Abstract: A computing system identifies a third-party dependency to be added to a codebase. The third-party dependency is hosted on a third-party server. The computing system downloads the third-party dependency within a secure runtime environment. The computing system generates a signature value for the third-party dependency. The computing system compares the signature value to a database of signature values of approved third-party dependencies. Upon determining that the signature value does not correspond to any signature values of the approved third-party dependencies, the computing system executes the third-party dependency within the secure runtime environment. The computing system monitors the execution of the third-party dependency within the secure runtime environment to identify suspicious activity. Upon determining that the third-party dependency is not exhibiting suspicious activity, the computing system adds the signature value to the database of signature values of approved third-party dependencies.

Abstract: A system and a method include an onboard communication system configured to be disposed onboard a vehicle system and comprising one or more processors. The one or more processors may generate a session key that includes a shared secret key that is known by the onboard communication system and an off-board communication system, generate one or more encryption keys by hashing the session key with an identifier based on a cycle time that is known by the onboard communication system and the off-board communication system, generate one or more encrypted messages by encrypting one or more messages associated with one or more of the vehicle system or a route over which the vehicle system moves based on the one or more encryption keys, and communicate the one or more encrypted messages from the onboard communication system to the off-board communication system.

Abstract: An example operation may include one or more of receiving, by each of one or more peripheral peers of a blockchain network, a new block from an orderer peer, calculating a hash of the new block, determining the calculated hash is different than hashes from a majority of peripheral peers, determining that one or more blocks that correspond to the different hashes from the majority of peripheral peers are different from the new block, and in response ceasing committing blocks to the blockchain network.

Abstract: A method for preventing digital content misuse can include detecting, by a client-side computing device, that the client-side computing device is paired to a viewing device such that, after being paired, the client-side computing device can cause digital content received from a remote server to be presented on a display of the viewing device; after detecting that the client-side computing device is paired to the viewing device, detecting, by the client-side computing device, that the client-side computing device has been unpaired from the viewing device; and in response to detecting that the client-side computing device has been unpaired from the viewing device, executing a remedial action.

Abstract: A method for confirming a blockchain transaction utilizing output from a transaction still waiting inclusion in a blockchain includes: storing, in a node of a blockchain network, a plurality of waiting blockchain transactions not included in a blockchain associated with the blockchain network; receiving a new blockchain transaction including a transaction amount, destination address, digital signature, and an unspent transaction output, where the unspent transaction output is a reference to one waiting blockchain transactions; validating the new blockchain transaction including confirmation of the one of the waiting blockchain transactions; generating a new block including a block header and a plurality of blockchain data entries including at least the new blockchain transaction and the one of the waiting blockchain transactions; and transmitting the generated new block to a plurality of additional nodes in the blockchain network for confirmation.

Abstract: Aspects of the invention include systems and methods configured to prevent masquerading service attacks. A non-limiting example computer-implemented method includes sending, from a first server in a cloud environment, a communication request comprising an application programming interface (API) key and a first server identifier to an identity and access management (IAM) server of the cloud environment. The API key can be uniquely assigned by the IAM server to a first component of the first server. The first server receives a credential that includes a token for the first component and sends the credential to a second server. The second server sends the credential, a second server identifier, and an identifier for a second component of the second server to the IAM server. The second server receives an acknowledgment from the IAM server and sends the acknowledgment to the first server.

Abstract: An example operation may include one or more of dividing a data file into a plurality of data chunks, generating a randomness value for each data chunk based on one or more predefined randomness tests, and accumulating generated randomness values of the plurality of data chunks to generate an accumulated randomness value, detecting whether the data file is one or more of encrypted and compressed based on the accumulated randomness value and a predetermined threshold value, and storing information about the detection via a storage.

Abstract: Example implementations relate to system and method of signing a boot information file by a manageability controller, and interlocking host computing system to signed boot information file. The boot information file may include a boot loader file and/or an OS kernel file of the host computing system. The manageability controller receives the boot information file from a processor of a computing device. Further, the manageability controller signs the boot information file with a hashed data of a unique identifier, to generate and communicate the signed boot information file to the processor. Later, the manageability controller updates a boot database stored in non-volatile random-access memory of a firmware engine of the host computing system with a thumbprint data of the signed boot information file to interlock the host computing system to the signed boot information file, in response to successful download of the signed boot information file by the processor.

Abstract: The present disclosure discloses a customized non-fungible token (NFT) generation system used in entertainment industry. The system comprising: at least one processor; a database; a memory. The memory comprises a receiving module; an information encoder; a footage processor for processing the multimedia footage to obtain a non-fungible token (NFT) footage; a non-fungible token (NFT) content encoder for encoding the non-fungible token (NFT) customized multimedia content and the non-fungible token (NFT) footage to attain a non-fungible token (NFT) customized digital content; a non-fungible token (NFT) mint program for process a non-fungible token (NFT) metadata, the non-fungible token (NFT) supplement metadata and the non-fungible token (NFT) customized digital content to create a Customized non-fungible token (NFT). The system further comprises a communication network and a blockchain.

