Abstract: A method may include receiving, from a first trusted authority, a secret key specific to a party for use in posting to a blockchain. The method may also include receiving, from a second trusted authority, a correlated randomness component specific to the party and associated with a given temporal segment. The method may additionally include generating a party-generated randomized mask, and computing, using an input from the party, the correlated randomness component, and the party-generated randomized mask in a non-interactive multi-party computation (NIMPC), an NIMPC-encrypted input associated with the party for the given temporal segment. The method may also include encrypting the NIMPC-encrypted input according to a blockchain encryption algorithm to yield a ciphertext, and submitting the ciphertext to a block associated with the given temporal segment in a blockchain.

Abstract: One embodiment of the invention is a method utilizing a CAPTCHA to generate a human likeness score including blocks: a) receiving a user solution to the CAPTCHA; b) receiving a user interaction pattern descriptive of an interaction undertaken by the user, through a graphical interface of the CAPTCHA, to achieve the user solution; c) determining the accuracy of the user solution; d) comparing the user interaction pattern against an interaction model generated from interaction patterns of previous users; e) calculating the human likeness score based upon the determination of block c) and the comparison of block d), wherein the human likeness score lies within a continuum of human likeness scores.

Abstract: An example operation may include one or more receiving an entry at a blockchain-as-a-service (Baas) provider, determining whether the entry satisfies a first set of policies, and controlling placement of the entry into a first queue when the first set of policies is satisfied and into a second queue when the first set of policies is not satisfied, wherein the first queue is to store confirmed entries to be submitted for consensus without validation and the second queue is to store pending entries that require validation before consensus.

Abstract: A system configured to detect a threat activity on a network. The system including a digital device configured to detect a first order indicator of compromise on a network, detect a second order indicator of compromise on the network, generate a risk score based on correlating said first order indicator of compromise on the network with the second order indicator of compromise on said network, and generate at least one incident alert based on comparing the risk score to a threshold.

Abstract: Certain embodiments of the disclosure relate to an electronic device for authenticating a user by using user's biometric information, and an operating method thereof.

Abstract: An example operation may include one or more of hosting a first virtual node in a blockchain-as-a-service (Baas) provider, hosting a second virtual node in the Baas provider, and controlling transmission of information between the first virtual node and the second virtual node along an internal signal path of the Baas provider, wherein the information corresponds to a block in a blockchain that includes an entry for the first and second virtual nodes.

Abstract: A communication logging system facilitates communications between two or more users. A secured database stores communications from each user, and the system notifies the intended recipients of the communications. The system records times of creation of the communications, times of access to the communications, and who created and/or accessed the communications. The communications may not be altered or deleted once recorded, so there is a permanent source of reliable evidence as to the content of the communications and information associated therewith.

Abstract: A method of authorizing an access point includes receiving a first transmission signal from a first access point. The first transmission signal comprises identifying information of the first access point that includes a first token. The method includes receiving a second transmission signal from a client device. The second transmission signal includes a second token that is received by the client device from an un-provisioned access point. When a match is determined between the first token and the second token, the first access point is identified as the un-provisioned access point. The method includes transmitting the identifying information of the first access point and a request to the client device to authorize the un-provisioned access point. The method includes receiving a third transmission signal from the client device that includes an authorization verification of the un-provisioned access point that authorities the un-provisioned access point to connect to a cloud-managed network.

Abstract: A device receives a first network connection request, that does not include a domain name server (DNS) query, for establishment of a connection to a target destination. The device determines whether information identifying the target destination matches information identifying a permissible destination, included in a set of permissible destinations, identified in connection with a second network connection request, where the second network connection request included a prior DNS query and was received prior to the first network connection request being received, and where a prior security verification was performed in connection with the second network connection request and the prior DNS query.

Abstract: Methods are provided for decentralized key negotiation. One method includes initiating, by a first Internet Key Exchange (IKE) node from among a plurality of IKE nodes, a rekeying process for an Internet Protocol Security (IPSec) communication session established with a client device and serviced by a second IKE node from among the plurality of IKE nodes, and in which a first encryption key is used to encrypt traffic. The method further includes obtaining, by the first IKE node from a key value store, information about the IPSec communication session and performing, by the first IKE node, at least a part of the rekeying process in which the first encryption key is replaced with a second encryption key for the IPSec communication session.

