Abstract: An apparatus includes a memory, a communication interface in communication with a network, a first processor, and a second process different from the first processor. The first processor configured to receive data from a user device and to separate the data into a first data set including metadata associated with a user of the user device and a second data set including anonymized data associated with a set of actions to be performed on a predetermined schedule. The second processor is configured to receive the second data set from the first processor and a user input associated with a selection of a simulation and at least one additional action otherwise not included in the set of actions. The second processor configured to perform the simulation using the second data set to simulate an acceleration of the predetermined schedule as a result of the at least one additional action.

Abstract: Systems and methods for peer-to-peer secure document exchange are disclosed. The system may allow a document provider to securely transmit a certified document to a document verifier using decentralized storage. The verifier system may generate a session key pair and transmit the session public key to a trusted API provider. The trusted API provider may generate a session nonce. The verifier system may transmit the session nonce to the provider system. The provider system may use the session nonce to retrieve the session public key. The provider system may encrypt a certified document using the session public key and store the encrypted certified document in the decentralized storage. The verifier system may retrieve the encrypted certified document by polling the trusted API provider based on the session nonce. The verifier system may decrypt the encrypted certified document using the session private key.

Abstract: An authentication method includes assigning a risk status to a request received from a remote interaction system, transmitting a notification communication to a device associated with the request, monitoring interaction data from an interaction network, and identifying, from the monitored interaction data, authentication interaction information, the authentication interaction information including a coded sequence and a predetermined authentication identifier. The authentication method also includes comparing the coded sequence in the authentication interaction information to an expected coded sequence and transmitting a verification communication after determining the coded sequence in the authentication interaction information matches the expected coded sequence.

Abstract: Systems and methods for firmware validation for encrypted virtual machines are disclosed. An example method may include initiating a boot process to launch a virtual machine on a host machine. The virtual machine can be associate with a first firmware. The method may further include authenticating the virtual machine with an external server using the first firmware. The method may further include receiving secret data associated with the virtual machine from the external server. The secret data may be encrypted with an encryption key. The method may further include, responsive to authenticating a second firmware using the first firmware, completing the boot process to launch the virtual machine using the secret data.

Abstract: An apparatus is described. The apparatus comprises: communication circuitry configured to receive from a submitter, over a network, a data item of a first data type, wherein the data item comprises a plurality of components and the apparatus further comprises: processing circuitry configured to: sequentially receive the plurality of components of the data item and for each component in succession in the sequence, the processing circuitry is configured to: remove non-significant content from the component of the data item; generate a data item of a second data type from the sequentially received plurality of components; generate a hash of the generated data item; and provide the hash for signing.

Abstract: There is disclosed in one example a computer-implemented method of detecting a statistically-significant security event and automating a response thereto, including: querying, or causing to be queried, a security intelligence database for sector-wise historical norms for an indicator of compromise (IoC); obtaining sector-wise expected prevalence data for the IoC; receiving observed sector-wise prevalence data for the IoC; computing a first test statistic from a goodness-of-fit test between the observed and expected prevalences; from the observed sector-wise prevalence data, computing a second test statistic from a difference between a highest prevalence and a next-highest prevalence; computing a third test statistic from a difference between the observed prevalence of a highest prevalence sector and the expected prevalence for the highest prevalence sector; selecting a least significant statistic from among the first, second, and third test statistics; and determining from the least significant statistic whet

Abstract: A method according to one embodiment includes receiving, by an access control device, a credential token from a mobile device, wherein the credential token includes an access credential, a credential identifier, and a caveat that instructs the access control device to perform an associated action, determining, by the access control device, a credential type associated with the access credential based on the credential identifier, determining, by the access control device, a set of caveat rules associated with the credential type, wherein the set of caveat rules identifies one or more actions authorized for an access credential of the credential type, and performing, by the access control device, the associated action identified by the caveat in response to a determination that the associated action is an action authorized by the set of caveat rules associated with the credential type.

Abstract: A method includes receiving an event, the event associated with a digital signature in a first time-based message comprising a first trusted time stamp token generated using a first hash of digitally signed content from a trusted timing authority; generating a first block on a distributed ledger; generating a second hash of the first trusted time stamp token; receiving a second trusted time stamp token from the trusted timing authority in response to transmitting the second hash to the trusted timing authority; and generating a second block on the distributed ledger; wherein verification of data integrity of the digitally signed content is provided via the first hash of the digitally signed content and second hash of the first trusted time stamp token and via the hash of the first block and a hash of the second block.

Abstract: Embodiments for device pairing using optical codes are described. One embodiment is a wearable device with an image sensor configured to capture an image including a first optical code from a first host device. The wearable device decodes the first optical code, and in response to the first optical code, initiates broadcast of a pairing advertisement. The host device displays a second optical code in response to the pairing advertisement, and the wearable device captures and processes the second optical code to determine a host pairing advertisement code. The wearable device then, in response to the second optical code, initiate broadcast of a second pairing advertisement including the host pairing advertisement code. In various embodiments, a secure wireless channel is then established and used for further secure communications.