Abstract: An identification system device includes an identification element processing unit that generates identification elements based on sound information including a frequency of a sound source or a frequency of a sound. An ID conversion processing unit that generates an ID based on the sound information, an information generation processing unit generates identification information by associating the ID with the identification elements, a memory unit stores the identification information, and a judgment unit compares the identification information with newly generated identification elements to determine whether or not both are the sound information from the same sound source. The ID conversion processing unit generates the new ID related to the ID when the determination was the sound information from the same sound source, and the information generation processing unit generates a new identification information by associating the new ID with the newly generated identification elements.

Abstract: Techniques are described for client registration for authorizing an aggregator service to access data on behalf of an application, through self-registration of an application client identifier and issuance of authorization token(s) based on the application client identifier. Implementations provide a technique for dynamic client registration that avoids the need for manual vetting and manual generation of the client credential grant. Additionally, the implementations described herein enforce domain values around the scope and/or purpose of the client grant. This allows for support of application providers through a single point of registration that supports multi-layer and channel. This also allows for support of a scalable authorization solution for any suitable number of clients. The dynamic client registration process adds an additional layer of security through the OAuth client grant and mutual authentication.

Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.

Abstract: Techniques disclosed herein relate to the authentication of a first user in a communication session between the first user using a user device and a second user using a remote computer system. The computer system sends an authentication request in the session, and the user device receives the authentication request in the session via a messaging program. The user device then causes a different program to access an authentication token received from an authentication computer system. The user device sends an indication of the authentication token to the remote computer system which the remote computer system verifies to authenticate the first user within the session.

Abstract: A technique and system provide protection to a protected document while being viewed on a Web browser or mobile application on a mobile device, such as a smartphone or tablet. Methods, techniques, and systems control access to protected documents and use of content in protected documents to support information management policies.

Abstract: A method for preventing digital content misuse can include detecting, by a client-side computing device, that the client-side computing device is paired to a viewing device such that, after being paired, the client-side computing device can cause digital content received from a remote server to be presented on a display of the viewing device; after detecting that the client-side computing device is paired to the viewing device, detecting, by the client-side computing device, that the client-side computing device has been unpaired from the viewing device; and in response to detecting that the client-side computing device has been unpaired from the viewing device, executing a remedial action.

Abstract: Disclosed is a mechanism for performing an anonymous transfer using a blockchain. A sender's device generates a commitment based on a serial number of a zero-knowledge token and a value of the zero-knowledge token. Moreover, the sender's device generates a range proof and a balance proof for the commitment. The range proof verifies that the value of the zero-knowledge token is within a preset range. The balance proof verifies that the value of a set of input tokens is greater than or equal to the value of the zero-knowledge token. The sender's device sends a conversion request to the blockchain network. The conversion request consumes the set of input tokens and generates the zero-knowledge token. The conversion request includes the generated commitment, the generated range proof, and the generated balance proof.

Abstract: Examples described herein provide for a system that evaluates a security level of a network system. Additionally, examples described herein evaluate a security level of a network system in order to enable a determination of components that can be used to enhance the security level of the network system.

Abstract: A battery-powered device (BPD) node compresses certificate chains to generate compressed certificate chains. The BPD node includes a compression dictionary that indexes various data entries that occur across many certificate chains and/or repeat within a particular certificate chain. The BPD node compresses a given certificate chain by replacing data entries within the given certificate chain with indices to corresponding data entries in the compression dictionary. The indices are smaller in size than the corresponding data entries. A neighboring BPD node also includes the compression dictionary and decompresses a compressed certificate chain by replacing indices included in the compressed certificate chain with the indexed data entries stored in the compression dictionary.

Abstract: A network interface device having a hardware module comprising a plurality of processing units. Each of the plurality of processing units is associated with its own at least one predefined operation. At a compile time, the hardware module is configured by arranging at least some of the plurality of processing units to perform their respective at least one operation with respect to a data packet in a certain order so as to perform a function with respect to that data packet. A compiler is provide to assign different processing stages to each processing unit. A controller is provided to switch between different processing circuitry on the fly so that one processing circuitry may be used whilst another is being compiled.

Abstract: A computer-implemented system, method and computer program product for providing access to a network of computing nodes that includes: requesting, by a client, access into a host node in the network, preferably a private network; selecting a digital certificate issuer; verifying, by the digital certificate issuer, the identity of the client's token; adding, by the certificate issuer, a nonce to a distributed ledger; and granting the client access to the host node in the network. The computing nodes in an embodiment are ranked based upon CPU capacity, and computing nodes with highest CPU capacity ranking are selected to participate in a proof-of-capacity consensus to solve for the nonce.