token with the request to the second MPC computer.

Abstract: An Internet of Things (IoT) resource remotely senses data about a user. A computing device of the user comprises a personal privacy app (“PPA”) that: receives data about the IoT resource, wherein the data about the IoT resource comprises available user-specific privacy requests related to data practices of the IoT resource; communicates a privacy request for the user with respect to the IoT resource, wherein the privacy request is one of the available user-specific privacy requests and wherein the privacy request communicated by the PPA is based on the data received about the IoT resource; and in response to a query related to the privacy request, causes electronic documentation to be transmitted that demonstrates that the user qualifies to submit the privacy request, such that the privacy request is applied to data collected about the user by the IoT resource.

Abstract: In an example, a computing device is described. The computing device comprises a memory to store a set of states and a corresponding set of non-overlapping time intervals. The computing device further comprises a timing unit to indicate a time at which a signature is to be produced. The computing device further comprises a processor to: identify which time interval of the set of non-overlapping time intervals includes the indicated time; generate a signing key based on a state associated with the identified time interval; and produce a signature, under a stateful signature scheme, with the signing key.

Abstract: A method and system for deleting multi-copy personal data efficiently and securely is provided, wherein the personal data and its subject identifier are signed and uploaded to data domains and stored as personal data copies; the personal data copies along with its source and destination data are circulated among the data domains; the data domain receiving a deletion instruction transmits the deletion instruction to every relevant data domains based on the identifier of the personal data subject and the destination data and then performs deletion; and after completing the deletion, the data domain deposit its domain identifier and feedback data it receives into a log, and feed the log back to its superior data domain. And the system of the present disclosure includes a plurality of data domains that can perform the above operations, thereby realizing association-based storage, association-based deletion and verification of association-based deletion of multi-copy personal data.