Abstract: The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API servers—which log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise.

Abstract: Methods, apparatus, systems and articles of manufacture to determine provenance for data supply chains are disclosed. Example instructions cause a machine to at least, in response to data being generated, generate a local data object and object metadata corresponding to the data; hash the local data object; generate a hash of a label of the local data object; generate a hierarchical data structure for the data including the hash of the local data object and the hash of the label of the local data object; generate a data supply chain object including the hierarchical data structure; and transmit the data and the data supply chain object to a device that requested access to the data.

Abstract: Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc.

Abstract: In an information management system that manages encrypted personal information on a user stored in a storage device, a personal information appropriateness/inappropriateness determination section determines whether or not the personal information stored in the storage device is appropriate when access permission information is received from a user terminal used by the user, the access permission information instructing that a requesting entity requesting the personal information be permitted to access the personal information. A personal information access management section enables the requesting entity to access the personal information stored in the storage device when it is determined by the personal information appropriateness/inappropriateness determination section that the personal information stored in the storage device is appropriate.

Abstract: Described are platforms, systems, and methods for providing a cryptographic record of an energy contract persisted as a confirm to a distributed ledger. In one aspect, a method comprises receiving confirm data comprising a plurality of obligations arising from an energy contract entered into by at least two parties, wherein the obligations comprise physical obligations for an amount of energy and financial obligations for the amount of energy; generating at least one token based on the obligations, wherein each token comprises a token state and a range for a unit for measuring the amount of energy; persisting a confirm to a distributed ledger, the confirm generated based on the confirm data and the at least one token; and providing a cryptographic record of the energy contract to each of the parties according to the confirm and the at least one token state.

Abstract: A method for obtaining and using a single-use OAuth 2.0 access token for securing specific service-based architecture (SBA) interfaces includes generating, by a consumer network function (NF) an access token request. The method further includes inserting, in the access token request, a hash of at least a portion of a service-based interface (SBI) request message. The method further includes sending the access token request to an NF repository function (NRF). The method further includes receiving, from the NRF, an access token response, the access token response having an OAuth 2.0 access token including the hash of the at least a portion of the SBI request message. The method further includes using the OAuth 2.0 access token including the hash of the at least a portion of the SBI request message to access an SBI service.

Abstract: An Autonomous Exchange via Entrusted Ledger (AXEL) blockchain is discussed herein. The AXEL blockchain enables users to perform transactions in a private setting while enabling the transaction records thereof to be verified by other network users without publicly divulging the contents or details of the transaction records. The token identification system and method allows the tokens to carry an immutable identification to prevent negative blockchain occurrences such as double spending. A payment methodology allowing integration of external financial institutions with user owned and managed wallet. The AXEL blockchain can also interface with and utilize a distributed database to create an immutable record of each transaction while providing a complete backup of the transactions that occur within the system and on the AXEL blockchain. A method for protecting the private key ensures wallet access is only granted to the account owner.

Abstract: An authentication system is disclosed here to locally store and authenticate user data associated with a user. The authentication system comprises a biometric engine, a local database, a requesting module, and an authentication engine. The biometric engine stores biometric identification of the user for registration, which is retrieved using a user owned mobile device. The local database stores the user data associated with the user after the registration, and is in communication with the biometric engine via a client application. The requesting module is in communication with a processor to request an authentication of the user data, which is accepted if the request matches the identified user data. The authentication engine authenticates the user data by verifying the user data against one or more of the biometric identifications, and generate an authentication message that is sent to a proprietor that requests for the authentication of the user data.

Abstract: An Autonomous Exchange via Entrusted Ledger (AXEL) blockchain enables users to perform transactions in private while enabling the transaction records thereof to be verified by other network users without publicly divulging the contents or details of the transaction records. Internal addressing provides for separation of control within the wallet by making a portion of the wallet inaccessible to the blockchain, allowing increased security for tokens being managed by the wallet. The ability to configure restrictions placed on sending and receiving wallet addresses, and to create multiple public keys, provide further security measures.

Abstract: Systems, methods and non-transitory computer readable media for determining permissions in privacy firewalls are provided. At least part of a content of a data collection may be analyzed to determine a subject matter. A permission corresponding to the data collection and at least one user may be determined based on the subject matter. A request of the at least one user to access at least part of the data collection may be received. In response to a first determined permission, the requested access to the at least part of the data collection may be provided, and in response to a second determined permission, the request may be denied.

Abstract: A vehicle control method of starting and shutting down an engine, in which a processor receives a blockchain update comprising a first transaction with instructions to perform an engine startup or shutdown; the blockchain update is validated; an engine startup or shutdown is performed based on the validated blockchain update; where the engine startup or shutdown is delayed based on validating a predetermined number of subsequent blockchain updates, including a second transaction with instructions to perform the engine startup or shutdown.