Abstract: The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.

Abstract: The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.

Abstract: A messaging application configured to provide a messaging interface on which outgoing messages from a user, to contacts can be composed and incoming messages from the contacts can be viewed. Moreover, the messaging application is configured to store message data in an encrypted form as a database file. Furthermore, the messaging application is configured to require the user to input a predetermined access code before giving access to the messaging interface. Moreover, the messaging application is configured to provide a first mode in which the user is given access to all message data when a first predetermined access code is input, and a second, secret mode in which the user is given access to only a subset of all the message data, when a second predetermined access code is input by the user.

Abstract: Technologies for detecting abnormal activities in an electric vehicle charging station include an apparatus. The apparatus includes circuitry configured determine a cyber security threat level for the charging station in which the electric vehicle charger is located. Additionally, the circuitry is configured to perform, as a function of the determined cyber security threat level, a responsive action to protect the charging station from a cyber security threat.

Abstract: A limited input device, such as a camera, is authenticated based on a request received from an authenticated application. The application can request an application server to provide the application with a one-time authorization code. The request includes the device identifier associated with the camera. The server stores an association between the one-time authorization code and the device identifier of the camera, and provides the application with the one-time authorization code. The application provides the camera with the one-time authorization code. The camera transmits a request for an access token to the server, the request for the access token including the one-time authorization code and the device identifier associated with the camera. The server verifies the device identifier associated with the camera with that associated with the one-time authorization code, and upon a positive verification authenticates the camera by providing the camera with the access token.

Abstract: Certain embodiments described herein are generally directed to enabling a group of host machines within a network to securely communicate an unknown unicast packet. In some embodiments, a key policy is defined exclusively for the secure communication of unknown unicast packets. The key policy is transmitted by a central controller to the group of host machines for negotiating session keys among each other when communicating unknown unicast packets.

Abstract: The present application discloses an Internet of Things (IoT) system, comprising a cloud account server, configured to manage user accounts corresponding to the users respectively, wherein the users comprise a first user; a plurality of IoT devices, communicating with the cloud account server respectively, wherein the plurality of IoT devices including a first IoT device corresponding to the first user, and the first IoT device preserves a first authorization list set by the first user; and a plurality of peripheral devices, including a first peripheral device connected to or communicating with the first IoT device. The first IoT device determines whether other users possess a first authority to access the first peripheral device based on the first authorization list.

Abstract: Systems and techniques are described for a centralized management system operating within a virtual machine which configures, monitors, analyzes, and manages an adaptive private network (APN) to provide a discovery process that learns about changes to the APN through a network control node (NCN) that is a single point of control of the APN. The discovery process automatically learns a new topology of the network without relying on configuration information of nodes in the APN. Network statistics are based on a timeline of network operations that a user selected to review. Such discovery and timeline review is separate from stored configuration information. If there was a network change, the changes either show up or not show up in the discovery process based on the selected time line. Configuration changes can be made from the APN VM system by loading the latest configuration on the APN under control of the NCN.

Abstract: Systems and methods for detecting and thwarting attacks on a computing system. The methods comprise: collecting timestamped data from different software products comprising a unified end point management product, an SBC/ADV product, an application delivery controller product, a content collaboration product, and/or a software defined WAN product; analyzing the collected timestamped data to determine if an observed user behavior matches a learned normal user behavior of an authorized user associated with a user account; determining a risk classification level associated with a credential used by a user to log into the user account, when the observed user behavior does not match the learned normal user behavior of the authorized user; and causing at least one security related action to be performed when the risk classification level is greater than a threshold level or the risk classification level is one of a top N highest risk classification levels.

Abstract: This document discloses a solution for enabling biometric authentication of a station. According to an aspect, the solution comprises transmitting, from the station, a trigger to include biometric data of a user of the station in authentication; a logic at a network node to handle the trigger and cause execution of an authentication procedure that employs the biometric data when performing said authentication procedure in a wireless access network; and indicating a result of the authentication to the station.